Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FBI Moneypak, computer can't function.. [Closed]

Started by drewdreworld , Dec 19 2012 03:24 PM

  • This topic is locked This topic is locked

#1
drewdreworld
Posted 19 December 2012 - 03:24 PM

drewdreworld

    Member

  • Member
  • PipPip
  • 90 posts
Posting this from my primary desktop, my secondary desktop is (typically) heavily used still though. I noticed it had been running slow as of late and if I looked at processes I could see multiple iexplorer.exe tasks, even though I never open internet explorer myself.. only firefox on that pc. Anyway, it's running windows XP. And I definitely have the FBI Moneypak virus.. the second it boots up, it goes straight to the "pay us X amount of money to get this off your pc".. I also tried booting into safe mode (with and without networking), neither of which worked. Kinda at the end of my personal knowledge on anti-virus steps to deal with it. Any help would be much appreciated! =)
  • 0

Advertisements

#2
Aaron
Posted 20 December 2012 - 03:44 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi, welcome to Geeks to Go ;) !
I'm Aaron and I will be helping you with your problem(s).

Before we start I need to mention a few things:
  • Please post all the requested logs directly in your reply, do not attach or put them in Quote/Code boxes unless asked to.
  • Try to reply every day please, I'll try to do the same. If this topic is inactive for 3 days, then it will be closed.
  • Note that removing malware is not instantaneous, I requires a specific process to be removed completely. Running antimalware removal tools I didn't ask for might slow this process down.
  • If you have any questions, don't hesitate to ask!

HitmanPro.Kickstart is a tool that's easy to use to remove this type of infections. You only need an empty USB drive (you will lose all data on it as it will be formatted) and an other computer to place the tool on the USB drive. A how-to can be found on the site itself: http://www.surfright.nl/en/kickstart with download links and video tutorials. After this, depending on the result, we will either check you computer for leftovers or use other tools to remove this malware.

Please tell me if it worked or not.

- Maser00
  • 0

#3
drewdreworld
Posted 20 December 2012 - 04:01 PM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Hey Aaron, I appreciate your help =)

So I finally found my boot options menu on my extremely dated HP computer (I needed to be hitting esc apparently xD).. and figured out the USB port I had the flash drive plugged into wasn't working. But now my computer is showing this "autochk program not found -- skipping AUTOCHECK" message and won't boot up to the desktop itself at all.. I could've screwed something up when I was looking for the boot options =\ I was pretty careful about not saving any changes.. I did force-shut down the computer (holding the power button) a few times when I was trying to find the boot menu.

Once it shows the first major Windows XP load screen it goes into that autochk program not found message and then shuts itself down and reboots. I can see a black screen with two lines of white text for a split second before it shuts itself down. But its practically immediately after the autochk message. With or without the USB drive being used =\ I'm so lost and confused. I also installed the usb flash drive using the 64 bit (because my working computer required it) but I'm not sure if the infected is 32 or 64 bit.

Edit: I went into the recovery console or something looking for the bios startup I'm afraid me force-shutting it down while that was going on could've triggered the autocheck message =\

Edited by drewdreworld, 20 December 2012 - 04:54 PM.

  • 0

#4
Aaron
Posted 20 December 2012 - 05:05 PM

Aaron

    Expert

  • Expert
  • 3,155 posts

But now my computer is showing this "autochk program not found -- skipping AUTOCHECK" message and won't boot up to the desktop itself at all.. I could've screwed something up when I was looking for the boot options =\ I was pretty careful about not saving any changes.. I did force-shut down the computer (holding the power button) a few times when I was trying to find the boot menu.

Maybe your computer doesn't support booting from USB. That autocheck is performed automatically when the computer was shut down by holding the power button. It checks the hard drives for problems when it was forced to shut down last time. Normally, this isn't a problem, but it seems the file is missing.

But no problem, we have other ways. Let's use another tool, it's more powerful and I'll also be able to disable this autocheck. So let's remove the malware I can with this program, disable this autocheck and then - when the computer is bootable again - I'll fix those missing files and remove malware leftovers:

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Quick Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#5
Aaron
Posted 24 December 2012 - 05:37 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Still with me?
  • 0

#6
drewdreworld
Posted 24 December 2012 - 09:57 PM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
yessir, I'm very sorry, I have been away from my house for the last three days, I am going to burn the program onto the disc in a couple of minutes and get back to you once I have results from it. Thanks much for your time =)
  • 0

#7
Aaron
Posted 25 December 2012 - 05:04 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Ok ;)
  • 0

#8
drewdreworld
Posted 25 December 2012 - 08:09 PM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Had some error message balloon at the bottom right saying the otlpen.exe or something was "corrupt" but I figured that was just something caused by it booting off the CD. in any case, finally, here's the results of it. Thank you much again for your patience and help =)

OTL logfile created on: 12/25/2012 8:55:43 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.45 Gb Total Space | 14.42 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive I: | 4.45 Gb Total Space | 0.37 Gb Free Space | 8.31% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (NecUsb3)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/11/05 14:47:18 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/10/26 22:31:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/07 16:34:56 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/09 23:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/16 22:38:13 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/11 21:10:51 | 000,266,240 | ---- | M] () [Auto] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] () [On_Demand] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] () [Auto] -- C:\WINDOWS\System32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] () [Disabled] -- C:\WINDOWS\System32\alrsvc.dll -- (Alerter)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/08/27 09:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/06/18 08:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) [Auto] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/02/04 07:22:30 | 000,181,312 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (Sunkfiltp)
DRV - File not found [Kernel | On_Demand] -- -- (SunkFilt)
DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | System] -- -- (SASDIFSV)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | Boot] -- -- (PxHelp20)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (mrtRate)
DRV - File not found [Kernel | On_Demand] -- -- (ltmodem5)
DRV - File not found [Kernel | On_Demand] -- -- (ialm)
DRV - File not found [Kernel | On_Demand] -- -- (ECSIoDriver_1_1_0_0)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - File not found [Kernel | Unavailable] -- -- (79010)
DRV - File not found [Kernel | Unavailable] -- -- (60222)
DRV - File not found [File_System | Boot] -- -- (49076043)
DRV - File not found [Kernel | On_Demand] -- -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - File not found [Kernel | On_Demand] -- -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008/04/13 14:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 14:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/01/11 16:09:13 | 000,016,224 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2005/11/10 09:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/08/17 14:43:20 | 000,330,240 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\zd1211bu.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/06/08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\brgsp50.sys -- (BRGSp50)
DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/04/19 14:42:00 | 000,035,143 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\MpFireWl.VXD -- (MPFIREWL)
DRV - [2003/12/12 09:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxsens.sys -- (ALCXSENS)
DRV - [2003/12/06 05:13:42 | 000,429,440 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/05 19:25:54 | 000,011,392 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/07 22:00:00 | 000,035,328 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/09/02 16:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2003/06/18 08:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2003/06/18 08:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2003/06/18 08:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2003/06/18 08:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2003/06/18 08:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/06/18 08:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2003/04/22 00:18:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/01/09 00:12:46 | 000,068,672 | R--- | M] (2Wire, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\2wirepcp.sys -- (2WIREPCP)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\r8139n51.sys -- (rtl8139)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://gsw8.view.us...tate University
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 9C 3A 3C BE 85 CC 01 [binary data]
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2298: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 22:31:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/26 22:31:26 | 000,000,000 | ---D | M]

[2006/08/08 16:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\77t67ucd.default\extensions
[2012/10/26 22:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 22:31:23 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/10/26 22:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\components
File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2012/10/26 22:31:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/01/15 12:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 00:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2008/01/23 01:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2006/05/16 16:54:15 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/10/13 05:30:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/13 05:30:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/26 21:18:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\Guest_ON_C\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll ()
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll ()
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll ()
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\UpdatusUser_ON_C\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\UpdatusUser_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll ()
O3 - HKU\UpdatusUser_ON_C\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Guest_ON_C..\Run: [AOL Fast Start] File not found
O4 - HKU\Guest_ON_C..\Run: [RecordNow!] File not found
O4 - HKU\Owner_ON_C..\Run: [] C:\Documents and Settings\Owner\uxvwaspycbpugaknw.exe ()
O4 - HKU\Owner_ON_C..\Run: [SCC] C:\Documents and Settings\Owner\Local Settings\Application Data\SCC\tjbxtyil.dll (VDOnet Corp.)
O4 - HKU\Owner_ON_C..\Run: [Spotify Web Helper] C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\UpdatusUser_ON_C..\Run: [RecordNow!] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...sa/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.2.1.87.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1316033239015 (WUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} http://www.fastacces...bls_speedop.cab (BLS_SpeedOP.systemcheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://www.windowsec...scan/axscan.cab (ASquaredScanForm Element)
O16 - DPF: {C2CFE28D-36EA-4E38-A9E6-092E3C95070C} https://www.info1onl...asp?LOSType=151 (I1POINT.BorrowerList)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} http://www.stopzilla...ller/dwnldr.cab (Downloader Class)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...sa/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NecUsb3Sevices: DllName - - File not found
O20 - Winlogon\Notify\USB3Sw32: DllName - - File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/20 20:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/12/10 02:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2012/12/10 02:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VIO Player
[2012/12/10 02:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\VIO Player
[2012/12/09 23:39:04 | 002,002,944 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2012/11/30 22:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/11/26 21:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/11/26 21:18:54 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/11/26 21:18:02 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2012/11/26 00:06:42 | 000,151,552 | ---- | C] (ABC Ltd.) -- C:\Documents and Settings\Owner\wgsdgsdgdsgsd.exe
[2010/08/11 21:09:56 | 001,715,904 | ---- | C] (ArtistScope) -- C:\Program Files\Synapse_FX_42.exe
[2006/01/08 16:42:31 | 004,057,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmfdist.exe
[2005/11/28 17:07:13 | 034,412,848 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[2005/08/10 09:56:15 | 015,591,520 | ---- | C] (ACD Systems Ltd. ) -- C:\Program Files\acdsee.exe
[2005/07/04 22:47:38 | 002,439,339 | ---- | C] (SoftTech InterCorp ) -- C:\Program Files\imgconvert.exe

========== Files - Modified Within 30 Days ==========

[2012/12/20 17:00:22 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 17:00:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/20 05:26:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/20 05:26:05 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/12/20 05:25:40 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/20 05:04:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/19 16:14:11 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerResumeInstall_Owner.job
[2012/12/10 14:40:32 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\Owner\uxvwaspycbpugaknw.exe
[2012/12/10 14:40:32 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Owner\icsiddnsmqngbidwfep.exe
[2012/12/10 02:31:57 | 000,195,551 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/12/10 02:31:56 | 000,194,762 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/12/10 02:18:17 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIO Player.lnk
[2012/12/10 02:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VIO Player
[2012/12/09 23:54:36 | 000,000,382 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2012/12/09 23:53:20 | 000,181,808 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012/12/09 23:53:20 | 000,022,064 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012/12/09 23:39:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/12/09 23:39:05 | 002,002,944 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2012/12/08 17:31:11 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word 2010 (2).lnk
[2012/12/04 18:10:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/12/04 07:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/30 12:59:31 | 000,151,552 | ---- | M] (ABC Ltd.) -- C:\Documents and Settings\Owner\wgsdgsdgdsgsd.exe
[2012/11/26 21:18:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/11/26 21:17:58 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe

========== Files Created - No Company Name ==========

[2012/12/10 14:40:32 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Owner\icsiddnsmqngbidwfep.exe
[2012/12/10 14:40:31 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\Owner\uxvwaspycbpugaknw.exe
[2012/12/10 02:18:17 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIO Player.lnk
[2012/12/09 23:54:35 | 000,000,382 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2012/12/09 23:53:20 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/12/09 23:53:20 | 000,022,064 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/12/09 23:52:46 | 000,195,551 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/12/09 23:52:32 | 000,194,762 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/12/09 23:39:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/11/17 08:31:35 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Owner\mvrlbiawifjfihaapsw.exe
[2012/11/17 08:31:33 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Owner\afmwcxuriswrohczbcqurm.exe
[2012/05/28 10:53:36 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Owner\webct_upload_applet.properties
[2012/05/13 21:18:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/02/26 21:46:38 | 000,014,536 | ---- | C] () -- C:\Documents and Settings\UpdatusUser\ml1.srt
[2012/02/26 21:46:38 | 000,014,226 | ---- | C] () -- C:\Documents and Settings\UpdatusUser\ml2.srt
[2012/02/26 21:46:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\UpdatusUser\Local Settings\Application Data\fusioncache.dat
[2012/02/16 12:43:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/03 03:31:17 | 000,003,522 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\dwm040ms2amk03bg2q380l2aiyoku0je3fton
[2012/01/03 03:31:17 | 000,003,522 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dwm040ms2amk03bg2q380l2aiyoku0je3fton
[2011/11/25 06:57:33 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/24 09:41:50 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/24 09:41:50 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/18 04:47:42 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/24 13:51:30 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/24 13:44:54 | 000,293,312 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/24 13:44:44 | 000,293,312 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/24 13:44:44 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/03 00:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/12 14:37:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2011/06/02 20:08:38 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/06 16:33:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/11 21:10:51 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/04/23 02:00:03 | 000,000,005 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/04/23 02:00:03 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/12/16 06:27:40 | 000,037,576 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/02 01:37:26 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/30 21:14:21 | 000,056,845 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2008/03/07 01:11:25 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/04/13 12:31:03 | 000,103,984 | ---- | C] () -- C:\WINDOWS\System32\AOLDial.dll
[2007/03/16 01:36:36 | 000,146,839 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Cosmos Prefs
[2006/08/08 16:33:41 | 000,014,536 | ---- | C] () -- C:\Documents and Settings\Guest\ml1.srt
[2006/08/08 16:33:41 | 000,014,226 | ---- | C] () -- C:\Documents and Settings\Guest\ml2.srt
[2006/08/08 16:33:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
[2006/05/09 23:14:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/05/04 00:34:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\asuninst.exe
[2006/04/28 18:03:52 | 000,012,486 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/06 12:16:20 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/02/13 17:47:43 | 010,284,336 | ---- | C] () -- C:\Program Files\Avast Setup.exe
[2006/02/11 18:24:15 | 001,847,742 | ---- | C] () -- C:\Program Files\InstallSB.exe
[2006/01/22 21:59:28 | 000,045,540 | ---- | C] () -- C:\Program Files\untitled image
[2006/01/08 16:40:15 | 011,284,970 | ---- | C] () -- C:\Program Files\cdbxp_setup_3.0.116.zip
[2005/12/11 23:53:42 | 000,937,001 | ---- | C] () -- C:\Program Files\slsk156c.exe
[2005/12/10 22:19:28 | 001,014,477 | ---- | C] () -- C:\Program Files\wrar351.exe
[2005/12/10 15:41:58 | 003,620,864 | ---- | C] () -- C:\Program Files\Final_Fantasy_7_TurksInPursuit_OC_ReMix.mp3
[2005/12/10 15:40:40 | 004,630,453 | ---- | C] () -- C:\Program Files\Final_Fantasy_7_FightOn_OC_ReMix.mp3
[2005/12/10 15:34:10 | 004,168,636 | ---- | C] () -- C:\Program Files\zelda.mp3
[2005/11/30 17:39:07 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/17 17:37:27 | 000,002,506 | ---- | C] () -- C:\Documents and Settings\Owner\Ebay2.html
[2005/11/17 17:27:48 | 000,002,675 | ---- | C] () -- C:\Documents and Settings\Owner\ebay.html
[2005/11/15 23:38:00 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/11/06 14:28:04 | 000,010,930 | ---- | C] () -- C:\Program Files\mariel's senior outlne.htm
[2005/11/04 21:47:35 | 000,001,619 | ---- | C] () -- C:\Program Files\Baja.jpg
[2005/10/31 19:10:12 | 002,298,775 | ---- | C] () -- C:\Program Files\jcrea350.zip
[2005/08/20 13:07:12 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/08/17 23:07:05 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/08/12 22:24:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/07/04 22:48:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AltST.dll
[2005/03/31 10:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/03/04 14:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/12/18 22:12:27 | 000,007,376 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/17 13:51:03 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2004/12/14 14:33:41 | 000,000,335 | ---- | C] () -- C:\WINDOWS\IN1LOS151.ini
[2004/12/12 16:31:05 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\aamd532.dll
[2004/12/12 16:09:01 | 000,000,181 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/12/12 16:09:01 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/12/10 11:36:59 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2004/12/10 11:35:48 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2004/12/10 11:35:33 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2004/12/10 11:35:30 | 000,803,680 | ---- | C] () -- C:\WINDOWS\System32\AXDIST.EXE
[2004/12/10 11:35:23 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2004/12/10 11:35:23 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2004/12/10 11:21:44 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\EmbeddedDX.dll
[2004/12/10 11:21:44 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2004/12/10 11:21:44 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2004/12/10 11:21:44 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2004/12/10 11:21:44 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2004/12/10 11:21:11 | 000,001,315 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2004/11/14 19:44:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/26 17:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/20 21:10:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2004/09/19 09:41:34 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\3dfx_3d.dll
[2004/08/26 21:02:59 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2004/08/26 21:02:55 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2004/08/17 17:47:21 | 000,000,490 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/08/15 20:57:30 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2004/08/05 16:49:12 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/08/05 16:49:12 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/06/09 19:08:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2004/05/09 00:47:37 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2004/04/29 21:22:45 | 000,199,168 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
[2004/04/26 19:13:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/04/26 16:21:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2004/04/26 16:21:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2004/04/26 16:13:25 | 000,007,287 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/04/26 16:12:59 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/03/30 15:47:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\nl_msgs.dll
[2004/03/30 15:47:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\nl_msgc.dll
[2004/02/26 13:20:16 | 000,065,588 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/02/12 15:45:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/02/12 15:45:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/02/12 15:45:04 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/02/12 15:45:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/02/12 15:44:48 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\capesnpn.dll
[2004/02/12 15:44:48 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\camocx.dll
[2004/02/12 15:44:48 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cacls.exe
[2004/02/12 15:44:47 | 000,078,336 | ---- | C] () -- C:\WINDOWS\System32\browsewm.dll
[2004/02/12 15:44:47 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\browselc.dll
[2004/02/12 15:44:46 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\bidispl.dll
[2004/02/12 15:44:45 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\avifil32.dll
[2004/02/12 15:44:45 | 000,052,736 | ---- | C] () -- C:\WINDOWS\System32\basesrv.dll
[2004/02/12 15:44:45 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\batmeter.dll
[2004/02/12 15:44:45 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\batt.dll
[2004/02/12 15:44:44 | 000,602,624 | ---- | C] () -- C:\WINDOWS\System32\autoconv.exe
[2004/02/12 15:44:44 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\authz.dll
[2004/02/12 15:44:44 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\audiosrv.dll
[2004/02/12 15:44:44 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\atmlib.dll
[2004/02/12 15:44:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\attrib.exe
[2004/02/12 15:44:44 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\autolfn.exe
[2004/02/12 15:44:44 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\atmadm.exe
[2004/02/12 15:44:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\asycfilt.dll
[2004/02/12 15:44:43 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\at.exe
[2004/02/12 15:44:40 | 000,125,952 | ---- | C] () -- C:\WINDOWS\System32\apphelp.dll
[2004/02/12 15:44:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ahui.exe
[2004/02/12 15:44:40 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\alg.exe
[2004/02/12 15:44:40 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\alrsvc.dll
[2004/02/12 15:44:38 | 000,263,680 | ---- | C] () -- C:\WINDOWS\System32\adsnt.dll
[2004/02/12 15:44:38 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\adsldp.dll
[2004/02/12 15:44:38 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\adsldpc.dll
[2004/02/12 15:44:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\adsmsext.dll
[2004/02/12 15:44:37 | 000,193,536 | ---- | C] () -- C:\WINDOWS\System32\activeds.dll
[2004/02/12 15:44:37 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\aclui.dll
[2004/02/12 15:44:37 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\actxprxy.dll
[2004/02/12 15:44:37 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\actmovie.exe
[2004/02/12 15:21:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/02/12 15:21:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/02/12 15:21:29 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/02/12 15:21:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/02/12 15:21:17 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/22 11:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2004/01/22 04:26:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/22 04:26:02 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/21 15:21:08 | 001,025,024 | ---- | C] () -- C:\WINDOWS\System32\browseui.dll
[2004/01/21 05:04:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 04:52:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/20 23:04:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/01/20 23:02:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/20 22:59:54 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2004/01/20 22:56:41 | 000,030,197 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/20 22:56:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/20 22:55:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/20 22:42:36 | 000,000,600 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/20 22:34:02 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/20 22:12:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\accwiz.exe
[2004/01/20 21:54:01 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2004/01/20 21:53:56 | 000,018,341 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2004/01/20 21:53:56 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2004/01/20 21:47:44 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2004/01/20 21:47:44 | 000,028,885 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2004/01/20 21:39:28 | 000,015,415 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2004/01/20 21:39:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2004/01/20 21:30:23 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2004/01/20 21:30:23 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2004/01/20 21:21:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/20 21:14:41 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/01/20 21:10:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/01/20 21:10:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/01/20 21:10:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/01/20 20:50:53 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\blackbox.dll
[2004/01/20 20:50:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\asferror.dll
[2004/01/20 20:47:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/20 20:38:07 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/20 20:38:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/20 20:37:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/20 20:36:28 | 000,014,536 | ---- | C] () -- C:\Documents and Settings\Owner\ml1.srt
[2004/01/20 20:36:28 | 000,014,226 | ---- | C] () -- C:\Documents and Settings\Owner\ml2.srt
[2004/01/20 20:20:37 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/20 20:18:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/20 20:14:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/20 19:05:12 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/20 19:04:38 | 000,434,964 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/20 19:04:38 | 000,069,124 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/20 19:04:01 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\cabinet.dll
[2004/01/20 19:03:59 | 000,588,800 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe
[2004/01/20 19:03:59 | 000,580,608 | ---- | C] () -- C:\WINDOWS\System32\autofmt.exe
[2004/01/20 12:09:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/20 12:08:48 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/05/16 00:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
[2003/03/27 14:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/03/07 01:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/02/04 07:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2002/12/05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/04/16 10:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/04/16 10:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2002/04/16 10:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/09/08 15:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2006/02/14 16:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2006/08/08 16:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Aim
[2006/08/08 16:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG7
[2004/01/21 04:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\interMute
[2007/06/15 07:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\NCH Swift Sound
[2007/06/15 07:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\RecordPad
[2004/01/20 23:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2007/06/15 07:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Viewpoint
[2011/10/02 17:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Babylon
[2011/07/08 02:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2005/12/05 20:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2005/08/10 09:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2005/12/05 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2012/02/06 01:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/03/14 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2011/10/02 07:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2011/08/03 04:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Crayon Physics Deluxe
[2007/03/13 23:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Helios
[2006/05/25 23:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2004/04/26 20:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/07/27 15:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Keynote Systems
[2004/06/25 01:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/01/23 16:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LockTime
[2005/09/24 08:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lycos
[2008/07/30 02:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2006/09/27 22:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ourTunes
[2012/12/10 02:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2007/03/15 16:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RecordPad
[2011/11/15 18:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RIFT
[2004/01/20 23:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/06/04 03:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
[2012/11/15 22:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spotify
[2010/08/22 05:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StealthBot
[2004/05/01 15:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STOPzilla!
[2010/01/27 19:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Subversion
[2010/06/03 18:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2012/05/11 14:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Systweak
[2005/11/14 00:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/06/01 15:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2012/12/10 00:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/06/15 07:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2012/03/04 11:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\wsInspector
[2004/01/21 04:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\interMute
[2004/01/20 23:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\SampleView
[2009/07/29 16:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/14 18:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2011/10/02 23:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/11/30 22:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2006/05/09 23:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/09/12 14:37:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/02/28 02:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2007/03/15 16:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/07/29 16:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/17 03:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/12/04 18:10:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/12/19 16:14:11 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\ReclaimerResumeInstall_Owner.job
[2011/12/22 06:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job

========== Purity Check ==========


< End of report >

Edit: It didn't end up asking me what drive windows was on or anything so I'm guessing it auto-detected it? xD

Edited by drewdreworld, 25 December 2012 - 08:09 PM.

  • 0

#9
Aaron
Posted 26 December 2012 - 04:48 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
This is one infected computer :whistling: Honestly I think you should better format and reinstall Windows. From what I see in this log there are quite a few problems, this computer hasn't been formatted since -I think- 2006, but you have been infected so many times you shouldn't trust it anymore. There are so much leftovers from old software on this machine, it's just a mess.

If you want to format, I'll help you how and how to backup your data. If you don't want to format, follow these steps:

There are some software you should remove ASAP:

Vieuwpoint
Mcaffee (with the removal tool)
Bitcomet
VIO Player

But first this OTL fix:

Copy the attached Fix.txt to a USB
Start OTLPE as you did previously from CD

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt Attached File  fix.txt   2.33KB   151 downloads into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible

Then, if you can boot normally:

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#10
drewdreworld
Posted 26 December 2012 - 03:43 PM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Upon running the fix I got an error message saying "The application has failed to start because MSVCR100.dll was not found. Re-installing the application may fix the problem."

I'm not completely opposed to reformatting but the computer is primarily my mother's and I know she has hundreds (or more) pictures on it she "needs" and probably a good amount of documents as well. I'm also not positive if I have a physical copy of windows or other programs on it (office, etc).

It definitely appeared OTL ran for a while, though, and it said I should reboot when it finished but it didn't automatically reboot on its own like I expected it to. I guess I need to remove the CD from the drive to get it to reboot in normal mode? I'm pretty sure it's rebooting into Reatogo again.. I won't interrupt it though, as I'm afraid of what might happen lol.
  • 0

Advertisements

#11
Aaron
Posted 26 December 2012 - 03:50 PM

Aaron

    Expert

  • Expert
  • 3,155 posts

I'm not completely opposed to reformatting but the computer is primarily my mother's and I know she has hundreds (or more) pictures on it she "needs" and probably a good amount of documents as well. I'm also not positive if I have a physical copy of windows or other programs on it (office, etc).

You can create a new partition an your hard drive and put all data that needs to be saved there like documents and photo's. Then you can format your Windows partition and re-install it without any loss of your files on that other partition.

It definitely appeared OTL ran for a while, though, and it said I should reboot when it finished but it didn't automatically reboot on its own like I expected it to. I guess I need to remove the CD from the drive to get it to reboot in normal mode? I'm pretty sure it's rebooting into Reatogo again.. I won't interrupt it though, as I'm afraid of what might happen lol.
0 Rep +

Try removing the cd when the computer is shutting down and before it's booting, or you could change the boot order in the BIOS. Let's see if it boots normal now.
  • 0

#12
drewdreworld
Posted 26 December 2012 - 03:53 PM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Okay so I removed the disc while I was going to hit the shut down button and it froze (at reatogo, I'm assuming because it was reading everything off the disc) =\ sooo I physically shut it down.. and booted it back up.. and it went back to the autocheck not found message and sat in the loop of loading up to the point of that message and then restarting itself
  • 0

#13
Aaron
Posted 26 December 2012 - 04:11 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
If you boot normally, before Windows is loading, do you see this: http://support.micro...ges/2586042.png
Is the recovery console available ?

If it is, select it and enter these commands, then try booting again (enter/return after each command):
fixmbr
fixboot
exit
  • 0

#14
drewdreworld
Posted 26 December 2012 - 04:28 PM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
It's asking me which windows installation would I like to log into so I was assuming C:\WINDOWS since that's the only one that clearly states windows (The others being D:\MiniNT or D:\I386)

once I chose the C:\Windows I typed in fixmbr and it's saying..
"CAUTION

This computer appears to have a non-standard or invalid master boot record. FIXMBR may damage your partition tables if you proceed. This could cause all the partitions on the current hard disk to become inaccessible. Are you sure you want to write a new MBR?"

I'm assuming I should say yes or y or something but I wanted to double check first =\
  • 0

#15
Aaron
Posted 26 December 2012 - 04:35 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
C:\Windows is the right one, but to be sure it won't mess up the partitions I'm going to ask the some other staff member their opinions.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP