Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

search engines redirect [Solved]

Started by camster98 , Oct 07 2009 12:50 PM

  • This topic is locked This topic is locked

#1
camster98
Posted 07 October 2009 - 12:50 PM

camster98

    Member

  • Member
  • PipPipPip
  • 135 posts
every time i click on a link on any search engine it redirects me to many different parked domains.

OTL logfile created on: 10/7/2009 1:45:15 PM - Run 2
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\camster98\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 47.80% Memory free
3.34 Gb Paging File | 2.54 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 55.66 Gb Free Space | 74.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAMERON-CAF0EDC
Current User Name: camster98
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/07/20 14:59:24 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2008/08/20 18:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/20 18:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 18:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/08/20 18:28:34 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/09/29 13:18:46 | 00,157,120 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2008/04/14 00:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/05/10 12:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2008/08/20 18:27:36 | 01,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 18:09:12 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2007/03/30 22:00:16 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2007/03/30 21:59:36 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2007/07/20 18:55:46 | 01,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/09/15 05:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/05/01 23:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/15 11:42:42 | 01,998,576 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/05/27 00:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2007/03/30 21:59:26 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2001/08/23 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/09/21 16:36:08 | 10,309,408 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/08/24 15:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 00:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/10/04 20:05:40 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\camster98\My Documents\Downloads\RootRepeal.exe
PRC - [2009/10/04 20:05:48 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camster98\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 13:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 13:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/08/20 18:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 23:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 00:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 21:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/07/29 21:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/20 18:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2008/08/20 18:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2009/07/20 14:59:24 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver [Auto | Running])
SRV - [2008/08/20 18:28:34 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.07
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.1.07282009_url_fix
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20090630

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/03 23:17:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/06 20:20:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/05 13:29:30 | 00,000,000 | ---D | M]

[2009/10/03 16:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Extensions
[2009/10/03 16:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/06 20:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions
[2009/10/03 16:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/10/06 20:21:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/10/03 16:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/03 16:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/03 16:32:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/03 16:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\FasterFox_Lite@BigRedBrent
[2009/10/03 16:32:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\[email protected]
[2009/10/03 16:38:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\[email protected]
[2009/10/03 16:39:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\SkipScreen@SkipScreen
[2009/10/03 16:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\[email protected]
[2009/10/03 16:01:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/03 16:01:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 15:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 15:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 15:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/10/04 11:54:30 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/04 11:54:30 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/04 11:54:30 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/04 11:54:30 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/04 11:54:31 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/04 11:54:31 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/04 11:54:31 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (GigagetIEHelper Class) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll (Giganology Inc.)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\camster98\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\camster98\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm ()
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254603245274 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 00:10:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: BtwSrv - Service key not found. File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/02 16:56:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/10/04 11:54:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/04 11:53:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/10/04 11:54:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/10/04 04:42:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/10/03 16:26:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/02 16:56:57 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/10/05 13:22:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/10/05 00:40:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/10/03 17:18:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/10/06 22:15:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/03 16:00:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/03 23:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/10/03 17:18:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZILLAbar
[2009/10/03 00:20:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\camster98\Application Data
[2009/10/03 16:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Adobe
[2009/10/04 11:55:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Apple Computer
[2009/10/05 10:38:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Audacity
[2009/10/04 05:49:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Dell
[2009/10/05 20:54:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\dvdcss
[2009/10/05 15:36:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Hardcore
[2009/10/07 13:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Help
[2009/10/03 00:20:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Identities
[2009/10/04 04:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\InstallShield
[2009/10/04 04:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Intel
[2009/10/05 15:38:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Juce VST Host
[2009/10/03 16:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Macromedia
[2009/10/03 16:26:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Malwarebytes
[2009/10/03 00:20:12 | 00,000,000 | --SD | C] -- C:\Documents and Settings\camster98\Application Data\Microsoft
[2009/10/03 16:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Mozilla
[2009/10/04 20:18:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Notepad++
[2009/10/05 13:37:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\OpenCandy
[2009/10/05 15:37:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Sawer
[2009/10/03 16:44:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\STOPzilla!
[2009/10/06 22:15:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\SUPERAntiSpyware.com
[2009/10/04 18:00:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\TeamViewer
[2009/10/03 16:20:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\uTorrent
[2009/10/05 09:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\vlc
[2009/10/03 16:20:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Windows Desktop Search
[2009/10/05 16:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Windows Search
[2009/10/03 16:28:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\WinRAR
[2009/10/04 01:39:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\YTK Enhanced
[2009/10/03 00:20:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data
[2009/10/04 11:53:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Apple
[2009/10/04 11:52:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Apple Computer
[2009/10/05 06:00:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\ApplicationHistory
[2009/10/07 13:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Help
[2009/10/03 16:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Identities
[2009/10/03 00:20:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Microsoft
[2009/10/05 13:22:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Microsoft Help
[2009/10/03 16:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Mozilla
[2009/10/04 01:44:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Yahoo
[2009/10/05 11:17:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Yahoo!
[2009/10/02 16:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/10/04 11:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/05 13:28:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/10/04 04:40:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/10/04 04:42:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2009/10/03 17:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/10/02 16:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/10/03 00:08:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/10/02 16:57:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/10/03 00:08:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/10/02 16:57:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/10/03 00:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/10/06 22:15:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/02 16:57:50 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/10/03 16:21:25 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/10/04 11:53:42 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/06 09:30:13 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/10/05 10:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2009/10/04 11:54:37 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/04 04:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2009/10/06 22:23:12 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/02 16:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/10/06 23:23:32 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/10/03 00:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/10/04 04:38:43 | 00,000,000 | ---D | C] -- C:\Program Files\Dell
[2009/10/04 20:25:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/06 09:47:43 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/10/05 13:26:13 | 00,000,000 | ---D | C] -- C:\Program Files\Giganology
[2009/10/04 15:02:05 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2009/10/05 13:33:39 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2009/10/04 04:41:07 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/04 04:37:48 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/10/03 00:07:36 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/10/04 11:54:58 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/04 11:54:55 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/06 09:30:04 | 00,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2009/10/07 09:31:46 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2009/10/04 19:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/10/03 16:26:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/03 00:06:24 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/10/03 00:11:19 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/10/05 13:22:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/10/07 13:27:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/10/07 09:53:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2009/10/05 13:29:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/10/05 13:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/10/03 00:08:24 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/10/03 16:01:57 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/03 16:25:57 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/03 00:05:33 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/10/03 00:06:20 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/10/03 00:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/10/04 20:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2009/10/03 00:06:42 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/10/03 00:07:48 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/10/05 13:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/10/04 11:54:07 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/03 16:25:52 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/03 16:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2009/10/04 04:41:07 | 00,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2009/10/03 16:44:04 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/10/06 22:15:32 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/04 18:00:04 | 00,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2009/10/07 13:32:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/03 00:20:19 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/10/04 19:57:23 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/10/03 16:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/10/07 13:18:57 | 00,000,000 | ---D | C] -- C:\Program Files\VB Decompiler Lite
[2009/10/04 17:04:57 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/10/06 09:51:25 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2009/10/04 16:57:17 | 00,000,000 | ---D | C] -- C:\Program Files\vixy.net
[2009/10/05 13:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2009/10/03 16:19:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/10/03 00:06:28 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/10/03 00:06:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/10/03 00:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/10/03 00:09:30 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/10/07 13:16:00 | 00,000,000 | ---D | C] -- C:\Program Files\WinHex
[2009/10/03 16:28:37 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/03 00:11:19 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/10/03 23:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/10/07 13:38:18 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/10/07 13:38:18 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/10/07 13:38:18 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/10/07 13:38:18 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/10/07 13:38:18 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/10/07 13:38:18 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/10/07 13:38:18 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/10/07 13:38:18 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/10/07 13:38:18 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/10/07 13:38:18 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/10/07 13:38:18 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/10/07 09:31:47 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2009/10/07 09:24:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\hjsplit
[2009/10/06 09:51:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\VirtualDJ
[2009/10/06 09:20:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Desktop\abc
[2009/10/05 13:36:00 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2009/10/05 13:35:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\Image-Line
[2009/10/05 13:27:00 | 00,000,000 | ---D | C] -- C:\TDdownload
[2009/10/05 13:26:18 | 00,086,016 | ---- | C] (Giganology Inc.) -- C:\WINDOWS\System32\gigagetbho_v10.dll
[2009/10/05 13:23:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/10/05 13:21:57 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/10/05 12:01:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/10/04 22:59:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Desktop\cotts
[2009/10/04 20:26:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/04 19:45:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/10/04 15:54:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\camerons documents
[2009/10/04 15:04:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\gegl-0.0
[2009/10/04 05:49:40 | 00,016,128 | ---- | C] (Dell Inc) -- C:\WINDOWS\System32\drivers\APPDRV.SYS
[2009/10/04 05:49:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/10/04 05:49:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/10/04 05:49:02 | 00,000,000 | ---D | C] -- C:\Intel
[2009/10/04 04:41:08 | 00,146,944 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st325602.dll
[2009/10/04 04:37:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/04 04:37:05 | 00,000,000 | ---D | C] -- C:\dell
[2009/10/03 23:16:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2009/10/03 23:15:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/10/03 16:35:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/03 16:34:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/10/03 16:33:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/03 16:26:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/03 16:26:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/03 16:26:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/03 16:25:30 | 00,000,000 | ---D | C] -- C:\d02976ceb65ce766ee
[2009/10/03 16:24:57 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/10/03 16:24:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/10/03 16:22:41 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/03 16:21:56 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/03 16:21:56 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/03 16:21:55 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/03 16:21:53 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/03 16:21:52 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/03 16:21:52 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/03 16:21:52 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/03 16:21:52 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/03 16:21:29 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/10/03 16:19:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/03 16:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\TagsRevisited
[2009/10/03 16:04:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\Downloads
[2009/10/03 16:00:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/10/03 16:00:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/10/03 15:53:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/10/03 00:20:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\camster98\My Documents\My Pictures
[2009/10/03 00:20:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\camster98\My Documents\My Music
[2009/10/03 00:19:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/10/03 00:19:26 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/10/03 00:19:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/03 00:13:09 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/10/03 00:13:09 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/10/03 00:13:09 | 00,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/10/03 00:12:02 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/10/03 00:12:02 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/10/03 00:12:02 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/10/03 00:11:50 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/10/03 00:11:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/10/03 00:09:42 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/10/03 00:09:42 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/10/03 00:09:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/10/03 00:08:40 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/10/03 00:08:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/10/03 00:08:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/10/03 00:07:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/10/03 00:07:35 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/10/03 00:06:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/10/03 00:05:32 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2009/10/03 00:05:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/10/03 00:05:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/10/03 00:05:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/10/03 00:05:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/10/02 16:58:20 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/10/02 16:57:56 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/10/02 16:57:50 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/10/02 16:57:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/10/02 16:57:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/10/02 16:56:31 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/10/02 16:56:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/10/02 16:49:38 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/10/02 16:49:38 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/10/02 16:49:38 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/10/02 16:49:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS

========== Files - Modified Within 14 Days ==========

[2009/10/07 13:39:43 | 00,002,582 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/10/07 13:39:38 | 00,000,926 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\Install Microsoft Visual C++ 2008 Express Edition with SP1.lnk
[2009/10/07 13:32:58 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\HijackThis.lnk
[2009/10/07 13:10:00 | 00,001,216 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/10/07 11:44:13 | 00,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/07 11:44:13 | 00,462,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/07 11:44:13 | 00,078,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/07 11:41:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/07 11:40:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/07 11:39:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/07 11:39:19 | 00,149,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/10/07 09:53:22 | 00,001,966 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\Windows 7 Upgrade Advisor Beta.lnk
[2009/10/07 09:31:59 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\camster98\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/10/07 09:31:59 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\MagicDisc.lnk
[2009/10/07 06:14:54 | 00,028,256 | ---- | M] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/07 04:23:11 | 00,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/06 22:23:12 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\CCleaner.lnk
[2009/10/06 22:15:39 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/06 15:34:25 | 02,254,903 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\trippy.mp3
[2009/10/06 10:03:35 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\Virtual DJ Trial.lnk
[2009/10/05 14:04:28 | 00,000,574 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\pm2.rtf
[2009/10/05 14:04:27 | 00,000,546 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\pm.rtf
[2009/10/05 13:35:53 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\FL Studio 9.lnk
[2009/10/05 13:26:15 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\Gigaget.lnk
[2009/10/05 10:37:47 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2009/10/05 01:20:47 | 05,877,236 | -H-- | M] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\IconCache.db
[2009/10/05 00:40:05 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/04 23:10:47 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/04 20:25:59 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\camster98\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/04 20:25:57 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\NTREGOPT.lnk
[2009/10/04 20:25:57 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\ERUNT.lnk
[2009/10/04 20:18:33 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2009/10/04 19:48:19 | 00,131,731 | ---- | M] () -- C:\WINDOWS\System32\dbsinit.exe
[2009/10/04 19:44:12 | 00,000,034 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/04 19:13:52 | 00,001,486 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\MagicISO.lnk
[2009/10/04 18:00:06 | 00,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/10/04 17:05:19 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/10/04 15:02:26 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2009/10/04 11:55:41 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/04 11:54:22 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/04 11:53:45 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/04 04:38:48 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D520.MRK
[2009/10/04 04:38:48 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_LAT_D520.MRK
[2009/10/03 23:18:55 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/10/03 16:26:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/03 16:21:56 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/03 16:21:52 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/03 16:20:23 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/10/03 16:19:52 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/03 16:02:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/10/03 16:02:00 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/03 00:14:34 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/03 00:13:49 | 00,000,283 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/03 00:10:58 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/03 00:10:58 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/03 00:10:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/10/03 00:10:58 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/03 00:10:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/03 00:10:55 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/03 00:10:50 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/03 00:10:50 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/03 00:10:49 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/03 00:10:39 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 00:09:42 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/03 00:09:42 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/03 00:07:09 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 00:06:55 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/10/03 00:06:55 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/10/03 00:02:11 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/02 16:58:01 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009/10/02 16:57:49 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini

========== Files - No Company Name ==========
[2009/10/07 13:39:42 | 00,002,582 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/10/07 13:39:38 | 00,000,926 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\Install Microsoft Visual C++ 2008 Express Edition with SP1.lnk
[2009/10/07 13:38:18 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/10/07 13:38:18 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/10/07 13:38:18 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/10/07 13:32:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\HijackThis.lnk
[2009/10/07 11:40:26 | 00,001,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/10/07 09:53:22 | 00,001,966 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\Windows 7 Upgrade Advisor Beta.lnk
[2009/10/07 09:31:59 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\camster98\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/10/07 09:31:59 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\MagicDisc.lnk
[2009/10/07 04:23:03 | 00,149,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/10/06 22:23:12 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\CCleaner.lnk
[2009/10/06 22:15:39 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/06 15:32:35 | 02,254,903 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\trippy.mp3
[2009/10/06 09:51:30 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\Virtual DJ Trial.lnk
[2009/10/05 14:04:28 | 00,000,574 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\pm2.rtf
[2009/10/05 14:04:24 | 00,000,546 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\pm.rtf
[2009/10/05 13:35:52 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\FL Studio 9.lnk
[2009/10/05 13:26:15 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\Gigaget.lnk
[2009/10/05 10:38:38 | 04,057,299 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\4Front Bass Module.dll
[2009/10/05 10:37:47 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2009/10/04 23:10:46 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/04 20:25:59 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\camster98\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/04 20:25:57 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\NTREGOPT.lnk
[2009/10/04 20:25:57 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\ERUNT.lnk
[2009/10/04 20:18:33 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2009/10/04 19:45:15 | 00,131,731 | ---- | C] () -- C:\WINDOWS\System32\dbsinit.exe
[2009/10/04 19:44:12 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/04 19:13:52 | 00,001,486 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\MagicISO.lnk
[2009/10/04 18:00:06 | 00,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/10/04 17:05:19 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/10/04 15:02:26 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2009/10/04 12:01:57 | 00,028,256 | ---- | C] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/04 11:55:41 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/04 11:54:22 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/04 11:53:45 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/04 05:49:09 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/10/04 05:49:09 | 00,025,472 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2009/10/04 05:49:09 | 00,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2009/10/04 05:49:07 | 00,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2009/10/04 05:49:07 | 00,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2009/10/04 04:38:48 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D520.MRK
[2009/10/04 04:38:48 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_LAT_D520.MRK
[2009/10/04 04:38:43 | 00,000,666 | ---- | C] () -- C:\WINDOWS\speed.reg
[2009/10/03 23:18:55 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/10/03 16:26:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/03 16:21:56 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/03 16:21:29 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/10/03 16:20:23 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/10/03 16:19:52 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/03 16:02:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/03 16:02:00 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/03 00:34:01 | 05,877,236 | -H-- | C] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\IconCache.db
[2009/10/03 00:20:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\camster98\Application Data\desktop.ini
[2009/10/03 00:19:26 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/03 00:14:34 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/03 00:13:49 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 00:13:33 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/10/03 00:13:04 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/10/03 00:13:03 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/10/03 00:13:02 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/10/03 00:12:42 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/10/03 00:12:41 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/10/03 00:12:35 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/10/03 00:12:34 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/10/03 00:12:31 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/10/03 00:12:16 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/10/03 00:12:09 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/10/03 00:12:05 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/10/03 00:11:53 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/10/03 00:11:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/10/03 00:11:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/10/03 00:11:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/10/03 00:11:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/10/03 00:11:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/10/03 00:11:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/10/03 00:11:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/10/03 00:11:48 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/10/03 00:11:48 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/10/03 00:11:48 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/10/03 00:11:46 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/10/03 00:11:46 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/10/03 00:11:46 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/10/03 00:11:46 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/10/03 00:11:46 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/10/03 00:11:46 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/10/03 00:11:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/10/03 00:11:45 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/10/03 00:11:44 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/10/03 00:11:44 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/10/03 00:11:44 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/10/03 00:11:44 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/10/03 00:11:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/10/03 00:11:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/10/03 00:11:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/10/03 00:11:43 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/10/03 00:11:43 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/10/03 00:10:58 | 00,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/03 00:10:58 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/10/03 00:10:58 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/10/03 00:10:58 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/10/03 00:10:58 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/10/03 00:10:50 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/03 00:10:50 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/03 00:10:49 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/03 00:09:42 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/03 00:09:42 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/03 00:09:15 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/10/03 00:08:52 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/10/03 00:08:52 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/10/03 00:08:46 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/10/03 00:07:59 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2009/10/03 00:07:09 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 00:06:03 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/10/03 00:06:03 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/10/03 00:06:03 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/10/03 00:06:03 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/10/03 00:06:03 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/10/03 00:06:03 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/10/03 00:06:03 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/10/03 00:06:03 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/10/03 00:06:03 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/10/03 00:06:02 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/10/03 00:06:02 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/10/03 00:06:02 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/10/03 00:06:02 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/10/03 00:06:02 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/10/03 00:06:02 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/10/03 00:06:02 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/10/03 00:06:02 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/10/03 00:06:01 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/10/03 00:06:01 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/10/03 00:05:59 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/10/03 00:05:59 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/10/03 00:05:58 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/10/03 00:05:52 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/10/02 16:58:01 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2009/10/02 16:57:52 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/10/02 16:57:52 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/10/02 16:57:51 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/10/02 16:57:51 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/10/02 16:57:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/10/02 16:57:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/10/02 16:57:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009/10/02 16:57:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/10/02 16:57:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/10/02 16:57:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009/10/02 16:57:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/10/02 16:57:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/10/02 16:57:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009/10/02 16:57:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009/10/02 16:57:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/10/02 16:57:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/10/02 16:57:41 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009/10/02 16:57:41 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009/10/02 16:57:41 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/10/02 16:57:41 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/10/02 16:57:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/10/02 16:57:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/10/02 16:57:39 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009/10/02 16:57:39 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/10/02 16:57:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/10/02 16:57:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/10/02 16:57:33 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/10/02 16:57:19 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/10/02 16:57:18 | 00,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/10/02 16:57:18 | 00,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/10/02 16:57:18 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/10/02 16:57:18 | 00,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/10/02 16:57:18 | 00,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/10/02 16:57:18 | 00,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/10/02 16:57:18 | 00,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/10/02 16:57:18 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/10/02 16:57:18 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/10/02 16:57:18 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/10/02 16:57:17 | 01,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2009/10/02 16:57:17 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/10/02 16:57:17 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/10/02 16:57:17 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/10/02 16:57:17 | 00,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/10/02 16:57:17 | 00,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/10/02 16:57:17 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/10/02 16:57:17 | 00,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/10/02 16:57:16 | 02,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/10/02 16:57:16 | 00,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/10/02 16:56:30 | 00,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/02 16:55:44 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2009/10/02 16:55:39 | 00,000,283 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2009/10/07 09:45:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/04 11:55:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/04 04:42:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/10/05 10:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/10/07 13:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/10/04 02:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZILLAbar
[2009/10/07 13:16:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\camster98\Application Data
[2009/10/07 13:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Audacity
[2009/10/04 05:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Dell
[2009/10/05 21:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\dvdcss
[2009/10/05 15:36:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Hardcore
[2009/10/04 04:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Intel
[2009/10/05 15:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Juce VST Host
[2009/10/05 01:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Notepad++
[2009/10/05 13:37:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\OpenCandy
[2009/10/05 15:37:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Sawer
[2009/10/03 16:44:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\STOPzilla!
[2009/10/04 18:19:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\TeamViewer
[2009/10/07 09:31:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\uTorrent
[2009/10/03 16:20:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Windows Desktop Search
[2009/10/05 16:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Windows Search
[2009/10/04 01:40:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\YTK Enhanced
[2009/10/04 11:53:45 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/08/23 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/07 11:40:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 00:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 00:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/07 13:42
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8828000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA666000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA80AB000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa89106b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8910574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8910a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa891014c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa891064e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa891008c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa89100f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa891076e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa891072e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa89108ae

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xa89cd0b0

==EOF==
  • 0

Advertisements

#2
jwang01
Posted 12 October 2009 - 03:58 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello camster98 and and welcome to Geeks To Go. :)

I am jwang01 and I will be assisting you with your issue.

Please note that I am still in training here and all my post's need to be checked by an Expert before I can post them. This may cause a slight delay in my respones.

When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.

Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.

I am currently reviewing your logs and will reply with instructions in my next reply. :)
  • 0

#3
jwang01
Posted 12 October 2009 - 04:09 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,

Sorry for the delay. This forum can get quite busy. :)



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#4
camster98
Posted 12 October 2009 - 05:33 PM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
ComboFix 09-10-11.03 - camster98 10/12/2009 18:21.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.941 [GMT -5:00]
Running from: c:\documents and settings\camster98\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1351 [VPS 091011-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\irc.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\Install.txt
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :^)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTIPOL
-------\Legacy_ISASDK


((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-12 21:34 . 2009-10-12 21:34 -------- d-----w- C:\VundoFix Backups
2009-10-12 19:08 . 2009-02-02 13:44 54656 ----a-w- c:\windows\system32\drivers\ATMFVsp.sys
2009-10-12 19:08 . 2009-02-02 13:44 103424 ----a-w- c:\windows\system32\drivers\ATMFNET.sys
2009-10-12 19:08 . 2009-02-02 13:44 54656 ----a-w- c:\windows\system32\drivers\ATMFNVsp.sys
2009-10-12 19:08 . 2009-02-02 13:43 54656 ----a-w- c:\windows\system32\drivers\ATMFCVsp.sys
2009-10-12 19:08 . 2009-02-02 13:43 54528 ----a-w- c:\windows\system32\drivers\ATMFMdm.sys
2009-10-12 19:08 . 2009-02-02 13:43 38528 ----a-w- c:\windows\system32\drivers\ATMFBUS.sys
2009-10-12 19:08 . 2009-01-05 10:18 11520 ----a-w- c:\windows\system32\drivers\ATMFFLT.sys
2009-10-12 19:07 . 2009-10-12 19:08 -------- d-----w- c:\program files\Cricket
2009-10-12 19:04 . 2009-10-12 19:04 -------- d-----w- c:\windows\Sun
2009-10-11 04:07 . 2009-10-09 19:18 758040 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-10-11 04:07 . 2009-10-09 19:18 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-10-11 04:07 . 2009-10-09 19:18 1471768 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-10-11 04:07 . 2009-10-09 19:18 1126168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-10-10 21:06 . 2009-10-10 21:06 -------- d-----w- c:\windows\system32\LogFiles
2009-10-10 13:59 . 2009-10-11 21:35 -------- d-----w- C:\$AVG8.VAULT$
2009-10-09 19:19 . 2009-10-09 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-10-09 19:19 . 2009-10-09 19:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-09 19:19 . 2009-10-09 19:19 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-09 19:19 . 2009-10-09 19:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-09 19:18 . 2009-10-09 19:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-09 19:18 . 2009-10-09 19:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-09 19:18 . 2009-10-11 04:02 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-09 19:18 . 2009-10-09 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-09 19:17 . 2009-10-09 19:17 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-10-09 19:17 . 2009-10-09 19:17 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-10-09 19:17 . 2009-10-09 19:17 -------- d-----w- c:\program files\AVG
2009-10-09 19:17 . 2009-10-09 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-09 19:06 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-09 19:06 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-09 19:06 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-09 19:06 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-09 19:06 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-09 19:06 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-09 19:06 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-09 19:06 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-09 19:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-09 17:00 . 2009-10-09 16:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 16:59 . 2009-10-09 16:59 -------- d-----w- c:\program files\Java
2009-10-09 15:20 . 2009-10-09 15:20 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-09 15:20 . 2009-10-09 15:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-09 15:19 . 2009-10-09 15:19 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-10-09 15:19 . 2009-10-09 15:19 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-10-09 15:16 . 2009-10-09 15:18 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-09 15:16 . 2009-10-09 15:17 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-10-09 14:45 . 2009-10-12 19:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-09 03:34 . 2009-10-09 03:34 -------- d-----w- c:\program files\DIFX
2009-10-09 03:34 . 2008-08-29 06:34 3632384 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-10-09 03:34 . 2008-06-20 17:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-10-09 03:34 . 2008-06-20 17:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2009-10-09 03:32 . 2009-10-09 03:32 -------- d-----w- c:\program files\Common Files\Intel
2009-10-07 22:04 . 2009-10-07 22:05 -------- d--h--w- c:\program files\Zero G Registry
2009-10-07 21:57 . 2009-10-07 21:57 -------- d--h--w- c:\documents and settings\camster98\InstallAnywhere
2009-10-07 21:51 . 2009-10-07 21:51 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-10-07 21:51 . 2009-10-07 21:51 -------- d-----w- c:\program files\TortoiseHg
2009-10-07 21:38 . 2009-10-07 21:38 -------- d-----w- c:\program files\AskBarDis
2009-10-07 21:35 . 2009-10-07 21:35 -------- d-----w- c:\program files\Foxit Software
2009-10-07 21:01 . 2009-10-07 21:01 -------- d-----w- c:\program files\Launch-n-Go
2009-10-07 20:56 . 2009-10-07 21:01 -------- d-----w- c:\program files\Workspace Macro Pro 6.0
2009-10-07 20:40 . 2009-10-08 11:36 -------- d-----w- c:\program files\Workspace Macro Pro 6.5
2009-10-07 18:57 . 2009-10-07 18:57 -------- d-----w- c:\windows\Performance
2009-10-07 18:32 . 2009-10-07 18:32 -------- d-----w- c:\program files\Trend Micro
2009-10-07 18:27 . 2009-10-07 18:27 -------- d-----w- c:\program files\Microsoft SDKs
2009-10-07 18:18 . 2009-10-10 17:00 -------- d-----w- c:\program files\VB Decompiler Lite
2009-10-07 18:16 . 2009-10-07 18:33 -------- d-----w- c:\program files\WinHex
2009-10-07 14:31 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-10-07 14:31 . 2009-10-07 14:32 -------- d-----w- c:\program files\MagicDisc
2009-10-07 09:23 . 2009-10-07 16:39 149648 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-10-07 04:23 . 2009-10-07 16:39 -------- d-----w- c:\program files\COMODO
2009-10-07 03:23 . 2009-10-07 03:23 -------- d-----w- c:\program files\CCleaner
2009-10-07 03:15 . 2009-10-07 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-07 03:15 . 2009-10-07 03:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-07 03:15 . 2009-10-07 03:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-06 14:51 . 2009-10-06 15:04 -------- d-----w- c:\program files\VirtualDJ
2009-10-06 14:47 . 2009-10-06 14:47 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-06 14:30 . 2009-10-06 14:30 -------- d-----w- c:\program files\Audacity
2009-10-06 14:30 . 2009-10-06 14:30 -------- d-----w- c:\program files\Lame for Audacity
2009-10-05 18:36 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-10-05 18:35 . 2009-10-05 18:38 -------- d-----w- c:\program files\VstPlugins
2009-10-05 18:35 . 2009-10-05 18:35 -------- d-----w- c:\program files\Outsim
2009-10-05 18:33 . 2009-10-05 18:38 -------- d-----w- c:\program files\Image-Line
2009-10-05 18:30 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-05 18:29 . 2009-10-05 18:29 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 18:28 . 2009-10-05 18:28 -------- d-----w- c:\program files\Microsoft.NET
2009-10-05 18:27 . 2009-10-12 21:50 -------- d-----w- C:\TDdownload
2009-10-05 18:26 . 2006-01-09 20:01 86016 ----a-w- c:\windows\system32\gigagetbho_v10.dll
2009-10-05 18:26 . 2009-10-05 18:26 -------- d-----w- c:\program files\Giganology
2009-10-05 18:23 . 2009-10-05 18:23 -------- d-----w- c:\windows\SHELLNEW
2009-10-05 18:22 . 2009-10-09 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-05 18:21 . 2009-10-05 18:21 -------- d-----r- C:\MSOCache
2009-10-05 17:01 . 2009-10-05 17:01 -------- d-----w- c:\windows\system32\Adobe
2009-10-05 15:37 . 2009-10-05 15:37 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-10-05 05:40 . 2009-10-05 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-05 01:25 . 2009-10-05 01:25 -------- d-----w- c:\program files\ERUNT
2009-10-05 01:18 . 2009-10-05 01:18 -------- d-----w- c:\program files\Notepad++
2009-10-05 00:57 . 2009-10-05 01:03 -------- d-----w- c:\program files\Unlocker
2009-10-05 00:56 . 2009-10-05 00:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-05 00:13 . 2009-10-05 00:13 -------- d-----w- c:\program files\MagicISO
2009-10-04 23:00 . 2009-10-04 23:00 -------- d-----w- c:\program files\TeamViewer
2009-10-04 22:55 . 2009-10-04 22:55 -------- d-----w- c:\documents and settings\camster98\temp
2009-10-04 22:04 . 2009-10-04 22:04 -------- d-----w- c:\program files\VideoLAN
2009-10-04 21:57 . 2009-10-04 21:57 -------- d-----w- c:\program files\vixy.net
2009-10-04 20:04 . 2009-10-04 20:56 -------- d-----w- c:\documents and settings\camster98\.gimp-2.6
2009-10-04 20:02 . 2009-10-04 20:02 -------- d-----w- c:\program files\GIMP-2.0
2009-10-04 16:55 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-04 16:55 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-04 16:54 . 2009-10-04 16:54 -------- d-----w- c:\program files\iPod
2009-10-04 16:54 . 2009-10-04 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-04 16:54 . 2009-10-04 16:55 -------- d-----w- c:\program files\iTunes
2009-10-04 16:54 . 2009-10-04 16:54 -------- d-----w- c:\program files\Bonjour
2009-10-04 16:54 . 2009-10-04 16:54 -------- d-----w- c:\program files\QuickTime
2009-10-04 16:54 . 2009-10-04 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-04 16:53 . 2009-10-04 16:53 -------- d-----w- c:\program files\Apple Software Update
2009-10-04 16:53 . 2009-10-04 16:54 -------- d-----w- c:\program files\Common Files\Apple
2009-10-04 16:53 . 2009-10-04 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-04 09:45 . 2008-04-14 07:15 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-10-04 09:42 . 2009-10-04 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-10-04 09:42 . 2009-10-09 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-10-04 09:40 . 2009-10-04 09:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-04 09:39 . 2009-10-04 09:39 -------- d-----w- c:\program files\Broadcom
2009-10-04 09:38 . 2009-10-04 10:49 -------- d-----w- c:\program files\Dell
2009-10-04 09:38 . 2005-07-08 21:19 666 ----a-w- c:\windows\speed.reg
2009-10-04 09:37 . 2009-10-09 03:32 -------- d-----w- c:\program files\Intel
2009-10-04 09:37 . 2009-10-04 09:37 -------- d-----w- C:\dell
2009-10-04 09:35 . 2008-04-14 07:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 10:49 . 2009-10-04 09:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-04 09:41 . 2009-10-04 09:41 -------- d-----w- c:\program files\SigmaTel
2009-10-04 09:38 . 2009-10-04 09:38 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D520.MRK
2009-10-04 09:38 . 2009-10-04 09:38 5 ----a-w- c:\windows\system32\drivers\1028_DELL_LAT_D520.MRK
2009-10-03 05:11 . 2009-10-03 05:11 -------- d-----w- c:\program files\microsoft frontpage
2009-10-03 05:07 . 2009-10-03 05:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-03 05:06 . 2009-10-03 05:06 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-21 22:09 . 2009-09-21 22:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-08-05 09:01 . 2008-04-14 05:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-14 05:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2008-04-14 05:41 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-20 19:57 . 2009-07-20 19:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 19:56 . 2009-07-20 19:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 19:56 . 2009-07-20 19:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-17 19:01 . 2008-04-14 05:41 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TortoiseHgRpcServer"="c:\program files\TortoiseHg\thgtaskbar.exe" [2009-09-11 37376]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-09 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-11 2023704]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
Workspace Macro Pro Hotkeys.lnk - c:\program files\Workspace Macro Pro 6.0\WMPHotkeys.exe [2005-9-25 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-09 19:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/9/2009 2:19 PM 12552]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/9/2009 2:06 PM 114768]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/9/2009 2:18 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/9/2009 2:19 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/9/2009 2:06 PM 20560]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/9/2009 2:18 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/9/2009 2:18 PM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [10/9/2009 2:18 PM 1370488]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/9/2009 2:17 PM 29208]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [10/12/2009 2:08 PM 38528]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [10/12/2009 2:08 PM 54656]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [10/12/2009 2:08 PM 11520]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [10/12/2009 2:08 PM 54528]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [10/12/2009 2:08 PM 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [10/12/2009 2:08 PM 54656]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [10/12/2009 2:08 PM 54656]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/9/2009 2:17 PM 29208]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All by Gigaget - c:\program files\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\Giganology\Gigaget\geturl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\camster98\Application Data\Mozilla\Firefox\Profiles\naep4b2z.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\camster98\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 18:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(5000)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseHg\THgShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKEEPER.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-12 18:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 23:32

Pre-Run: 58,168,811,520 bytes free
Post-Run: 58,115,186,688 bytes free

416 --- E O F --- 2009-10-06 08:01
  • 0

#5
jwang01
Posted 13 October 2009 - 12:09 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


I see in your logs that you are running Multiple Anti-Virus programs.This acually can leave you more vulnerable to infection. It can also cause system slow downs, conflicts, and more. Please remove all but one of the following programs

Avast
AVG



Next



I see that you are running a P2P programs. P2P programs often come bundled with malware when you install them. Also some of the things you download can come with malware. This is the likely cause of your infection. So the following green programs are optional removals. You can remove them by going to the add/remove programs from inside the control panel.

uTorrent



Next



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::

Folder::

Registry::

Driver::

NetSvc::
BtwSrv


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




Next




Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.




Next



Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.



Next



Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply



Please post the logs of ComboFix, MBAM, and Kaspersky in your next reply
  • 0

#6
camster98
Posted 13 October 2009 - 12:12 PM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
i have installed different av software in attempts on my own to solve this problem i have to reinstall avast due to an error in the skin i usualy have avast and mbam as my anti virus and antispyware suite
  • 0

#7
jwang01
Posted 13 October 2009 - 12:18 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Ok. Go ahead and run the CF script, run a scan with MBAM, and do the online scanner with Kaspersky. Then post those reports back here.

Also, after doing all of that, let me know how you computer is running and if you are still getting redirects. :)
  • 0

#8
camster98
Posted 13 October 2009 - 12:47 PM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
ComboFix 09-10-13.01 - camster98 10/13/2009 13:37.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.932 [GMT -5:00]
Running from: c:\documents and settings\camster98\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\camster98\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091012-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-13 18:28 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-13 18:28 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-13 18:28 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-13 18:28 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-13 18:28 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-13 18:28 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-13 18:28 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-13 18:28 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-13 18:28 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-13 18:22 . 2009-10-13 18:22 -------- d-----w- c:\documents and settings\camster98\Application Data\BitDefender
2009-10-13 17:08 . 2009-10-13 17:08 110592 ----a-w- c:\windows\system32\bass.dll
2009-10-13 15:30 . 2009-10-13 15:40 -------- d-----w- c:\documents and settings\camster98\Application Data\FileZilla
2009-10-13 14:34 . 2009-10-13 14:34 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-10-13 14:32 . 2009-10-13 14:32 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-10-13 14:32 . 2009-10-13 14:32 16 ----a-w- c:\windows\system32\asdict.dat
2009-10-13 11:51 . 2009-10-13 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-10-13 11:51 . 2009-10-13 11:51 -------- d-----w- c:\program files\BitDefender
2009-10-13 11:49 . 2009-10-13 18:20 -------- d-----w- c:\program files\Common Files\BitDefender
2009-10-13 03:31 . 2009-10-13 03:31 -------- d--h--w- c:\windows\PIF
2009-10-13 02:01 . 2009-10-13 02:01 -------- d-----w- c:\documents and settings\camster98\Application Data\gtk-2.0
2009-10-13 02:01 . 2009-10-13 02:01 -------- d-----w- c:\documents and settings\camster98\.thumbnails
2009-10-12 21:34 . 2009-10-12 21:34 -------- d-----w- C:\VundoFix Backups
2009-10-12 19:04 . 2009-10-12 19:04 -------- d-----w- c:\windows\Sun
2009-10-10 21:06 . 2009-10-13 03:33 -------- d-----w- c:\windows\system32\LogFiles
2009-10-09 19:19 . 2009-10-09 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-10-09 17:00 . 2009-10-09 16:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 16:59 . 2009-10-09 16:59 -------- d-----w- c:\program files\Java
2009-10-09 15:20 . 2009-10-09 15:20 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-09 15:20 . 2009-10-09 15:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-09 15:16 . 2009-10-09 15:18 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-09 15:16 . 2009-10-09 15:17 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-10-09 14:45 . 2009-10-13 17:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-09 03:34 . 2009-10-09 03:34 -------- d-----w- c:\program files\DIFX
2009-10-09 03:34 . 2008-08-29 06:34 3632384 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-10-09 03:34 . 2008-06-20 17:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-10-09 03:34 . 2008-06-20 17:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2009-10-09 03:32 . 2009-10-09 03:32 -------- d-----w- c:\program files\Common Files\Intel
2009-10-07 22:07 . 2009-10-07 22:09 -------- d-----w- c:\documents and settings\camster98\Application Data\TortoiseHg
2009-10-07 22:06 . 2009-10-07 22:06 -------- d-----w- c:\documents and settings\camster98\Local Settings\Application Data\Adobe
2009-10-07 22:04 . 2009-10-07 22:05 -------- d--h--w- c:\program files\Zero G Registry
2009-10-07 21:57 . 2009-10-07 21:57 -------- d--h--w- c:\documents and settings\camster98\InstallAnywhere
2009-10-07 21:51 . 2009-10-07 21:51 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-10-07 21:51 . 2009-10-07 21:51 -------- d-----w- c:\program files\TortoiseHg
2009-10-07 21:38 . 2009-10-07 21:38 -------- d-----w- c:\program files\AskBarDis
2009-10-07 21:35 . 2009-10-07 21:35 -------- d-----w- c:\documents and settings\camster98\Application Data\Foxit
2009-10-07 21:35 . 2009-10-07 21:35 -------- d-----w- c:\program files\Foxit Software
2009-10-07 21:01 . 2009-10-07 21:01 -------- d-----w- c:\program files\Launch-n-Go
2009-10-07 20:56 . 2009-10-07 21:01 -------- d-----w- c:\program files\Workspace Macro Pro 6.0
2009-10-07 20:40 . 2009-10-08 11:36 -------- d-----w- c:\program files\Workspace Macro Pro 6.5
2009-10-07 18:57 . 2009-10-07 18:57 -------- d-----w- c:\windows\Performance
2009-10-07 18:56 . 2009-10-07 18:56 -------- d-----w- c:\documents and settings\camster98\Local Settings\Application Data\Microsoft Corporation
2009-10-07 18:32 . 2009-10-07 18:32 -------- d-----w- c:\program files\Trend Micro
2009-10-07 18:27 . 2009-10-07 18:27 -------- d-----w- c:\program files\Microsoft SDKs
2009-10-07 18:18 . 2009-10-10 17:00 -------- d-----w- c:\program files\VB Decompiler Lite
2009-10-07 18:16 . 2009-10-07 18:16 -------- d-----w- c:\documents and settings\camster98\Local Settings\Application Data\Help
2009-10-07 18:16 . 2009-10-07 18:33 -------- d-----w- c:\program files\WinHex
2009-10-07 14:31 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-10-07 14:31 . 2009-10-07 14:32 -------- d-----w- c:\program files\MagicDisc
2009-10-07 09:23 . 2009-10-07 16:39 149648 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-10-07 04:23 . 2009-10-07 16:39 -------- d-----w- c:\program files\COMODO
2009-10-07 03:23 . 2009-10-07 03:23 -------- d-----w- c:\program files\CCleaner
2009-10-07 03:15 . 2009-10-07 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-07 03:15 . 2009-10-13 18:26 -------- d-----w- c:\documents and settings\camster98\Application Data\SUPERAntiSpyware.com
2009-10-07 03:15 . 2009-10-13 18:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-06 14:51 . 2009-10-06 15:04 -------- d-----w- c:\program files\VirtualDJ
2009-10-06 14:47 . 2009-10-06 14:47 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-06 14:30 . 2009-10-06 14:30 -------- d-----w- c:\program files\Audacity
2009-10-06 14:30 . 2009-10-06 14:30 -------- d-----w- c:\program files\Lame for Audacity
2009-10-06 01:54 . 2009-10-06 02:41 -------- d-----w- c:\documents and settings\camster98\Application Data\dvdcss
2009-10-05 21:42 . 2009-10-05 21:42 -------- d-----w- c:\documents and settings\camster98\Application Data\Windows Search
2009-10-05 20:38 . 2009-10-05 20:38 -------- d-----w- c:\documents and settings\camster98\Application Data\Juce VST Host
2009-10-05 20:37 . 2009-10-05 20:37 -------- d-----w- c:\documents and settings\camster98\Application Data\Sawer
2009-10-05 20:36 . 2009-10-05 20:36 -------- d-----w- c:\documents and settings\camster98\Application Data\Hardcore
2009-10-05 18:37 . 2009-10-05 18:37 -------- d-----w- c:\documents and settings\camster98\Application Data\OpenCandy
2009-10-05 18:36 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-10-05 18:35 . 2009-10-05 18:38 -------- d-----w- c:\program files\VstPlugins
2009-10-05 18:35 . 2009-10-05 18:35 -------- d-----w- c:\program files\Outsim
2009-10-05 18:33 . 2009-10-05 18:38 -------- d-----w- c:\program files\Image-Line
2009-10-05 18:30 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-05 18:29 . 2009-10-05 18:29 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 18:28 . 2009-10-05 18:28 -------- d-----w- c:\program files\Microsoft.NET
2009-10-05 18:27 . 2009-10-13 17:00 -------- d-----w- C:\TDdownload
2009-10-05 18:26 . 2006-01-09 20:01 86016 ----a-w- c:\windows\system32\gigagetbho_v10.dll
2009-10-05 18:26 . 2009-10-05 18:26 -------- d-----w- c:\program files\Giganology
2009-10-05 18:23 . 2009-10-05 18:23 -------- d-----w- c:\windows\SHELLNEW
2009-10-05 18:22 . 2009-10-05 18:22 -------- d-----w- c:\documents and settings\camster98\Local Settings\Application Data\Microsoft Help
2009-10-05 18:22 . 2009-10-09 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-05 18:21 . 2009-10-05 18:21 -------- d-----r- C:\MSOCache
2009-10-05 17:01 . 2009-10-05 17:01 -------- d-----w- c:\windows\system32\Adobe
2009-10-05 16:17 . 2009-10-05 16:17 -------- d-----w- c:\documents and settings\camster98\Local Settings\Application Data\Yahoo!
2009-10-05 15:38 . 2009-10-11 21:07 -------- d-----w- c:\documents and settings\camster98\Application Data\Audacity
2009-10-05 15:37 . 2009-10-05 15:37 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-10-05 14:55 . 2009-10-06 03:43 -------- d-----w- c:\documents and settings\camster98\Application Data\vlc
2009-10-05 11:00 . 2009-10-05 11:02 -------- d-----w- c:\documents and settings\camster98\Local Settings\Application Data\ApplicationHistory
2009-10-05 05:40 . 2009-10-13 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-05 01:25 . 2009-10-05 01:25 -------- d-----w- c:\program files\ERUNT
2009-10-05 01:18 . 2009-10-05 06:16 -------- d-----w- c:\documents and settings\camster98\Application Data\Notepad++
2009-10-05 01:18 . 2009-10-05 01:18 -------- d-----w- c:\program files\Notepad++
2009-10-05 00:57 . 2009-10-05 01:03 -------- d-----w- c:\program files\Unlocker
2009-10-05 00:56 . 2009-10-05 00:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-05 00:13 . 2009-10-05 00:13 -------- d-----w- c:\program files\MagicISO
2009-10-04 23:00 . 2009-10-04 23:19 -------- d-----w- c:\documents and settings\camster98\Application Data\TeamViewer
2009-10-04 23:00 . 2009-10-04 23:00 -------- d-----w- c:\program files\TeamViewer
2009-10-04 22:55 . 2009-10-04 22:55 -------- d-----w- c:\documents and settings\camster98\temp
2009-10-04 22:04 . 2009-10-04 22:04 -------- d-----w- c:\program files\VideoLAN
2009-10-04 20:04 . 2009-10-13 01:59 -------- d-----w- c:\documents and settings\camster98\.gimp-2.6
2009-10-04 20:02 . 2009-10-04 20:02 -------- d-----w- c:\program files\GIMP-2.0
2009-10-04 17:01 . 2009-10-07 11:14 28256 ----a-w- c:\documents and settings\camster98\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-04 16:55 . 2009-10-04 17:02 -------- d-----w- c:\documents and settings\camster98\Application Data\Apple Computer
2009-10-04 16:55 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-04 16:55 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-04 16:54 . 2009-10-04 16:54 -------- d-----w- c:\program files\iPod
2009-10-04 16:54 . 2009-10-04 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-04 16:54 . 2009-10-04 16:55 -------- d-----w- c:\program files\iTunes
2009-10-04 16:54 . 2009-10-04 16:54 -------- d-----w- c:\program files\Bonjour
2009-10-04 16:54 . 2009-10-04 16:54 -------- d-----w- c:\program files\QuickTime
2009-10-04 16:54 . 2009-10-04 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-04 16:53 . 2009-10-04 16:53 -------- d-----w- c:\documents and settings\camster98\Local Settings\Application Data\Apple
2009-10-04 16:53 . 2009-10-04 16:53 -------- d-----w- c:\program files\Apple Software Update
2009-10-04 16:53 . 2009-10-04 16:54 -------- d-----w- c:\program files\Common Files\Apple
2009-10-04 16:53 . 2009-10-04 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-04 16:52 . 2009-10-04 17:02 -------- d-----w- c:\documents and settings\camster98\Local Settings\Application Data\Apple Computer
2009-10-04 09:45 . 2008-04-14 07:15 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-10-04 09:42 . 2009-10-04 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-10-04 09:42 . 2009-10-09 03:33 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 02:06 . 2009-10-13 02:05 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-04 10:49 . 2009-10-04 10:49 -------- d-----w- c:\documents and settings\camster98\Application Data\Dell
2009-10-04 10:49 . 2009-10-04 09:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-04 09:41 . 2009-10-04 09:41 -------- d-----w- c:\program files\SigmaTel
2009-10-04 09:38 . 2009-10-04 09:38 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D520.MRK
2009-10-04 09:38 . 2009-10-04 09:38 5 ----a-w- c:\windows\system32\drivers\1028_DELL_LAT_D520.MRK
2009-10-03 05:11 . 2009-10-03 05:11 -------- d-----w- c:\program files\microsoft frontpage
2009-10-03 05:07 . 2009-10-03 05:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-03 05:06 . 2009-10-03 05:06 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-05 09:01 . 2008-04-14 05:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-14 05:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2008-04-14 05:41 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2008-04-14 05:41 58880 ----a-w- c:\windows\system32\atl.dll
2009-09-14 03:10 . 2009-10-13 14:29 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_23.27.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 18:42 . 2009-10-13 18:42 16384 c:\windows\Temp\Perflib_Perfdata_8e4.dat
+ 2009-10-13 18:41 . 2009-10-13 18:41 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
+ 2009-10-13 18:41 . 2009-10-13 18:41 16384 c:\windows\Temp\Perflib_Perfdata_340.dat
+ 2001-08-23 12:00 . 2009-10-13 18:35 78458 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-10-12 23:25 78458 c:\windows\system32\perfc009.dat
+ 2002-01-05 08:38 . 2002-01-05 08:38 54784 c:\windows\system32\msvci70.dll
+ 2009-10-13 17:06 . 2009-10-13 17:06 36608 c:\windows\system32\BASSMOD.DLL
- 2001-08-23 12:00 . 2009-10-12 23:25 462296 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2009-10-13 18:35 462296 c:\windows\system32\perfh009.dat
- 2009-10-03 21:21 . 2003-02-21 03:42 348160 c:\windows\system32\MSVCR71.dll
+ 2003-02-21 09:42 . 2003-02-21 09:42 348160 c:\windows\system32\msvcr71.dll
+ 2002-01-05 07:37 . 2002-01-05 07:37 344064 c:\windows\system32\msvcr70.dll
+ 2003-03-19 01:14 . 2003-03-19 01:14 499712 c:\windows\system32\msvcp71.dll
- 2009-10-03 21:21 . 2003-03-18 19:14 499712 c:\windows\system32\MSVCP71.dll
+ 2002-01-05 08:40 . 2002-01-05 08:40 487424 c:\windows\system32\msvcp70.dll
+ 2002-01-05 08:36 . 2002-01-05 08:36 964608 c:\windows\system32\mfc70u.dll
+ 2002-01-05 08:48 . 2002-01-05 08:48 974848 c:\windows\system32\mfc70.dll
+ 2004-03-31 18:28 . 2004-03-31 18:28 131072 c:\windows\system32\mapi32.dll
+ 2007-04-11 16:11 . 2007-04-11 16:11 511328 c:\windows\system32\capicom.dll
+ 2009-10-13 14:29 . 2009-10-13 14:29 184320 c:\windows\ERDNT\AutoBackup\10-13-2009\Users\00000002\UsrClass.dat
+ 2009-10-13 14:29 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-13-2009\ERDNT.EXE
+ 2003-03-19 02:12 . 2003-03-19 02:12 1047552 c:\windows\system32\mfc71u.dll
+ 2003-03-19 02:20 . 2003-03-19 02:20 1060864 c:\windows\system32\mfc71.dll
- 2009-10-03 21:21 . 2003-03-18 20:20 1060864 c:\windows\system32\MFC71.dll
+ 2009-10-13 14:29 . 2009-10-13 14:29 2011136 c:\windows\ERDNT\AutoBackup\10-13-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TortoiseHgRpcServer"="c:\program files\TortoiseHg\thgtaskbar.exe" [2009-09-11 37376]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-09 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

c:\documents and settings\camster98\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-10-7 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/13/2009 1:28 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/13/2009 1:28 PM 20560]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys --> c:\windows\system32\DRIVERS\ATMFBUS.sys [?]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys --> c:\windows\system32\DRIVERS\ATMFCVsp.sys [?]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys --> c:\windows\system32\DRIVERS\ATMFFLT.sys [?]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys --> c:\windows\system32\DRIVERS\ATMFMdm.sys [?]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys --> c:\windows\system32\DRIVERS\ATMFNET.sys [?]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys --> c:\windows\system32\DRIVERS\ATMFNVsp.sys [?]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys --> c:\windows\system32\DRIVERS\ATMFVsp.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All by Gigaget - c:\program files\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\Giganology\Gigaget\geturl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\camster98\Application Data\Mozilla\Firefox\Profiles\naep4b2z.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\camster98\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-SITEguard - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 13:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(736)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseHg\THgShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKEEPER.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-10-13 13:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 18:45
ComboFix2.txt 2009-10-12 23:32

Pre-Run: 57,397,059,584 bytes free
Post-Run: 57,409,912,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

369 --- E O F --- 2009-10-06 08:01
  • 0

#9
camster98
Posted 13 October 2009 - 12:52 PM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Malwarebytes' Anti-Malware 1.41
Database version: 2955
Windows 5.1.2600 Service Pack 3

10/13/2009 1:51:01 PM
mbam-log-2009-10-13 (13-51-01).txt

Scan type: Quick Scan
Objects scanned: 92307
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
camster98
Posted 13 October 2009 - 02:47 PM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
about to start scanning with kaspersky. deleted some files i dident want first some old games stuff like that
  • 0

Advertisements

#11
jwang01
Posted 13 October 2009 - 02:55 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Ok, sounds good. Just to give you the heads up, that scanner can take some time to complete. :)
  • 0

#12
camster98
Posted 13 October 2009 - 02:58 PM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
yah only at 6 precent i got avast scanning on a system across me on a boot time scan. its running laps around this thing. stupid friend messed his pc got some minor spyware on it. nothing avast cant kill.
  • 0

#13
camster98
Posted 13 October 2009 - 04:42 PM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
finished scanning
Computers running fine. redirect is gone
thanks for the help.

Attached Files


Edited by camster98, 13 October 2009 - 04:44 PM.

  • 0

#14
jwang01
Posted 14 October 2009 - 07:10 AM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Services

:Reg

:Files
c:\windows\system32\rezumatenoi.dat
c:\windows\system32\asdict.dat
c:\windows\system32\aspdict-en.dat

:Commands
[purity]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Next



Please open up OTL and run a Quick Scan and post the log it produces in your next reply.
  • 0

#15
camster98
Posted 14 October 2009 - 07:20 AM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\rezumatenoi.dat moved successfully.
c:\windows\system32\asdict.dat moved successfully.
c:\windows\system32\aspdict-en.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: camster98
->Temp folder emptied: 85058400 bytes
->Temporary Internet Files folder emptied: 1207861 bytes
->Java cache emptied: 287993 bytes
->FireFox cache emptied: 64115937 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 23400960 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_734.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 2920701 bytes
RecycleBin emptied: 313543494 bytes

Total Files Cleaned = 467.94 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10142009_081231

Files moved on Reboot...
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_734.dat moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 10/14/2009 8:17:21 AM - Run 3
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\camster98\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 54.25% Memory free
3.34 Gb Paging File | 2.73 Gb Available in Paging File | 81.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 52.93 Gb Free Space | 71.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 2.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAMERON-CAF0EDC
Current User Name: camster98
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/14 08:17:13 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camster98\Desktop\OTL.exe
PRC - [2009/10/09 11:59:57 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/09 11:59:57 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:08 | 10,309,408 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/15 05:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/10 20:53:48 | 00,037,376 | ---- | M] () -- C:\Program Files\TortoiseHg\thgtaskbar.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/24 15:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/20 16:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 16:28:34 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
PRC - [2008/08/20 16:27:36 | 01,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 16:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 16:09:12 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 16:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/25 13:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/05/27 00:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/01 23:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 00:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/14 00:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/07/20 18:55:46 | 01,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/10 12:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/03/30 22:00:16 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2007/03/30 21:59:36 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2007/03/30 21:59:26 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2001/08/23 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/09 11:59:57 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/08/17 13:01:44 | 00,099,176 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe -- (SandraAgentSrv [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/08/20 16:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/08/20 16:28:34 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2008/08/20 16:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2008/08/20 16:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2008/07/29 23:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 21:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 21:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 13:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2008/07/25 13:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/14 00:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.07
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.1.07282009_url_fix
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20090630
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/03 23:17:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/09 11:59:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/13 09:29:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/09 12:00:05 | 00,000,000 | ---D | M]

[2009/10/03 16:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Extensions
[2009/10/03 16:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/13 11:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions
[2009/10/09 14:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/10/06 20:21:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/10/03 16:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/09 14:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/03 16:32:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/07 16:38:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/10/03 16:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\FasterFox_Lite@BigRedBrent
[2009/10/03 16:32:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\[email protected]
[2009/10/03 16:38:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\[email protected]
[2009/10/03 16:39:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\SkipScreen@SkipScreen
[2009/10/03 16:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\mozilla\Firefox\Profiles\naep4b2z.default\extensions\[email protected]
[2009/10/13 11:07:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/03 16:01:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/09 12:00:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 15:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 15:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/13 22:10:06 | 00,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/10/09 11:59:57 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/10/07 16:34:59 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/08/24 15:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/10/04 11:54:30 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/04 11:54:30 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/04 11:54:30 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/04 11:54:30 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/04 11:54:31 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/04 11:54:31 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/04 11:54:31 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/10/09 14:22:19 | 00,001,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (GigagetIEHelper Class) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll (Giganology Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TortoiseHgRpcServer] C:\Program Files\TortoiseHg\thgtaskbar.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\camster98\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\camster98\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm ()
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254603245274 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.17.31.135 172.17.31.136
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 00:10:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/03 21:52:23 | 00,729,088 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/11/03 21:52:23 | 00,729,088 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/10/14 00:02:16 | 00,585,728 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2005/11/03 22:22:30 | 00,000,160 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/02 16:56:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/10/04 11:54:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/07 17:06:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/04 11:53:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/10/04 11:54:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/10/13 06:51:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/10/09 14:19:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/10/04 04:42:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/10/03 16:26:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/02 16:56:57 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/10/05 13:22:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/10/05 00:40:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/10/03 17:18:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/10/06 22:15:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/03 16:00:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/03 23:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/10/03 17:18:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZILLAbar
[2009/10/03 00:20:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\camster98\Application Data
[2009/10/03 16:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Adobe
[2009/10/04 11:55:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Apple Computer
[2009/10/05 10:38:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Audacity
[2009/10/13 13:22:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\BitDefender
[2009/10/04 05:49:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Dell
[2009/10/05 20:54:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\dvdcss
[2009/10/13 10:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\FileZilla
[2009/10/07 16:35:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Foxit
[2009/10/12 21:01:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\gtk-2.0
[2009/10/05 15:36:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Hardcore
[2009/10/07 13:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Help
[2009/10/03 00:20:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Identities
[2009/10/04 04:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\InstallShield
[2009/10/04 04:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Intel
[2009/10/05 15:38:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Juce VST Host
[2009/10/03 16:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Macromedia
[2009/10/03 16:26:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Malwarebytes
[2009/10/03 00:20:12 | 00,000,000 | --SD | C] -- C:\Documents and Settings\camster98\Application Data\Microsoft
[2009/10/03 16:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Mozilla
[2009/10/04 20:18:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Notepad++
[2009/10/05 13:37:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\OpenCandy
[2009/10/05 15:37:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Sawer
[2009/10/03 16:44:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\STOPzilla!
[2009/10/09 10:33:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Sun
[2009/10/06 22:15:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\SUPERAntiSpyware.com
[2009/10/14 07:56:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\SystemRequirementsLab
[2009/10/04 18:00:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\TeamViewer
[2009/10/07 17:07:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\TortoiseHg
[2009/10/05 09:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\vlc
[2009/10/03 16:20:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Windows Desktop Search
[2009/10/05 16:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\Windows Search
[2009/10/03 16:28:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\WinRAR
[2009/10/04 01:39:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Application Data\YTK Enhanced
[2009/10/03 00:20:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data
[2009/10/07 17:06:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Adobe
[2009/10/04 11:53:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Apple
[2009/10/04 11:52:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Apple Computer
[2009/10/05 06:00:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\ApplicationHistory
[2009/10/07 13:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Help
[2009/10/03 16:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Identities
[2009/10/03 00:20:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Microsoft
[2009/10/07 13:56:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Microsoft Corporation
[2009/10/05 13:22:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Microsoft Help
[2009/10/03 16:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Mozilla
[2009/10/04 01:44:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Yahoo
[2009/10/05 11:17:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Local Settings\Application Data\Yahoo!
[2009/10/02 16:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/10/04 11:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/13 06:49:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/10/05 13:28:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/10/04 04:40:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/10/08 22:32:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2009/10/03 17:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/10/09 10:16:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/10/02 16:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/10/03 00:08:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/10/02 16:57:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/10/03 00:08:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/10/02 16:57:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/10/03 00:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/10/07 16:51:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2009/10/02 16:57:50 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/10/07 17:04:06 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/10/03 16:21:25 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/10/04 11:53:42 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/07 16:38:12 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/10/06 09:30:13 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/10/05 10:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2009/10/13 06:51:26 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/10/04 11:54:37 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/04 04:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2009/10/06 22:23:12 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/02 16:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/10/06 23:23:32 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/10/03 00:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/10/04 04:38:43 | 00,000,000 | ---D | C] -- C:\Program Files\Dell
[2009/10/08 22:34:46 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/10/04 20:25:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/06 09:47:43 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/10/07 16:35:06 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009/10/05 13:26:13 | 00,000,000 | ---D | C] -- C:\Program Files\Giganology
[2009/10/04 15:02:05 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2009/10/05 13:33:39 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2009/10/04 04:41:07 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/04 04:37:48 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/10/03 00:07:36 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/10/04 11:54:58 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/04 11:54:55 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/09 11:59:55 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/10/06 09:30:04 | 00,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2009/10/07 16:01:27 | 00,000,000 | ---D | C] -- C:\Program Files\Launch-n-Go
[2009/10/07 09:31:46 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2009/10/04 19:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/10/03 16:26:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/03 00:06:24 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/10/03 00:11:19 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/10/05 13:22:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/10/07 13:27:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/10/09 10:20:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/10/09 10:20:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/10/09 10:16:49 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/10/05 13:29:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/10/05 13:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/10/03 00:08:24 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/10/03 16:01:57 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/03 16:25:57 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/03 00:05:33 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/10/03 00:06:20 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/10/03 00:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/10/04 20:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2009/10/03 00:06:42 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/10/03 00:07:48 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/10/05 13:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/10/04 11:54:07 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/03 16:25:52 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/03 16:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2009/10/04 04:41:07 | 00,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2009/10/14 08:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2009/10/03 16:44:04 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/10/06 22:15:32 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/14 07:56:38 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/10/04 18:00:04 | 00,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2009/10/07 16:51:34 | 00,000,000 | ---D | C] -- C:\Program Files\TortoiseHg
[2009/10/07 13:32:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/03 00:20:19 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/10/04 19:57:23 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/10/07 13:18:57 | 00,000,000 | ---D | C] -- C:\Program Files\VB Decompiler Lite
[2009/10/04 17:04:57 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/10/06 09:51:25 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2009/10/05 13:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2009/10/03 16:19:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/10/03 00:06:28 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/10/03 00:06:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/10/03 00:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/10/03 00:09:30 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/10/07 13:16:00 | 00,000,000 | ---D | C] -- C:\Program Files\WinHex
[2009/10/03 16:28:37 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/07 15:56:27 | 00,000,000 | ---D | C] -- C:\Program Files\Workspace Macro Pro 6.0
[2009/10/07 15:40:06 | 00,000,000 | ---D | C] -- C:\Program Files\Workspace Macro Pro 6.5
[2009/10/03 00:11:19 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/10/03 23:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/10/07 17:04:06 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2009/10/14 08:17:13 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\camster98\Desktop\OTL.exe
[2009/10/14 08:12:31 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/14 08:10:54 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\camster98\Desktop\OTM.exe
[2009/10/14 08:02:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/10/14 08:02:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Desktop\rzr-cd4
[2009/10/14 08:02:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Desktop\rzr-chip3
[2009/10/14 07:50:13 | 21,860,128 | ---- | C] (SiSoftware ) -- C:\Documents and Settings\camster98\My Documents\san15124.exe
[2009/10/14 07:41:13 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/13 13:52:56 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/13 13:37:02 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/13 13:28:37 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/13 13:28:36 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/13 13:28:35 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/13 13:28:33 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/13 13:28:33 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/13 13:28:33 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/13 13:28:32 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/13 13:28:32 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/13 13:28:11 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/10/13 13:13:05 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\camster98\Desktop\avast_home_setup.exe
[2009/10/13 12:03:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Desktop\razor1911
[2009/10/13 12:01:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Desktop\ao20-w32
[2009/10/12 22:34:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/12 22:31:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/10/12 17:34:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/12 17:34:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/12 17:34:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/12 17:34:34 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/12 17:27:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/12 16:34:49 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/10/12 14:04:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/10/10 16:06:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/10/09 10:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\Visual Studio 2008
[2009/10/08 23:06:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/10/08 22:40:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Desktop\Copy of cotts
[2009/10/07 17:09:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe
[2009/10/07 17:07:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Desktop\evobot
[2009/10/07 17:05:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\Flex Builder 3
[2009/10/07 15:46:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\Workspace Macro Pro
[2009/10/07 15:46:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\Launch-n-Go
[2009/10/07 13:57:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2009/10/07 09:31:47 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2009/10/07 09:24:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\hjsplit
[2009/10/06 09:51:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\VirtualDJ
[2009/10/06 09:20:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\Desktop\abc
[2009/10/05 13:36:00 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2009/10/05 13:35:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\Image-Line
[2009/10/05 13:27:00 | 00,000,000 | ---D | C] -- C:\TDdownload
[2009/10/05 13:26:18 | 00,086,016 | ---- | C] (Giganology Inc.) -- C:\WINDOWS\System32\gigagetbho_v10.dll
[2009/10/05 13:23:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/10/05 13:21:57 | 00,000,000 | R--D | C] -- C:\MSOCache
[2009/10/05 12:01:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/10/04 20:26:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/04 15:54:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\camerons documents
[2009/10/04 15:04:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\gegl-0.0
[2009/10/04 05:49:40 | 00,016,128 | ---- | C] (Dell Inc) -- C:\WINDOWS\System32\drivers\APPDRV.SYS
[2009/10/04 05:49:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/10/04 05:49:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/10/04 05:49:02 | 00,000,000 | ---D | C] -- C:\Intel
[2009/10/04 04:41:08 | 00,146,944 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st325602.dll
[2009/10/04 04:37:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/04 04:37:05 | 00,000,000 | ---D | C] -- C:\dell
[2009/10/03 23:16:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2009/10/03 23:15:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/10/03 16:35:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/03 16:34:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/10/03 16:33:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/03 16:26:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/03 16:26:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/03 16:26:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/03 16:25:30 | 00,000,000 | ---D | C] -- C:\d02976ceb65ce766ee
[2009/10/03 16:24:57 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/10/03 16:24:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/10/03 16:19:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/03 16:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\TagsRevisited
[2009/10/03 16:04:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\camster98\My Documents\Downloads
[2009/10/03 16:00:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/10/03 16:00:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/10/03 15:53:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/10/03 00:20:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\camster98\My Documents\My Pictures
[2009/10/03 00:20:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\camster98\My Documents\My Music
[2009/10/03 00:19:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/10/03 00:19:26 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/10/03 00:19:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/03 00:13:09 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/10/03 00:13:09 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/10/03 00:13:09 | 00,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/10/03 00:12:02 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/10/03 00:12:02 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/10/03 00:12:02 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/10/03 00:11:50 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/10/03 00:11:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/10/03 00:09:42 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/10/03 00:09:42 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/10/03 00:09:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/10/03 00:08:40 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/10/03 00:08:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/10/03 00:08:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/10/03 00:07:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/10/03 00:07:35 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/10/03 00:06:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/10/03 00:05:32 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2009/10/03 00:05:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/10/03 00:05:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/10/03 00:05:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/10/03 00:05:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/10/02 16:58:20 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/10/02 16:57:56 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/10/02 16:57:50 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/10/02 16:57:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/10/02 16:57:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/10/02 16:56:31 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/10/02 16:56:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/10/02 16:49:38 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/10/02 16:49:38 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/10/02 16:49:38 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/10/02 16:49:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/10/02 16:49:38 | 00,000,000 | ---D | C] -- C:\WINDOWS

========== Files - Modified Within 14 Days ==========

[2009/10/14 08:18:29 | 00,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 08:18:29 | 00,462,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 08:18:29 | 00,078,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 08:17:13 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camster98\Desktop\OTL.exe
[2009/10/14 08:14:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/14 08:13:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/14 08:13:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/14 08:12:14 | 00,001,022 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SiSoftware Sandra Lite 2009.SP4.lnk
[2009/10/14 08:10:55 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camster98\Desktop\OTM.exe
[2009/10/14 07:50:25 | 21,860,128 | ---- | M] (SiSoftware ) -- C:\Documents and Settings\camster98\My Documents\san15124.exe
[2009/10/14 07:39:40 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 17:40:59 | 00,002,910 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\report.html
[2009/10/13 16:49:20 | 02,485,827 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\trippy.mp3
[2009/10/13 16:42:17 | 00,135,518 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\1255469716050.jpg
[2009/10/13 15:03:49 | 01,015,439 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\rzr-cd4.zip
[2009/10/13 15:02:17 | 00,819,130 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\rzr-chip3.zip
[2009/10/13 14:57:31 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/13 14:22:30 | 00,134,765 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\794px-Winter_2004_DreamHack_LAN_Party.jpg
[2009/10/13 13:42:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/13 13:41:55 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/13 13:37:06 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/13 13:28:37 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/13 13:28:33 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/13 13:13:06 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\camster98\Desktop\avast_home_setup.exe
[2009/10/13 13:06:48 | 00,041,905 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\IMG_0066.sized.jpg
[2009/10/13 12:08:37 | 00,110,592 | ---- | M] () -- C:\WINDOWS\System32\bass.dll
[2009/10/13 12:06:40 | 00,036,608 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2009/10/13 11:52:11 | 00,094,603 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\amen.png
[2009/10/13 10:22:23 | 02,254,903 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\some [bleep].mp3
[2009/10/13 09:32:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_bl.sig
[2009/10/13 09:18:26 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/10/12 21:06:39 | 00,000,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/10/12 20:59:44 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\Allow the user to specify n.doc
[2009/10/12 20:59:24 | 00,020,578 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\1255397552246.jpg
[2009/10/12 16:39:35 | 00,000,876 | ---- | M] () -- C:\WINDOWS\sms.db
[2009/10/11 12:54:28 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/10 09:18:12 | 00,003,430 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\cc_20091010_091806.reg
[2009/10/09 09:16:55 | 00,003,346 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\cc_20091009_091634.reg
[2009/10/07 16:35:07 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2009/10/07 15:56:31 | 00,000,762 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\Workspace Macro Pro 6.0.lnk
[2009/10/07 13:32:58 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\HijackThis.lnk
[2009/10/07 11:39:19 | 00,149,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/10/07 09:31:59 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\camster98\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/10/07 09:31:59 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\MagicDisc.lnk
[2009/10/07 06:14:54 | 00,028,256 | ---- | M] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/07 04:23:11 | 00,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/06 22:23:12 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\CCleaner.lnk
[2009/10/05 14:04:28 | 00,000,574 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\pm2.rtf
[2009/10/05 14:04:27 | 00,000,546 | ---- | M] () -- C:\Documents and Settings\camster98\My Documents\pm.rtf
[2009/10/05 13:35:53 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\FL Studio 9.lnk
[2009/10/05 13:26:15 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\Gigaget.lnk
[2009/10/05 10:37:47 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2009/10/05 01:20:47 | 05,877,236 | -H-- | M] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\IconCache.db
[2009/10/04 23:10:47 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/04 20:25:59 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\camster98\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/04 20:25:57 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\NTREGOPT.lnk
[2009/10/04 20:25:57 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\ERUNT.lnk
[2009/10/04 20:18:33 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2009/10/04 19:44:12 | 00,000,034 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/04 19:13:52 | 00,001,486 | ---- | M] () -- C:\Documents and Settings\camster98\Desktop\MagicISO.lnk
[2009/10/04 18:00:06 | 00,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/10/04 17:05:19 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/10/04 15:02:26 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2009/10/04 11:54:22 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/04 11:53:45 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/04 04:38:48 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D520.MRK
[2009/10/04 04:38:48 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_LAT_D520.MRK
[2009/10/03 23:18:55 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/10/03 16:26:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/03 16:19:52 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/03 16:02:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/10/03 16:02:00 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/03 00:14:34 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/03 00:13:49 | 00,000,283 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/03 00:10:58 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/03 00:10:58 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/03 00:10:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/10/03 00:10:58 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/03 00:10:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/03 00:10:55 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/03 00:10:50 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/03 00:10:50 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/03 00:10:49 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/03 00:10:39 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 00:09:42 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/03 00:09:42 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/03 00:07:09 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 00:06:55 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/10/03 00:06:55 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/10/03 00:02:11 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/02 16:58:01 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

========== Files - No Company Name ==========
[2009/10/14 08:12:14 | 00,001,022 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SiSoftware Sandra Lite 2009.SP4.lnk
[2009/10/14 08:12:09 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/10/14 07:36:44 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 17:40:59 | 00,002,910 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\report.html
[2009/10/13 16:48:10 | 02,485,827 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\trippy.mp3
[2009/10/13 16:42:16 | 00,135,518 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\1255469716050.jpg
[2009/10/13 15:03:41 | 01,015,439 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\rzr-cd4.zip
[2009/10/13 15:02:10 | 00,819,130 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\rzr-chip3.zip
[2009/10/13 14:22:29 | 00,134,765 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\794px-Winter_2004_DreamHack_LAN_Party.jpg
[2009/10/13 13:37:06 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/13 13:37:03 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/13 13:28:37 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/13 13:28:11 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/10/13 13:06:48 | 00,041,905 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\IMG_0066.sized.jpg
[2009/10/13 12:08:37 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2009/10/13 12:06:40 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2009/10/13 11:52:10 | 00,094,603 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\amen.png
[2009/10/13 09:32:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_bl.sig
[2009/10/13 09:18:26 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/10/12 21:05:38 | 00,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/10/12 20:59:40 | 00,053,248 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\Allow the user to specify n.doc
[2009/10/12 20:59:23 | 00,020,578 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\1255397552246.jpg
[2009/10/12 17:34:34 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/12 17:34:34 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/12 17:34:34 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/12 17:34:34 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/12 14:09:27 | 00,000,876 | ---- | C] () -- C:\WINDOWS\sms.db
[2009/10/10 09:18:09 | 00,003,430 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\cc_20091010_091806.reg
[2009/10/09 09:45:02 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/09 09:16:37 | 00,003,346 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\cc_20091009_091634.reg
[2009/10/07 16:35:07 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2009/10/07 15:56:31 | 00,000,762 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\Workspace Macro Pro 6.0.lnk
[2009/10/07 13:32:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\HijackThis.lnk
[2009/10/07 09:31:59 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\camster98\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/10/07 09:31:59 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\MagicDisc.lnk
[2009/10/07 04:23:03 | 00,149,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/10/06 22:23:12 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\CCleaner.lnk
[2009/10/06 15:32:35 | 02,254,903 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\some [bleep].mp3
[2009/10/05 14:04:28 | 00,000,574 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\pm2.rtf
[2009/10/05 14:04:24 | 00,000,546 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\pm.rtf
[2009/10/05 13:35:52 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\FL Studio 9.lnk
[2009/10/05 13:26:15 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\Gigaget.lnk
[2009/10/05 10:38:38 | 04,057,299 | ---- | C] () -- C:\Documents and Settings\camster98\My Documents\4Front Bass Module.dll
[2009/10/05 10:37:47 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2009/10/04 23:10:46 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/04 20:25:59 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\camster98\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/04 20:25:57 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\NTREGOPT.lnk
[2009/10/04 20:25:57 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\ERUNT.lnk
[2009/10/04 20:18:33 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2009/10/04 19:44:12 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/04 19:13:52 | 00,001,486 | ---- | C] () -- C:\Documents and Settings\camster98\Desktop\MagicISO.lnk
[2009/10/04 18:00:06 | 00,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/10/04 17:05:19 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/10/04 15:02:26 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2009/10/04 12:01:57 | 00,028,256 | ---- | C] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/04 11:55:41 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/04 11:54:22 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/04 11:53:45 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/04 05:49:09 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/10/04 05:49:09 | 00,025,472 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2009/10/04 05:49:09 | 00,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2009/10/04 05:49:07 | 00,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2009/10/04 05:49:07 | 00,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2009/10/04 04:38:48 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D520.MRK
[2009/10/04 04:38:48 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_LAT_D520.MRK
[2009/10/04 04:38:43 | 00,000,666 | ---- | C] () -- C:\WINDOWS\speed.reg
[2009/10/03 23:18:55 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/10/03 16:26:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/03 16:19:52 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/03 16:02:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/03 16:02:00 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/03 00:34:01 | 05,877,236 | -H-- | C] () -- C:\Documents and Settings\camster98\Local Settings\Application Data\IconCache.db
[2009/10/03 00:20:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\camster98\Application Data\desktop.ini
[2009/10/03 00:19:26 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/03 00:14:34 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/03 00:13:49 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 00:13:33 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/10/03 00:13:04 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/10/03 00:13:03 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/10/03 00:13:02 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/10/03 00:12:42 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/10/03 00:12:41 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/10/03 00:12:35 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/10/03 00:12:34 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/10/03 00:12:31 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/10/03 00:12:16 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/10/03 00:12:09 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/10/03 00:12:05 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/10/03 00:11:53 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/10/03 00:11:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/10/03 00:11:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/10/03 00:11:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/10/03 00:11:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/10/03 00:11:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/10/03 00:11:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/10/03 00:11:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/10/03 00:11:48 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/10/03 00:11:48 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/10/03 00:11:48 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/10/03 00:11:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/10/03 00:11:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/10/03 00:11:46 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/10/03 00:11:46 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/10/03 00:11:46 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/10/03 00:11:46 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/10/03 00:11:46 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/10/03 00:11:46 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/10/03 00:11:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/10/03 00:11:45 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/10/03 00:11:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/10/03 00:11:44 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/10/03 00:11:44 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/10/03 00:11:44 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/10/03 00:11:44 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/10/03 00:11:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/10/03 00:11:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/10/03 00:11:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/10/03 00:11:43 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/10/03 00:11:43 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/10/03 00:10:58 | 00,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/03 00:10:58 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/10/03 00:10:58 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/10/03 00:10:58 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/10/03 00:10:58 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/10/03 00:10:50 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/03 00:10:50 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/03 00:10:49 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/03 00:09:42 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/03 00:09:42 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/03 00:09:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/03 00:09:15 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/10/03 00:08:52 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/10/03 00:08:52 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/10/03 00:08:46 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/10/03 00:07:59 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2009/10/03 00:07:09 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 00:06:03 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/10/03 00:06:03 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/10/03 00:06:03 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/10/03 00:06:03 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/10/03 00:06:03 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/10/03 00:06:03 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/10/03 00:06:03 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/10/03 00:06:03 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/10/03 00:06:03 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/10/03 00:06:02 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/10/03 00:06:02 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/10/03 00:06:02 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/10/03 00:06:02 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/10/03 00:06:02 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/10/03 00:06:02 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/10/03 00:06:02 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/10/03 00:06:02 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/10/03 00:06:01 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/10/03 00:06:01 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/10/03 00:05:59 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/10/03 00:05:59 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/10/03 00:05:58 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/10/03 00:05:52 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/10/02 16:58:01 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2009/10/02 16:57:52 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/10/02 16:57:52 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/10/02 16:57:51 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/10/02 16:57:51 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/10/02 16:57:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/10/02 16:57:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/10/02 16:57:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009/10/02 16:57:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/10/02 16:57:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/10/02 16:57:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009/10/02 16:57:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/10/02 16:57:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/10/02 16:57:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/10/02 16:57:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009/10/02 16:57:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009/10/02 16:57:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/10/02 16:57:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/10/02 16:57:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/10/02 16:57:41 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009/10/02 16:57:41 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009/10/02 16:57:41 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/10/02 16:57:41 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/10/02 16:57:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/10/02 16:57:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/10/02 16:57:39 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009/10/02 16:57:39 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/10/02 16:57:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/10/02 16:57:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/10/02 16:57:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/10/02 16:57:33 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/10/02 16:57:19 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/10/02 16:57:18 | 00,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/10/02 16:57:18 | 00,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/10/02 16:57:18 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/10/02 16:57:18 | 00,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/10/02 16:57:18 | 00,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/10/02 16:57:18 | 00,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/10/02 16:57:18 | 00,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/10/02 16:57:18 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/10/02 16:57:18 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/10/02 16:57:18 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/10/02 16:57:17 | 01,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2009/10/02 16:57:17 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/10/02 16:57:17 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/10/02 16:57:17 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/10/02 16:57:17 | 00,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/10/02 16:57:17 | 00,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/10/02 16:57:17 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/10/02 16:57:17 | 00,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/10/02 16:57:16 | 02,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/10/02 16:57:16 | 00,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/10/02 16:56:30 | 00,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/02 16:55:44 | 00,000,281 | RHS- | C] () -- C:\boot.ini
[2009/10/02 16:55:39 | 00,000,283 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2007/09/27 12:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2001/08/23 07:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/14 08:12:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/04 11:55:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/13 13:20:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/10/09 14:19:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/10/08 22:32:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/10/12 22:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/10/12 22:31:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/10/04 02:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZILLAbar
[2009/10/14 07:56:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\camster98\Application Data
[2009/10/11 16:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Audacity
[2009/10/13 13:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\BitDefender
[2009/10/04 05:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Dell
[2009/10/05 21:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\dvdcss
[2009/10/13 10:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\FileZilla
[2009/10/07 16:35:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Foxit
[2009/10/12 21:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\gtk-2.0
[2009/10/05 15:36:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Hardcore
[2009/10/08 22:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Intel
[2009/10/05 15:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Juce VST Host
[2009/10/05 01:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Notepad++
[2009/10/05 13:37:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\OpenCandy
[2009/10/05 15:37:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Sawer
[2009/10/03 16:44:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\STOPzilla!
[2009/10/14 07:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\SystemRequirementsLab
[2009/10/04 18:19:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\TeamViewer
[2009/10/07 17:09:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\TortoiseHg
[2009/10/03 16:20:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Windows Desktop Search
[2009/10/05 16:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\Windows Search
[2009/10/04 01:40:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\camster98\Application Data\YTK Enhanced
[2009/10/04 11:53:45 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/08/23 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/14 08:13:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP