Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RECYCLER virus removal from USB pendrive [Closed]

Started by Virus_man , Jun 29 2013 01:42 PM

This topic is locked

#1
Virus_man

Posted 29 June 2013 - 01:42 PM

New Member

Member
1 posts

Hi, there seems to be a RECYCLER.exe virus on my USB pendrive. I cannot open registry editor, msconfig and cmd prompt, they keep closing after a second or two. Dosent' show any error message. On the pendrive the following files are present.
1. RECYCLER folder
2. music.exe
3. New folder
I could not delete either of the three. Recycler kept on making another folder after I deleted one, music.exe could not be deleted because it was being used by the other disk drives. I noticed a process on my task manager "RECYCLER.exe". Because of this I cannot add any data onto my USB stick, also my computer has become slow.

I ran 'Autorun exterminator 1.8' first when the stick was not inserted, it found three autorun.inf files on my drives and deleted them. Then when i ran it with the pen drive inserted, it kept on finding autorun.inf files..deleting some, and finding some more. Nonetheless it did not solve the problem since i still couldnt open cmd ,task manager, etc.

The infection was most probably gotten from the pendrive. I could not format the USB pen drive.
P.S: I have no antivirus programs running.

OTL log posted below:

OTL logfile created on: 6/30/2013 12:57:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 176.83 Mb Available Physical Memory | 17.43% Memory free
3.87 Gb Paging File | 3.02 Gb Available in Paging File | 77.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 20.93 Gb Free Space | 42.87% Space Free | Partition Type: NTFS
Drive D: | 87.89 Gb Total Space | 82.64 Gb Free Space | 94.03% Space Free | Partition Type: NTFS
Drive E: | 96.17 Gb Total Space | 79.26 Gb Free Space | 82.43% Space Free | Partition Type: NTFS
Drive I: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LENOVO-A17F4D0E | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/30 00:36:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2013/06/15 06:58:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/06/08 02:25:30 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Documents and Settings\Administrator\Application Data\WebCake\WebCakeDesktop.exe
PRC - [2013/06/08 02:25:30 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013/06/01 01:12:08 | 002,159,696 | ---- | M] (PC Gizmos) -- C:\Documents and Settings\Administrator\Application Data\PC-Gizmos\PC_136519.en_77.exe
PRC - [2011/03/16 16:51:16 | 011,747,328 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\App.exe
PRC - [2011/01/15 16:07:18 | 003,263,631 | RH-- | M] () -- C:\Documents and Settings\Administrator\Application Data\taskhost.exe
PRC - [2010/11/08 15:47:14 | 000,512,000 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
PRC - [2010/08/06 18:15:10 | 000,303,104 | -HS- | M] () -- C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
PRC - [2010/08/06 18:15:10 | 000,303,104 | -HS- | M] () -- C:\Program Files\Windows Alerter\WinAlert.exe
PRC - [2010/08/06 18:15:10 | 000,303,104 | -HS- | M] () -- C:\Program Files\Windows Common Files\Commgr.exe
PRC - [2010/05/13 14:53:30 | 000,047,104 | ---- | M] (Inside Core) -- C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EXa0.882\AutoRunExterminator.exe
PRC - [2007/06/13 15:53:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/11 21:31:20 | 001,368,064 | ---- | M] (Lenovo (Beijing) limited) -- C:\Program Files\Lenovo\EnergyCut\utilty.exe
PRC - [2006/06/07 17:05:38 | 000,553,021 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2006/06/07 16:57:46 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/15 06:58:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/15 06:58:41 | 013,140,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/15 06:58:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/15 06:57:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2012/06/29 16:06:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
MOD - [2012/06/29 16:05:36 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/29 16:05:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2012/06/28 23:45:33 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2012/06/28 23:45:26 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
MOD - [2012/06/28 23:45:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
MOD - [2012/06/28 23:41:49 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2012/06/28 23:41:25 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2012/06/28 23:40:39 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/28 23:40:32 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/03/16 16:51:16 | 011,747,328 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\App.exe
MOD - [2011/03/16 16:51:02 | 000,176,128 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfXCommWrapper.dll
MOD - [2011/03/16 16:51:00 | 000,049,152 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfCustomization.dll
MOD - [2011/03/15 16:27:54 | 000,438,272 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfXComm.dll
MOD - [2011/03/15 16:27:42 | 000,102,400 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfWaveLib.dll
MOD - [2011/03/15 16:27:40 | 000,053,248 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfLogService.dll
MOD - [2011/03/15 16:27:36 | 000,081,920 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfDeviceHW.dll
MOD - [2011/03/15 16:27:36 | 000,040,960 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfRasWrapper.dll
MOD - [2011/03/15 16:27:30 | 000,196,608 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfHelper.dll
MOD - [2011/03/15 16:27:26 | 000,013,312 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfSoundPlayLib.dll
MOD - [2011/03/15 16:27:26 | 000,013,312 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfSerialPort.dll
MOD - [2011/03/15 16:27:24 | 000,019,456 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfThreading.dll
MOD - [2011/01/15 16:07:18 | 003,263,631 | RH-- | M] () -- C:\Documents and Settings\Administrator\Application Data\taskhost.exe
MOD - [2010/11/08 15:47:14 | 000,512,000 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
MOD - [2010/11/04 09:40:10 | 000,971,776 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\libxml2.dll
MOD - [2010/11/04 09:40:10 | 000,290,904 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\libxslt.dll
MOD - [2010/11/04 09:40:10 | 000,073,728 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zlib1.dll
MOD - [2007/04/06 13:50:52 | 000,466,944 | ---- | M] () -- C:\Program Files\Lenovo\EnergyCut\blueCtrldll.dll
MOD - [2006/11/05 19:56:56 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\EnergyCut\KbdHook.dll
MOD - [2006/06/07 17:07:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2004/08/04 17:30:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/04 17:30:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Documents and Settings\Administrator\Application Data\WebCake\WebCakeDesktop.exe -- (WebCake Desktop Updater)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/05/30 14:03:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/08 15:47:14 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2006/06/07 16:57:46 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/06/29 07:16:00 | 023,273,472 | R-S- | M] (Garena Online PTE LTD) [Auto | Stopped] -- C:\WINDOWS\system32\Rpcqt.dll -- (RPCQT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/20 12:47:57 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/03/18 21:38:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/04 09:40:50 | 000,105,472 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/06/16 18:15:52 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/22 01:10:16 | 000,009,728 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2006/11/02 16:36:44 | 000,094,592 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 16:36:34 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/06/07 22:06:58 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/06/07 16:33:34 | 000,855,018 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/06/07 16:29:10 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/06/07 16:28:40 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/06/07 16:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/08/04 04:01:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [1996/04/04 01:03:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}
IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/se...tf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu..../406?appid=518"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7BC4A4F5A0-4B89-4392-AFAC-D58010E349AF%7D:5.0.0.7254
FF - prefs.js..extensions.enabledAddons: %7B2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca%7D:1.0.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://dts.search-re...&o=APN10645&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/08/16 19:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/06/02 16:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions
[2013/05/26 12:24:00 | 000,000,000 | ---D | M] (New Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
[2006/08/13 20:47:42 | 000,000,000 | ---D | M] (Berowisse22save) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions\[email protected]
[2006/08/19 05:31:03 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions\[email protected]
[2013/06/20 12:48:49 | 000,000,000 | ---D | M] (WebCake) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions\[email protected]
[2013/05/02 19:43:05 | 000,346,768 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions\[email protected]
[2013/06/02 16:50:21 | 000,006,848 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions\{2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca}.xpi
[2013/05/30 14:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/30 14:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/30 14:03:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/18 15:12:13 | 000,002,646 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.searchnu.com/406?appid=518
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Funmoods = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WebCake = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: PC Gizmos = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpfhgnebikhafakgnbbdnpjigaohhgnh\1.0.0.7_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/07/19 18:32:07 | 000,000,812 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (Berowisse22save) - {3F6C6853-9842-E7B1-61AF-C93A77BE1F01} - C:\Documents and Settings\All Users\Application Data\Berowisse22save\514182ce3b217.dll ()
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (PC Gizmos BHO) - {A817C286-3D6B-4ECD-A99C-E44E50DBC523} - C:\Documents and Settings\Administrator\Application Data\PC-Gizmos\PCGizmosBHO.dll (PC Gizmos)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O4 - HKLM..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe (Lenovo (Beijing) limited)
O4 - HKLM..\Run: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe ()
O4 - HKLM..\Run: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe ()
O4 - HKLM..\Run: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe ()
O4 - HKLM..\Run: [Windows Task Host] C:\Documents and Settings\Administrator\Application Data\taskhost.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [GarenaPlus] "D:\Garena Plus\GarenaMessenger.exe" -autolaunch File not found
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKCU..\Run: [PC_GIZMOS] "C:\Documents and Settings\Administrator\Application Data\PC-Gizmos\PC_136519.en_77.exe" --update File not found
O4 - HKCU..\Run: [WebCake Desktop] C:\Documents and Settings\Administrator\Application Data\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKCU..\Run: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe ()
O4 - HKCU..\Run: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe ()
O4 - HKCU..\Run: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe ()
O4 - HKCU..\Run: [Windows Task Host] C:\Documents and Settings\Administrator\Application Data\taskhost.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 32
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA6F6C77-ABCB-4FF9-8FF4-2556A3B53196}: NameServer = 8.8.8.8 8.8.4.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/04 13:19:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/25 22:54:46 | 000,000,051 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1f629f28-d971-11e2-83bd-0019d2ad3761}\Shell - "" = AutoRun
O33 - MountPoints2\{1f629f28-d971-11e2-83bd-0019d2ad3761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f629f28-d971-11e2-83bd-0019d2ad3761}\Shell\AutoRun\command - "" = H:\Install.exe
O33 - MountPoints2\{1f629f33-d971-11e2-83bd-0019d2ad3761}\Shell - "" = AutoRun
O33 - MountPoints2\{1f629f33-d971-11e2-83bd-0019d2ad3761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f629f33-d971-11e2-83bd-0019d2ad3761}\Shell\AutoRun\command - "" = I:\Install.exe -- [2004/10/22 00:08:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{37acfb0a-e07b-11e2-83e3-0019d2ad3761}\Shell\Autoplay\Command - "" = G:\RECYCLER\EpAcMsU.exe
O33 - MountPoints2\{37acfb0a-e07b-11e2-83e3-0019d2ad3761}\Shell\AutoRun\command - "" = G:\RECYCLER\EpAcMsU.exe
O33 - MountPoints2\{37acfb0a-e07b-11e2-83e3-0019d2ad3761}\Shell\Explore\command - "" = G:\RECYCLER\EpAcMsU.exe
O33 - MountPoints2\{37acfb0a-e07b-11e2-83e3-0019d2ad3761}\Shell\Open\Command - "" = G:\RECYCLER\EpAcMsU.exe
O33 - MountPoints2\{8eb300c2-d722-11e1-bfee-00023feb95fe}\Shell\AutoRun\command - "" = H:\viewdrive.exe
O33 - MountPoints2\{8eb300c2-d722-11e1-bfee-00023feb95fe}\Shell\explore\command - "" = H:\viewDrive.exe
O33 - MountPoints2\{8eb300c2-d722-11e1-bfee-00023feb95fe}\Shell\open\command - "" = H:\viewDrive.exe
O33 - MountPoints2\{bc3692ca-0e22-11e2-80b4-0019d2ad3761}\Shell\AutoRun\command - "" = H:\viewdrive.exe
O33 - MountPoints2\{bc3692ca-0e22-11e2-80b4-0019d2ad3761}\Shell\explore\command - "" = H:\viewDrive.exe
O33 - MountPoints2\{bc3692ca-0e22-11e2-80b4-0019d2ad3761}\Shell\open\command - "" = H:\viewDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/29 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garena
[2013/06/29 14:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Garena Plus
[2013/06/29 12:16:48 | 000,000,000 | -HSD | C] -- C:\Program Files
[2013/06/29 10:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Warcraft III Reign of Chaos & The Frozen Throne
[2013/06/28 23:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Counter-Strike 1.6
[2013/06/28 05:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6
[2013/06/20 12:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\GTA San Andreas User Files
[2013/06/20 12:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake
[2013/06/20 12:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WebCake
[2013/06/20 12:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/06/20 12:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2013/06/20 12:47:43 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2013/06/20 12:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2013/06/20 12:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013/06/20 12:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/06/20 12:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\CureROM
[2013/06/20 12:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CureROM
[2013/06/20 12:01:22 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2013/06/20 11:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2013/06/19 00:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2013/06/19 00:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2013/06/19 00:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2013/06/19 00:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2013/06/18 22:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/06/10 11:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/30 00:57:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 00:04:24 | 001,537,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/30 00:04:24 | 000,707,894 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/30 00:00:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/30 00:00:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/29 23:59:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/29 15:05:24 | 000,045,194 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\room_v3.dat
[2013/06/29 14:00:21 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garena Plus.lnk
[2013/06/29 12:10:54 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Frozen Throne.lnk
[2013/06/29 12:10:54 | 000,000,502 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Warcraft III.lnk
[2013/06/28 23:44:52 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6.lnk
[2013/06/28 23:44:52 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Half-Life.lnk
[2013/06/26 23:51:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/20 12:47:57 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2013/06/20 12:04:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/06/20 12:01:22 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2013/06/19 00:00:59 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/06/19 00:00:59 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2013/06/07 17:04:52 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/01 01:12:10 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\uninstall.bat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/29 14:00:21 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garena Plus.lnk
[2013/06/29 10:49:39 | 000,000,505 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Frozen Throne.lnk
[2013/06/29 10:49:38 | 000,000,502 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Warcraft III.lnk
[2013/06/28 23:44:52 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6.lnk
[2013/06/28 23:44:52 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Half-Life.lnk
[2013/06/19 00:00:59 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/06/19 00:00:59 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2013/05/26 13:52:22 | 000,001,539 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/08/27 15:46:35 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 20:15:20 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\e6A.dat
[2012/08/02 20:13:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/06/27 21:15:43 | 003,263,631 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\taskhost.exe
[2012/06/26 11:43:18 | 000,356,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Garena1.exe
[2012/06/26 11:43:18 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yeqc.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xitroqxj.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xhepiahgu.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xdu.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xabxrnwognq.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\uaqqwmjt.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tgp.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\okbzdweogsf.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\netcd.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mxdvmytw.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kaddzumq.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jxqxva.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ifvbafbi.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hgdxppghmnp.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gbx.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dmtlsnues.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cntaml.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\aclcvmx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zzmbkjttcv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zyadeizbstq.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zvxuplfqaiv.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zmulmsalvp.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zmpm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zlvlgaoro.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zhbezzk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zgtn.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zbu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yztg.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ywcotf.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yruogei.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yqwnxmuqkr.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ynbpico.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yft.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yfguqg.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yfddtyco.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ybcwdcj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xrjmwls.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xratz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xnrwoffi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xkiazoygsu.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\xibfo.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xhxj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xhliavnncf.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xhi.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xei.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xbwudob.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xbeumyws.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wztapis.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wvpmojcpagc.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wvmaql.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wuienx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wtkvqxla.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wmcwjfwebcg.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wmaeoulj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wjjkwjxof.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wjd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wgfzxqxc.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vwx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vwvpxtf.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vuzy.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vtccpjjxhbl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vpymgh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vky.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vhgdwwy.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vexcv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vekhfmquvd.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\uvhkeoo.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\uuknvmo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\upqsk.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ujupkolaxz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\uilhoi.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\uhgxcxne.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ugh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\udixx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ubomomrwsdk.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tubh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tttpgilubhz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tmksiwyo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tjerrruiu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tixbprzs.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tgysztaa.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tcu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\szanch.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\swrosmstc.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\swmx.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\svh.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\surl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\sthnpbr.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\srt.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\sqrvkkbktxz.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\sntlrnm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\slfzi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\skjqlknoa.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\skcx.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\sjzadmi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\sfsz.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rzuc.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rvitifkhda.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ruwy.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rumiqlhw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rtsquze.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rpz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\rnni.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rnaxcorvnpm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rmkgnn.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\riffaw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rifbww.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rhw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rfbddh.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\refyhravcw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rckntimj.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rbou.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qzegqoobxiy.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qxbus.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qttwzyei.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qsopsnklrnj.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qrpcq.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qqqt.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qqqewpfdl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qpghwlpi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qnretzig.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qheefqe.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\qgqkumwr.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qbdvroefxtf.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pxluctu.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pvsbacopgo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\puxozpwjj.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ptfcgaof.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\psxulyb.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\psuezqksw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pqognjycvt.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pqjjgvrcrr.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pplmagu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pjtdqi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\phcioojd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pefaimbebk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pedcjlq.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pcpmvigyknw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pclkwlz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pathdekgnl.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\oxxpcqneqfk.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ousspnt.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\otvbczqzr.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\otorwgb.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\oofzxmm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\oofsbkfk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ooaomuyhvz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\onuhfaqdr.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\olhdsirhbjm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\olcfhmx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\oicryjbsxhd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ogn.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ogknbwh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ocduhsoaeky.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ntpp.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\npuailglpt.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ndpxrjvfik.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\narceunvfsr.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mwzhlh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mwuwz.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mvhxlyyr.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mpuqpwyjjoe.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mlfml.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\minowwpnhw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mhymnl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mhefcltipun.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mflohpswrxl.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mcrrrdylbyb.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mbufohzbd.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mbpbf.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\maynwlp.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lxjydaq.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lwcnbd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lvzw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lvjfqnrfy.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lqya.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lnm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lmkwvtfa.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\liif.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lhlcj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lffhqjpt.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ldna.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ktkvvqws.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\kragnbr.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kppamcnflm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kokjkgnayl.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\knk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kkrk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kjvzwobzke.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kgqeevfnt.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kfkegdfzsmf.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kblu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jvpytddxshm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jvanbm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jscxtijpp.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jecbuzopv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jazdltqdat.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ixrmyzmuf.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ivz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\itshnv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ithugwck.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\isnvgwxvzx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\imisiwl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ilppyukvb.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ikvd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\iduxw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ict.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ibqvywo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hxpuo.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hxokmtz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hulemjbpzih.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\htzs.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\htubwk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hrfumedgw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hqwxnfwmq.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hoboh.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hmzimwaq.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hiushfclfla.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hhxjfatux.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hgu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hfaptb.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hbqnkzjqm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gzswrdxw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gxveh.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gxiglgpq.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gwegf.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gswxesatox.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gksspjwk.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gjrxn.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\giemuzl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ghdvcccqxcv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ggjxmqh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gecrm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gcgii.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fzzu.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fyvyvw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fqat.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fnyj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fnxe.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fmlgoxxnn.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fkuuzbgv.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fhagevihj.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\fas.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ezafudvoiyt.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\err.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\epuzw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ehe.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\egskehx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\eewo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\eesejbzog.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\edsljcdivuy.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ecisfvuhpa.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dxrnzku.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dqajfj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dmuuqmc.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dkfd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\djzobvavx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dgppwo.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dgckkqqq.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dfswulgomz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\detwvkklv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\defhdp.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ctxnogspj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cqbt.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\civwzqm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cfclssx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cdntf.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cbqynozbpo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cbgvboorrjj.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\bzyz.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\byoqvakieh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\bxqecmpfn.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\bulcyfilrrd.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\bsxkwl.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\bsmobir.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\blxcchdo.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\betjex.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\baxqskha.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\azuxhafgo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ayyyufnvi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\auemdu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\aso.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\arembuqqlhl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\apluecjxljh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\akjgqsepny.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ajnzyssdz.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ajfm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\aesvs.dat
[2012/06/18 02:48:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2012/06/13 13:49:36 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/06/13 13:46:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/08 05:05:42 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\room_v3.dat
[2012/06/04 18:38:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/06/04 18:36:30 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/04 17:54:56 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2012/06/04 16:11:35 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2012/06/04 16:11:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/06/04 13:24:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/06/04 13:16:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/19 18:32:08 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\uninstall.bat
[2006/07/19 18:30:53 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\funmoods.crx

========== ZeroAccess Check ==========

[2012/06/04 18:10:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 11:12:48 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 15:50:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 17:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/06/13 23:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
[2013/05/14 11:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/06/20 12:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2012/06/04 14:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DRPSu
[2013/06/26 01:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2013/04/20 13:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Funmoods
[2012/06/10 02:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Garena
[2013/06/29 19:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GarenaPlus
[2013/05/26 12:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw
[2013/06/01 01:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-Gizmos
[2013/06/29 14:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2013/06/20 12:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WebCake
[2006/07/25 06:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wireshark
[2012/07/25 14:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZTEEVDO
[2012/06/08 22:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZTEMTUI
[2013/06/18 22:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/05/26 16:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/06/18 02:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2006/08/13 20:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Berowisse22save
[2012/06/13 23:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/20 12:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/06/10 02:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garena
[2013/06/29 19:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2006/08/13 20:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/12/14 15:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/09/23 17:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Speedbit
[2013/06/30 00:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

========== Purity Check ==========

< End of report >

#2
Essexboy

Posted 29 June 2013 - 03:46 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there this is badly infected, once cleaned you must get an AV, there are several free ones and I can give you links for them

This will be a fairly long fix as I try to clear as much as possible in one go

Download McShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
Posted Image

Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Auto | Running] -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Documents and Settings\Administrator\Application Data\WebCake\WebCakeDesktop.exe -- (WebCake Desktop Updater)
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406?appid=518"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca%7D:1.0.0.6
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=518&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5853150841104102&o=APN10645&q="
[2013/05/26 12:24:00 | 000,000,000 | ---D | M] (New Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
[2006/08/13 20:47:42 | 000,000,000 | ---D | M] (Berowisse22save) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions\[email protected]
[2006/08/19 05:31:03 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions\[email protected]
[2013/06/20 12:48:49 | 000,000,000 | ---D | M] (WebCake) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xh3002qa.default\extensions\[email protected]
[2013/05/18 15:12:13 | 000,002,646 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
O1 - Hosts: 127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (Berowisse22save) - {3F6C6853-9842-E7B1-61AF-C93A77BE1F01} - C:\Documents and Settings\All Users\Application Data\Berowisse22save\514182ce3b217.dll ()
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (PC Gizmos BHO) - {A817C286-3D6B-4ECD-A99C-E44E50DBC523} - C:\Documents and Settings\Administrator\Application Data\PC-Gizmos\PCGizmosBHO.dll (PC Gizmos)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O4 - HKLM..\Run: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe ()
O4 - HKLM..\Run: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe ()
O4 - HKLM..\Run: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe ()
O4 - HKLM..\Run: [Windows Task Host] C:\Documents and Settings\Administrator\Application Data\taskhost.exe ()
O4 - HKCU..\Run: [PC_GIZMOS] "C:\Documents and Settings\Administrator\Application Data\PC-Gizmos\PC_136519.en_77.exe" --update File not found
O4 - HKCU..\Run: [WebCake Desktop] C:\Documents and Settings\Administrator\Application Data\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKCU..\Run: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe ()
O4 - HKCU..\Run: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe ()
O4 - HKCU..\Run: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe ()
O4 - HKCU..\Run: [Windows Task Host] C:\Documents and Settings\Administrator\Application Data\taskhost.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O33 - MountPoints2\{1f629f33-d971-11e2-83bd-0019d2ad3761}\Shell\AutoRun\command - "" = I:\Install.exe -- [2004/10/22 00:08:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{37acfb0a-e07b-11e2-83e3-0019d2ad3761}\Shell\Autoplay\Command - "" = G:\RECYCLER\EpAcMsU.exe
O33 - MountPoints2\{37acfb0a-e07b-11e2-83e3-0019d2ad3761}\Shell\AutoRun\command - "" = G:\RECYCLER\EpAcMsU.exe
O33 - MountPoints2\{37acfb0a-e07b-11e2-83e3-0019d2ad3761}\Shell\Explore\command - "" = G:\RECYCLER\EpAcMsU.exe
O33 - MountPoints2\{37acfb0a-e07b-11e2-83e3-0019d2ad3761}\Shell\Open\Command - "" = G:\RECYCLER\EpAcMsU.exe
O33 - MountPoints2\{8eb300c2-d722-11e1-bfee-00023feb95fe}\Shell\AutoRun\command - "" = H:\viewdrive.exe
O33 - MountPoints2\{8eb300c2-d722-11e1-bfee-00023feb95fe}\Shell\explore\command - "" = H:\viewDrive.exe
O33 - MountPoints2\{8eb300c2-d722-11e1-bfee-00023feb95fe}\Shell\open\command - "" = H:\viewDrive.exe
O33 - MountPoints2\{bc3692ca-0e22-11e2-80b4-0019d2ad3761}\Shell\AutoRun\command - "" = H:\viewdrive.exe
O33 - MountPoints2\{bc3692ca-0e22-11e2-80b4-0019d2ad3761}\Shell\explore\command - "" = H:\viewDrive.exe
O33 - MountPoints2\{bc3692ca-0e22-11e2-80b4-0019d2ad3761}\Shell\open\command - "" = H:\viewDrive.exe
[2013/06/20 12:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake
[2013/06/20 12:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WebCake
[2013/06/20 12:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/08/02 20:15:20 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\e6A.dat
[2012/06/27 21:15:43 | 003,263,631 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\taskhost.exe
[2012/06/26 11:43:18 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yeqc.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xitroqxj.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xhepiahgu.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xdu.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xabxrnwognq.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\uaqqwmjt.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tgp.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\okbzdweogsf.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\netcd.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mxdvmytw.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kaddzumq.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jxqxva.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ifvbafbi.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hgdxppghmnp.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gbx.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dmtlsnues.dat
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cntaml.ini
[2012/06/25 05:13:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\aclcvmx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zzmbkjttcv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zyadeizbstq.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zvxuplfqaiv.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zmulmsalvp.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zmpm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zlvlgaoro.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zhbezzk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zgtn.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\zbu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yztg.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ywcotf.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yruogei.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yqwnxmuqkr.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ynbpico.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yft.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yfguqg.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\yfddtyco.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ybcwdcj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xrjmwls.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xratz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xnrwoffi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xkiazoygsu.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\xibfo.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xhxj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xhliavnncf.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xhi.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xei.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xbwudob.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xbeumyws.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wztapis.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wvpmojcpagc.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wvmaql.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wuienx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wtkvqxla.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wmcwjfwebcg.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wmaeoulj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wjjkwjxof.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wjd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wgfzxqxc.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vwx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vwvpxtf.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vuzy.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vtccpjjxhbl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vpymgh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vky.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vhgdwwy.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vexcv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\vekhfmquvd.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\uvhkeoo.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\uuknvmo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\upqsk.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ujupkolaxz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\uilhoi.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\uhgxcxne.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ugh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\udixx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ubomomrwsdk.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tubh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tttpgilubhz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tmksiwyo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tjerrruiu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tixbprzs.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tgysztaa.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\tcu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\szanch.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\swrosmstc.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\swmx.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\svh.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\surl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\sthnpbr.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\srt.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\sqrvkkbktxz.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\sntlrnm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\slfzi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\skjqlknoa.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\skcx.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\sjzadmi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\sfsz.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rzuc.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rvitifkhda.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ruwy.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rumiqlhw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rtsquze.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rpz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\rnni.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rnaxcorvnpm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rmkgnn.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\riffaw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rifbww.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rhw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rfbddh.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\refyhravcw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rckntimj.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rbou.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qzegqoobxiy.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qxbus.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qttwzyei.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qsopsnklrnj.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qrpcq.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qqqt.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qqqewpfdl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qpghwlpi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qnretzig.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qheefqe.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\qgqkumwr.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\qbdvroefxtf.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pxluctu.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pvsbacopgo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\puxozpwjj.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ptfcgaof.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\psxulyb.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\psuezqksw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pqognjycvt.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pqjjgvrcrr.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pplmagu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pjtdqi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\phcioojd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pefaimbebk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pedcjlq.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pcpmvigyknw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pclkwlz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\pathdekgnl.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\oxxpcqneqfk.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ousspnt.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\otvbczqzr.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\otorwgb.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\oofzxmm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\oofsbkfk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ooaomuyhvz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\onuhfaqdr.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\olhdsirhbjm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\olcfhmx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\oicryjbsxhd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ogn.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ogknbwh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ocduhsoaeky.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ntpp.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\npuailglpt.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ndpxrjvfik.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\narceunvfsr.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mwzhlh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mwuwz.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mvhxlyyr.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mpuqpwyjjoe.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mlfml.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\minowwpnhw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mhymnl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mhefcltipun.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mflohpswrxl.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mcrrrdylbyb.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mbufohzbd.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mbpbf.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\maynwlp.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lxjydaq.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lwcnbd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lvzw.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lvjfqnrfy.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lqya.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lnm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lmkwvtfa.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\liif.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lhlcj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lffhqjpt.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ldna.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ktkvvqws.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\kragnbr.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kppamcnflm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kokjkgnayl.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\knk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kkrk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kjvzwobzke.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kgqeevfnt.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kfkegdfzsmf.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kblu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jvpytddxshm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jvanbm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jscxtijpp.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jecbuzopv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\jazdltqdat.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ixrmyzmuf.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ivz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\itshnv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ithugwck.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\isnvgwxvzx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\imisiwl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ilppyukvb.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ikvd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\iduxw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ict.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ibqvywo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hxpuo.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hxokmtz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hulemjbpzih.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\htzs.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\htubwk.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hrfumedgw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hqwxnfwmq.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hoboh.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hmzimwaq.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hiushfclfla.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hhxjfatux.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hgu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hfaptb.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\hbqnkzjqm.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gzswrdxw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gxveh.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gxiglgpq.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gwegf.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gswxesatox.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gksspjwk.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gjrxn.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\giemuzl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ghdvcccqxcv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ggjxmqh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gecrm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gcgii.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fzzu.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fyvyvw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fqat.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fnyj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fnxe.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fmlgoxxnn.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fkuuzbgv.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\fhagevihj.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\fas.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ezafudvoiyt.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\err.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\epuzw.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ehe.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\egskehx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\eewo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\eesejbzog.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\edsljcdivuy.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ecisfvuhpa.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dxrnzku.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dqajfj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dmuuqmc.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dkfd.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\djzobvavx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dgppwo.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dgckkqqq.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\dfswulgomz.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\detwvkklv.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\defhdp.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ctxnogspj.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cqbt.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\civwzqm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cfclssx.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cdntf.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cbqynozbpo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\cbgvboorrjj.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\bzyz.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\byoqvakieh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\bxqecmpfn.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\bulcyfilrrd.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\bsxkwl.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\bsmobir.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\blxcchdo.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\betjex.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\baxqskha.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\azuxhafgo.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ayyyufnvi.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\auemdu.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\aso.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\arembuqqlhl.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\apluecjxljh.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\akjgqsepny.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ajnzyssdz.dat
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ajfm.ini
[2012/06/25 05:13:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\aesvs.dat
[2006/07/19 18:30:53 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\funmoods.crx
[2013/04/20 13:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Funmoods
[2013/05/26 12:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw
[2013/06/01 01:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-Gizmos
[2013/06/29 14:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2013/06/20 12:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WebCake
[2006/08/13 20:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Berowisse22save
[2012/09/23 17:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Speedbit
[2013/06/30 00:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

:Files
C:\Program Files\WebCake
C:\Documents and Settings\Administrator\Application Data\WebCake
C:\Documents and Settings\Administrator\Application Data\PC-Gizmos
C:\Documents and Settings\Administrator\Application Data\taskhost.exe
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003
C:\Program Files\Windows Alerter
C:\Program Files\Windows Common Files\Commgr.exe

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

NEXT

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

FINALLY

Run OTL.
Select All Users
Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
Essexboy

Posted 04 July 2013 - 07:20 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.