Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

broken.open plus 10 more malware

Started by jeff may , Jun 23 2010 11:36 PM

  • Please log in to reply

#1
jeff may
Posted 23 June 2010 - 11:36 PM

jeff may

    New Member

  • Member
  • Pip
  • 3 posts
This computer is slow enough as is. Kids keep getting it infected. Last few times, I used unhackme to clean until....BSODS, startup problems, etc. Just ran MBAM, GMER, and OTL on this machine. No more BSODs, seems to load faster. I waanted to check if this box is clean. Here are the logs. In no particular order:

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

6/24/2010 12:34:05 AM
mbam-log-2010-06-24 (00-34-05).txt

Scan type: Quick Scan
Objects scanned: 87928
Time elapsed: 15 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\WINNT\system32\13502.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINNT\system32\IRMONEX.del (Trojan.Proxy) -> Quarantined and deleted successfully.
D:\WINNT\system32\NWSAPAGENTEX.del (Trojan.Proxy) -> Quarantined and deleted successfully.
D:\WINNT\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINNT\system32\drmgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINNT\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINNT\system32\mstask.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\WINNT\system32\config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-24 01:11:58
Windows 5.0.2195 Service Pack 4
Running: gmer.exe; Driver: D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgairpod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----
OTL Extras logfile created on: 6/24/2010 12:56:16 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = D:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: | Country: | Language: | Date Format:

255.00 Mb Total Physical Memory | 134.00 Mb Available Physical Memory | 53.00% Memory free
614.00 Mb Paging File | 477.00 Mb Available in Paging File | 78.00% Paging File free
Paging file location(s): D:\pagefile.sys 384 768 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINNT | %ProgramFiles% = D:\Program Files
Drive C: | 5.67 Gb Total Space | 1.33 Gb Free Space | 23.53% Space Free | Partition Type: FAT32
Drive D: | 23.11 Gb Total Space | 2.30 Gb Free Space | 9.97% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 1.04 Gb Free Space | 27.84% Space Free | Partition Type: FAT32
Drive F: | 4.87 Gb Total Space | 1.07 Gb Free Space | 21.88% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3.77 Gb Total Space | 0.59 Gb Free Space | 15.55% Space Free | Partition Type: FAT32

Computer Name: SUNROOM-78A0008
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- Reg Error: Value error. File not found
.html [@ = Opera.HTML] -- D:\Program Files\Opera\opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- Reg Error: Value error.
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "D:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "D:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
http [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "D:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "D:\Program Files\Internet Explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro Trial
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D49D55D-9837-4E0E-AE3B-05C7BEC5CD1F}" = Opera 10.51
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C8310658-4019-4934-A7AC-AD1E35EDD8F5}" = CDRWIN 6.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}" = D-Link AirPlus
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GetDiz 3.0" = GetDiz 3.0
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"RegCure" = RegCure 1.5.0.0
"RegRun Security Suite_is1" = RegRun Security Suite Platinum
"SequoiaView" = SequoiaView
"Starcraft" = Starcraft
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"uTorrent" = µTorrent
"West_Point_Bridge_Designer_4.0.8" = West Point Bridge Designer 4.1.0
"WinRAR archiver" = WinRAR archiver
"WMP7" = Windows Media Player system update (9 Series)
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2010 8:19:06 PM | Computer Name = SUNROOM-78A0008 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "D:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 6/15/2010 8:26:51 PM | Computer Name = SUNROOM-78A0008 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "D:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 6/17/2010 1:23:50 PM | Computer Name = SUNROOM-78A0008 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "D:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 6/18/2010 3:42:05 AM | Computer Name = SUNROOM-78A0008 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "D:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 6/19/2010 9:32:47 PM | Computer Name = SUNROOM-78A0008 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "D:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 6/20/2010 12:54:08 PM | Computer Name = SUNROOM-78A0008 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "D:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 6/23/2010 1:52:25 PM | Computer Name = SUNROOM-78A0008 | Source = Ci | ID = 4124
Description = Content index on d:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 6/23/2010 1:52:25 PM | Computer Name = SUNROOM-78A0008 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on d:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 6/24/2010 1:02:15 AM | Computer Name = SUNROOM-78A0008 | Source = Ci | ID = 4124
Description = Content index on d:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 6/24/2010 1:02:15 AM | Computer Name = SUNROOM-78A0008 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on d:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

[ System Events ]
Error - 6/24/2010 12:43:17 AM | Computer Name = SUNROOM-78A0008 | Source = Service Control Manager | ID = 7031
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: No action.

Error - 6/24/2010 12:43:17 AM | Computer Name = SUNROOM-78A0008 | Source = Service Control Manager | ID = 7031
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
No action.

Error - 6/24/2010 12:43:17 AM | Computer Name = SUNROOM-78A0008 | Source = Service Control Manager | ID = 7031
Description = The Simple TCP/IP Services service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
No action.

Error - 6/24/2010 12:43:17 AM | Computer Name = SUNROOM-78A0008 | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: No
action.

Error - 6/24/2010 12:43:17 AM | Computer Name = SUNROOM-78A0008 | Source = Service Control Manager | ID = 7031
Description = The SNMP Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: No
action.

Error - 6/24/2010 12:43:18 AM | Computer Name = SUNROOM-78A0008 | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 6/24/2010 12:53:52 AM | Computer Name = SUNROOM-78A0008 | Source = Service Control Manager | ID = 7000
Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed
to start due to the following error: %%2

Error - 6/24/2010 12:54:04 AM | Computer Name = SUNROOM-78A0008 | Source = Server | ID = 2511
Description = The server service was unable to recreate the share My Documents because
the directory D:\Documents and Settings\me\My Documents no longer exists.

Error - 6/24/2010 12:54:04 AM | Computer Name = SUNROOM-78A0008 | Source = Server | ID = 2511
Description = The server service was unable to recreate the share Downloads because
the directory D:\Documents and Settings\me\My Documents\Downloads no longer exists.

Error - 6/24/2010 12:54:04 AM | Computer Name = SUNROOM-78A0008 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%193


< End of report >
OTL logfile created on: 6/24/2010 1:10:05 AM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = D:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: | Country: | Language: | Date Format:

255.00 Mb Total Physical Memory | 69.00 Mb Available Physical Memory | 27.00% Memory free
614.00 Mb Paging File | 414.00 Mb Available in Paging File | 67.00% Paging File free
Paging file location(s): D:\pagefile.sys 384 768 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINNT | %ProgramFiles% = D:\Program Files
Drive C: | 5.67 Gb Total Space | 1.33 Gb Free Space | 23.53% Space Free | Partition Type: FAT32
Drive D: | 23.11 Gb Total Space | 2.33 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 1.04 Gb Free Space | 27.84% Space Free | Partition Type: FAT32
Drive F: | 4.87 Gb Total Space | 1.07 Gb Free Space | 21.88% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3.77 Gb Total Space | 0.59 Gb Free Space | 15.55% Space Free | Partition Type: FAT32

Computer Name: SUNROOM-78A0008
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/23 17:49:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/03/15 13:00:18 | 000,307,672 | ---- | M] (Mozilla Corporation) -- D:\program files\Mozilla Firefox\firefox.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\gmer\gmer.exe
PRC - [2009/01/14 10:57:44 | 000,712,048 | ---- | M] () -- D:\program files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2006/10/10 08:49:48 | 000,030,480 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\SNMP.EXE
PRC - [2004/09/07 11:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\mstask.exe
PRC - [2003/06/18 08:00:00 | 000,243,472 | ---- | M] (Microsoft Corporation) -- D:\WINNT\explorer.exe
PRC - [2003/06/18 08:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\wbem\winmgmt.exe
PRC - [2003/06/18 08:00:00 | 000,025,360 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\tcpsvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/06/23 17:49:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2003/06/18 08:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\msscript.ocx
MOD - [2003/06/18 08:00:00 | 000,021,776 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\wsock32.dll
MOD - [2003/06/18 08:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\netrap.dll
MOD - [2003/06/18 08:00:00 | 000,010,000 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\lz32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ose)
SRV - File not found [Disabled | Stopped] -- -- (IOLO_SRV)
SRV - [2010/03/24 17:32:10 | 000,065,248 | ---- | M] (Greatis Software ©) [Auto | Stopped] -- D:\program files\Greatis\RegRunSuite\BootLogService.exe -- (BootlogService)
SRV - [2009/12/30 14:55:18 | 000,235,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/01/14 10:57:44 | 000,712,048 | ---- | M] () [Auto | Running] -- D:\program files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/01/14 10:57:44 | 000,712,048 | ---- | M] () [Auto | Running] -- D:\program files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2006/10/10 08:49:48 | 000,030,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINNT\system32\SNMP.EXE -- (SNMP)
SRV - [2004/09/07 11:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/18 08:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)
SRV - [2003/06/18 08:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- D:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/18 08:00:00 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINNT\system32\faxsvc.exe -- (Fax)
SRV - [2003/06/18 08:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/18 08:00:00 | 000,034,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINNT\system32\iprip.dll -- (Iprip)
SRV - [2003/06/18 08:00:00 | 000,025,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINNT\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/06/18 08:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINNT\system32\utilman.exe -- (UtilMan)


========== Driver Services (SafeList) ==========

DRV - [2010/06/24 00:55:00 | 000,034,952 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- D:\WINNT\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/06/19 18:55:51 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2009/12/30 14:54:58 | 000,018,520 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/17 12:57:59 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- D:\WINNT\system32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2009/02/17 12:57:59 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- D:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/02/13 15:02:51 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2005/04/01 17:16:00 | 003,454,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/09 03:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/09/08 17:22:16 | 000,273,107 | ---- | M] (D-Link) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\AIRPLUS.sys -- (AIRPLUS)
DRV - [2003/06/19 08:05:04 | 000,009,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/06/18 08:00:00 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- D:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/18 08:00:00 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- D:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/18 08:00:00 | 000,102,160 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINNT\system32\drivers\nbf.sys -- (Nbf)
DRV - [2003/06/18 08:00:00 | 000,065,520 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/18 08:00:00 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/18 08:00:00 | 000,058,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/06/18 08:00:00 | 000,037,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\nmnt.sys -- (nm)
DRV - [2003/06/18 08:00:00 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/06/18 08:00:00 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- D:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2003/06/18 08:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2003/06/18 08:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2003/06/18 08:00:00 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/18 08:00:00 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- D:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2001/04/01 12:01:12 | 000,036,013 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\lne100v5.sys -- (lne100v5) Linksys LNE100TX(v5)
DRV - [1999/11/06 06:11:56 | 000,044,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1999/09/25 06:36:48 | 000,009,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\NtApm.sys -- (NtApm)
DRV - [1999/09/24 20:17:08 | 000,030,992 | ---- | M] (Linksys Group, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\lne100tx.sys -- (lne100tx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/05/24 19:49:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/06/13 01:02:08 | 000,000,000 | ---D | M]

[2010/05/24 19:49:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/15 01:34:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udncgudg.default\extensions
[2010/06/22 19:33:26 | 000,000,000 | ---D | M] -- D:\program files\Mozilla Firefox\extensions
[2010/06/14 19:29:27 | 000,000,000 | ---D | M] (Java Console) -- D:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/14 19:28:43 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2003/06/18 08:00:00 | 000,000,734 | ---- | M]) - D:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [@RegRunOnSecure] D:\program files\Greatis\RegRunSuite\OnSecure.exe (Greatis Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINNT\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCDRealtime] D:\WINNT\realtime.exe ()
O4 - HKLM..\Run: [RegRun WinBait] D:\WINNT\WinBait.exe ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINNT\system32\rnr20.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINNT\system32\NWPROVAU.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1234882332331 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - D:\WINNT\wc98pp.dll ()
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File not found
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - D:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - D:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - D:\program files\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/02/08 19:35:12 | 000,000,087 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2010/01/14 15:29:54 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/05/21 19:54:20 | 000,000,319 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/02/18 21:46:10 | 000,000,120 | ---- | M] () - C:\AUTOEXEC.SYD -- [ FAT32 ]
O32 - AutoRun File - [2009/01/02 23:08:34 | 000,000,126 | ---- | M] () - C:\AUTOEXEC.TSH -- [ FAT32 ]
O32 - AutoRun File - [2010/01/14 16:29:52 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/14 15:29:54 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/01/14 15:29:54 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: ("autocheck autochk *") - File not found
O34 - HKLM BootExecute: ("autocheck ") - File not found
O34 - HKLM BootExecute: ("autocheck autocheck ") - File not found
O34 - HKLM BootExecute: ("autocheck ?% A{5D1FA795-FCBC-11DD-9C01-806D6172696F}") - File not found
O34 - HKLM BootExecute: ("autocheck autocheck ;?;A ?;?;?;?;?;?;?;?;?;?;") - File not found
O34 - HKLM BootExecute: ("autocheck autocheck ;?;+") - File not found
O34 - HKLM BootExecute: ("autocheck ?;?;A") - File not found
O34 - HKLM BootExecute: ("autocheck autocheck ?%6") - File not found
O34 - HKLM BootExecute: ("autocheck ?;?;A ?;?;?;?;?;?;?;?;?;?;?;") - File not found
O34 - HKLM BootExecute: ("autocheck autocheck A") - File not found
O34 - HKLM BootExecute: ("autocheck G") - File not found
O34 - HKLM BootExecute: ("autocheck ??;?;?;") - File not found
O34 - HKLM BootExecute: ("autocheck ") - File not found
O34 - HKLM BootExecute: ("autocheck ") - File not found
O34 - HKLM BootExecute: (autocheck smrgdf D:\Documents and Settings\Administrator\Application Data\iolo\) - File not found
O34 - HKLM BootExecute: (Partizan) - D:\WINNT\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost) - File not found
O34 - HKLM BootExecute: (e default theme.</em:description>

<!-- EXTENSION AUTHORS!
DO NOT COPY THIS PROPERTY INTO YOUR INSTALL RDF FILES
It will cause users not to be informed of incompat) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - D:\WINNT\system32\ias [2009/02/17 02:56:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - D:\WINNT\system32\iprip.dll (Microsoft Corporation)

Drivers32: aux - D:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi - D:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: midimapper - D:\WINNT\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - D:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.iac2 - D:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - D:\WINNT\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - D:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - D:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - D:\WINNT\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - D:\WINNT\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - D:\WINNT\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - D:\WINNT\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.trspch - D:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - D:\WINNT\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.I420 - D:\WINNT\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - D:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - D:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.M261 - D:\WINNT\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - D:\WINNT\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - D:\WINNT\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - D:\WINNT\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - D:\WINNT\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - D:\WINNT\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - D:\WINNT\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - D:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - File not found
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
Drivers32: wavemapper - D:\WINNT\System32\msacm32.drv (Microsoft Corporation)
Drivers32: wdmaud.drv - D:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
SystemRestore not available.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/24 00:51:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\gmer
[2010/06/23 17:55:26 | 000,444,416 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\My Documents\TFC.exe
[2010/06/23 17:55:20 | 000,791,393 | ---- | C] (Lars Hederer ) -- D:\Documents and Settings\Administrator\My Documents\erunt_setup.exe
[2010/06/23 17:49:57 | 000,574,464 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/23 17:40:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/06/23 17:40:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/06/23 17:40:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/23 17:40:39 | 000,018,520 | ---- | C] (Malwarebytes Corporation) -- D:\WINNT\System32\drivers\mbam.sys
[2010/06/23 17:40:39 | 000,000,000 | ---D | C] -- D:\program files\Malwarebytes' Anti-Malware
[2010/06/23 13:46:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Help
[2010/06/23 13:46:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Help
[2010/06/16 18:05:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\4chan
[2010/06/13 01:34:44 | 000,011,520 | R--- | C] (Western Digital Technologies) -- D:\WINNT\System32\drivers\wdcsam.sys
[2010/06/13 01:02:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/06/13 01:02:51 | 000,000,000 | ---D | C] -- D:\program files\common files\Java
[2010/06/13 01:01:31 | 000,000,000 | ---D | C] -- D:\program files\Java
[2010/06/13 01:00:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Sun
[2010/06/13 00:12:07 | 000,000,000 | ---D | C] -- D:\WINNT\System32\Adobe
[2010/06/08 10:26:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Adobe
[2010/06/08 10:25:53 | 000,000,000 | ---D | C] -- D:\program files\Adobe
[2010/06/07 20:22:51 | 000,000,000 | ---D | C] -- D:\program files\common files\Adobe
[2010/06/07 20:22:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/06/02 21:38:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/06/02 21:28:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\Downloads
[2010/06/02 21:28:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/06/02 20:53:20 | 000,000,000 | ---D | C] -- D:\program files\common files\ODBC
[2010/06/02 20:39:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\RegRunInfo
[2010/06/02 20:34:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\RegRun2
[2010/05/28 18:11:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2010/05/28 18:11:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\iolo
[2010/05/27 21:14:15 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Templates
[2010/05/27 21:13:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\iolo
[2010/05/27 21:13:42 | 000,000,000 | ---D | C] -- D:\iolo
[2010/05/27 21:04:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/05/27 21:01:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/05/26 20:37:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\DrWatson
[2010/05/25 21:41:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Opera
[2010/05/25 07:57:03 | 000,049,152 | ---- | C] (adobe) -- D:\WINNT\System32\snmp.sys
[2010/05/24 19:51:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/05/24 19:51:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Adobe
[2010/05/24 19:49:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/05/24 19:44:58 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Desktop\Favorites
[2010/05/24 19:44:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\CDRWIN 6
[2010/05/24 19:42:48 | 000,000,000 | ---D | C] -- D:\program files\Mozilla Firefox
[2010/05/24 19:42:17 | 000,000,000 | ---D | C] -- D:\program files\LimeWire
[2010/05/24 19:41:34 | 000,000,000 | ---D | C] -- D:\program files\Accessories
[2010/05/24 19:39:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\System Mechanic pro v7
[2010/05/24 19:38:54 | 009,849,864 | ---- | C] (Opera Software ASA ) -- D:\Documents and Settings\Administrator\My Documents\Opera_1051_en_Setup.exe
[2010/05/24 19:38:53 | 000,160,768 | ---- | C] (Soeperman Enterprises Ltd.) -- D:\Documents and Settings\Administrator\My Documents\HijackThis.exe
[2010/05/24 19:37:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\My Documents
[2010/05/24 19:34:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu
[2010/05/24 19:34:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Desktop
[2010/05/24 19:33:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Templates
[2010/05/24 19:33:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/05/24 19:33:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents
[2010/05/24 19:33:49 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Local Settings
[2010/05/24 19:33:48 | 000,000,000 | ---D | C] -- D:\WINNT\Application Data
[2010/05/24 19:33:47 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Administrator\Temporary Internet Files
[2010/05/24 19:33:47 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Administrator\History
[2010/05/24 19:33:47 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Administrator\Cookies
[2010/05/24 19:33:47 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/05/24 19:33:47 | 000,000,000 | -H-D | C] -- D:\program files\Uninstall Information
[2010/05/24 19:33:47 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Application Data
[2010/05/24 19:33:46 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\Recent
[2010/05/24 19:33:46 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Favorites
[2010/05/24 19:33:46 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\NetHood
[2010/05/24 19:33:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Start Menu
[2010/05/24 19:33:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents
[2010/05/24 19:33:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop
[2010/05/24 19:33:08 | 000,000,000 | ---D | C] -- D:\program files\windows media player
[2010/05/24 19:33:00 | 000,000,000 | ---D | C] -- D:\program files\microsoft frontpage
[2010/05/24 19:32:57 | 000,000,000 | ---D | C] -- D:\program files\common files\system
[2010/05/24 19:32:56 | 000,000,000 | ---D | C] -- D:\program files\outlook express
[2010/05/24 19:32:52 | 000,000,000 | ---D | C] -- D:\program files\windows nt
[2010/05/24 19:32:52 | 000,000,000 | ---D | C] -- D:\program files\netmeeting
[2010/05/24 19:32:51 | 000,000,000 | ---D | C] -- D:\program files\internet explorer
[2010/05/24 19:32:50 | 000,000,000 | ---D | C] -- D:\program files
[2010/05/24 19:32:50 | 000,000,000 | ---D | C] -- D:\program files\common files\microsoft shared
[2010/05/24 19:32:50 | 000,000,000 | ---D | C] -- D:\program files\common files
[2010/05/24 19:32:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/24 19:32:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data
[2010/05/24 19:32:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings
[2010/05/23 23:12:02 | 000,000,000 | ---D | C] -- D:\WINNT\RestoreSafeDeleted
[2010/05/23 23:09:14 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- D:\WINNT\System32\drivers\UnHackMeDrv.sys
[2010/05/23 13:33:32 | 001,385,184 | ---- | C] (Greatis Software) -- D:\WINNT\RunGuard.exe
[2010/05/23 13:33:16 | 000,000,000 | ---D | C] -- D:\program files\Greatis
[2010/05/21 20:11:37 | 000,000,000 | ---D | C] -- D:\RegRunInfo
[2010/05/18 17:44:22 | 000,034,952 | ---- | C] (Greatis Software) -- D:\WINNT\System32\drivers\Partizan.sys
[2010/05/18 17:42:39 | 000,037,600 | ---- | C] (Greatis Software) -- D:\WINNT\System32\Partizan.exe
[2010/05/18 17:41:44 | 000,024,416 | ---- | C] (Greatis Software) -- D:\WINNT\System32\drivers\regguard.sys
[2010/05/18 17:29:00 | 000,000,000 | ---D | C] -- D:\32788R22FWJFW
[2010/05/08 09:54:46 | 000,000,000 | ---D | C] -- D:\program files\iolo
[2010/05/08 00:03:24 | 000,000,000 | ---D | C] -- D:\program files\QuickTime
[2010/04/27 16:24:42 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- D:\WINNT\iun506.exe
[2010/04/10 02:40:36 | 000,000,000 | ---D | C] -- D:\program files\Opera
[2010/04/09 11:24:13 | 000,023,216 | ---- | C] (D-Link Corporation) -- D:\WINNT\System32\dllcache\dlh5xnd5.sys
[2010/04/09 11:23:49 | 000,039,680 | ---- | C] (Silicom Ltd.) -- D:\WINNT\System32\dllcache\cb325.sys
[2010/04/09 11:23:49 | 000,031,888 | ---- | C] (BreezeCOM) -- D:\WINNT\System32\dllcache\brzwlan.sys
[2010/04/09 11:23:48 | 000,017,168 | ---- | C] (AmbiCom, Inc.) -- D:\WINNT\System32\dllcache\amb8002.sys
[2010/04/09 11:23:01 | 000,801,072 | ---- | C] (U.S. Robotics, Inc.) -- D:\WINNT\System32\dllcache\3cpciadi.sys
[2010/04/09 11:23:01 | 000,774,928 | ---- | C] (U.S. Robotics, Inc.) -- D:\WINNT\System32\dllcache\3cisati.sys
[2010/04/09 11:23:00 | 000,792,176 | ---- | C] (U.S. Robotics, Inc.) -- D:\WINNT\System32\dllcache\3cisaadi.sys
[2010/04/09 11:23:00 | 000,763,024 | ---- | C] (3Com, Inc.) -- D:\WINNT\System32\dllcache\3cwmcru.sys

========== Files - Modified Within 90 Days ==========

[2010/06/24 01:12:04 | 000,417,792 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/24 01:00:00 | 000,000,480 | ---- | M] () -- D:\WINNT\tasks\Malwarebytes' Scheduled Scan for me.job
[2010/06/24 00:55:09 | 000,021,961 | ---- | M] () -- D:\WINNT\System32\nvapps.xml
[2010/06/24 00:55:02 | 000,000,432 | ---- | M] () -- D:\WINNT\tasks\RegCure Program Check.job
[2010/06/24 00:55:00 | 000,034,952 | ---- | M] (Greatis Software) -- D:\WINNT\System32\drivers\Partizan.sys
[2010/06/24 00:54:07 | 000,000,006 | -H-- | M] () -- D:\WINNT\tasks\SA.DAT
[2010/06/24 00:54:02 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_25c.dat
[2010/06/24 00:34:26 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010/06/23 19:28:00 | 000,000,284 | ---- | M] () -- D:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/06/23 17:55:27 | 000,444,416 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\My Documents\TFC.exe
[2010/06/23 17:55:21 | 000,791,393 | ---- | M] (Lars Hederer ) -- D:\Documents and Settings\Administrator\My Documents\erunt_setup.exe
[2010/06/23 17:54:59 | 000,284,915 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\gmer.zip
[2010/06/23 17:49:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/23 17:40:46 | 000,000,569 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/23 13:27:11 | 001,198,368 | -H-- | M] () -- D:\WINNT\ShellIconCache
[2010/06/21 04:41:21 | 000,070,814 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\x-box-360.jpg
[2010/06/21 04:28:57 | 000,692,094 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\xbox360balllogolarge.ol.bmp
[2010/06/20 20:51:50 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_344.dat
[2010/06/20 20:51:39 | 000,000,676 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Yahoo! Messenger.lnk
[2010/06/19 18:55:51 | 000,024,416 | ---- | M] (Greatis Software) -- D:\WINNT\System32\drivers\regguard.sys
[2010/06/19 18:53:07 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_32c.dat
[2010/06/17 13:00:53 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_41c.dat
[2010/06/17 03:00:00 | 000,000,366 | ---- | M] () -- D:\WINNT\tasks\RegCure.job
[2010/06/14 19:29:27 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_53c.dat
[2010/06/12 15:57:23 | 000,001,461 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\LimeWire 5.4.6.lnk
[2010/06/12 03:27:41 | 000,001,026 | ---- | M] () -- D:\WINNT\System32\Ghost.vbs
[2010/06/11 11:31:51 | 000,000,505 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\µTorrent.lnk
[2010/06/09 11:14:32 | 003,576,461 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Service_KHS_18-24_72SeriesRevB.pdf
[2010/06/09 11:11:55 | 000,001,073 | ---- | M] () -- D:\WINNT\run.vbs
[2010/06/09 11:11:55 | 000,000,510 | ---- | M] () -- D:\WINNT\run2.vbs
[2010/06/08 12:51:02 | 009,159,369 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Mini Split Training Manual 2010 Version 4-1.pdf
[2010/06/08 11:36:56 | 001,286,488 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Mini Split Install English.pdf
[2010/06/08 10:50:14 | 000,116,157 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Stealth Installation.pdf
[2010/06/08 10:27:18 | 000,001,537 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/08 10:23:24 | 001,047,827 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Handouts.pdf
[2010/06/08 00:51:20 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_314.dat
[2010/06/07 20:22:03 | 000,729,439 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\14313_ch15.pdf
[2010/06/02 21:38:17 | 000,000,601 | ---- | M] () -- D:\WINNT\win.ini
[2010/06/02 20:34:11 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_334.dat
[2010/06/02 20:33:58 | 000,002,326 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol
[2010/05/31 01:34:06 | 000,017,920 | ---- | M] () -- D:\WINNT\System32\13504.exe
[2010/05/31 01:34:03 | 000,071,680 | ---- | M] () -- D:\WINNT\System32\13503.exe
[2010/05/31 01:33:49 | 000,059,904 | ---- | M] () -- D:\WINNT\System32\13501.exe
[2010/05/28 18:10:39 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/05/28 18:08:20 | 000,228,000 | ---- | M] () -- D:\WINNT\System32\FNTCACHE.DAT
[2010/05/25 07:57:03 | 000,049,152 | ---- | M] (adobe) -- D:\WINNT\System32\snmp.sys
[2010/05/24 19:49:38 | 000,001,481 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
[2010/05/24 18:15:52 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_364.dat
[2010/05/24 10:37:54 | 000,000,626 | ---- | M] () -- D:\WINNT\ODBC.INI
[2010/05/23 23:08:43 | 000,002,577 | ---- | M] () -- D:\WINNT\System32\CONFIG.NT
[2010/05/23 23:08:43 | 000,000,438 | ---- | M] () -- D:\WINNT\System32\AUTOEXEC.NT
[2010/05/23 23:08:43 | 000,000,002 | RHS- | M] () -- D:\WINNT\winstart.bat
[2010/05/23 23:07:07 | 000,037,600 | ---- | M] (Greatis Software) -- D:\WINNT\System32\Partizan.exe
[2010/05/23 14:28:52 | 000,000,077 | ---- | M] () -- D:\WINNT\lsoon.ini
[2010/05/23 13:11:29 | 025,630,465 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Regrun Security Suite Platinum Edition 6.0 & RegRun Reanimator [IZR].rar
[2010/05/23 13:08:45 | 000,000,703 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Shortcut to HijackThis.exe.lnk
[2010/05/23 12:36:53 | 001,728,943 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\ProcessExplorer.zip
[2010/05/22 12:19:46 | 000,694,522 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\HP25 Series.pdf
[2010/05/22 05:33:28 | 000,506,776 | ---- | M] () -- D:\BOOTEX.del
[2010/05/21 20:15:50 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_33c.dat
[2010/05/18 17:32:31 | 010,872,316 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\unhackme.zip
[2010/05/18 17:10:18 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_274.dat
[2010/05/15 19:04:16 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_338.dat
[2010/05/14 18:42:24 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_300.dat
[2010/05/14 18:42:10 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_258.dat
[2010/05/08 10:34:49 | 000,000,976 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-495
[2010/05/08 10:34:49 | 000,000,564 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-618
[2010/05/08 10:34:49 | 000,000,111 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-513
[2010/05/08 10:34:49 | 000,000,088 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-373
[2010/05/08 10:34:49 | 000,000,047 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-884
[2010/05/08 10:26:49 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_304.dat
[2010/05/08 09:56:34 | 000,000,648 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\System Mechanic.lnk
[2010/05/08 09:48:51 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_2b4.dat
[2010/05/08 00:43:04 | 000,000,000 | ---- | M] () -- D:\WINNT\SelSet.INI
[2010/05/08 00:42:26 | 001,076,736 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\kb650.exe
[2010/05/08 00:04:14 | 000,001,487 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\QuickTime Player.lnk
[2010/05/05 06:43:12 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_21c.dat
[2010/05/05 06:40:50 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_19c.dat
[2010/05/04 22:48:28 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_2ec.dat
[2010/05/04 06:31:26 | 003,370,854 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\CommandAndConquerTheFirstDecadev1.0NoCDNoDVDFixedexeAll.rar
[2010/05/02 22:50:27 | 015,790,149 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\t_screwattack_avgn_action52_d00m.mp4
[2010/04/27 16:23:54 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- D:\WINNT\iun506.exe
[2010/04/27 07:31:52 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_22c.dat
[2010/04/26 17:10:37 | 001,461,551 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\weebl's stuff - amazing horse.mp3
[2010/04/25 22:17:19 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\weebl's stuff - amazing horse.mp3.mp3
[2010/04/22 21:36:45 | 000,001,537 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Adobe Reader 9.lnk
[2010/04/17 10:01:42 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_2d8.dat
[2010/04/16 07:03:50 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_2f0.dat
[2010/04/15 19:46:25 | 000,245,760 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Fallout stuff.doc
[2010/04/15 14:49:35 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_20c.dat
[2010/04/10 02:40:45 | 000,000,481 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Opera.lnk
[2010/04/10 02:27:03 | 009,849,864 | ---- | M] (Opera Software ASA ) -- D:\Documents and Settings\Administrator\My Documents\Opera_1051_en_Setup.exe
[2010/04/01 20:27:43 | 000,105,120 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\lol.jpg
[2010/04/01 20:02:58 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_150.dat

========== Files Created - No Company Name ==========

[2010/06/24 00:54:02 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_25c.dat
[2010/06/23 17:55:04 | 000,284,915 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\gmer.zip
[2010/06/23 17:40:46 | 000,000,569 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/21 04:28:57 | 000,692,094 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\xbox360balllogolarge.ol.bmp
[2010/06/21 03:47:28 | 000,070,814 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\x-box-360.jpg
[2010/06/20 20:51:50 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_344.dat
[2010/06/19 18:53:07 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_32c.dat
[2010/06/17 13:00:53 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_41c.dat
[2010/06/14 19:29:27 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_53c.dat
[2010/06/09 11:14:30 | 003,576,461 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Service_KHS_18-24_72SeriesRevB.pdf
[2010/06/08 12:50:54 | 009,159,369 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Mini Split Training Manual 2010 Version 4-1.pdf
[2010/06/08 11:36:56 | 001,286,488 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Mini Split Install English.pdf
[2010/06/08 10:50:12 | 000,116,157 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Stealth Installation.pdf
[2010/06/08 10:27:18 | 000,001,537 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/08 10:23:21 | 001,047,827 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Handouts.pdf
[2010/06/08 00:51:20 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_314.dat
[2010/06/07 20:21:56 | 000,729,439 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\14313_ch15.pdf
[2010/06/07 12:40:12 | 000,000,510 | ---- | C] () -- D:\WINNT\run2.vbs
[2010/06/07 12:40:11 | 000,001,073 | ---- | C] () -- D:\WINNT\run.vbs
[2010/06/02 20:34:11 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_334.dat
[2010/05/31 09:07:44 | 000,002,326 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol
[2010/05/27 21:03:59 | 000,079,171 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\ShLog.txt
[2010/05/26 21:14:54 | 000,001,026 | ---- | C] () -- D:\WINNT\System32\Ghost.vbs
[2010/05/25 07:55:18 | 000,059,904 | ---- | C] () -- D:\WINNT\System32\13501.exe
[2010/05/24 22:34:26 | 000,417,792 | -H-- | C] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/24 22:34:26 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2010/05/24 19:49:38 | 000,005,711 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\ShLog.txt
[2010/05/24 19:47:27 | 000,000,676 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Yahoo! Messenger.lnk
[2010/05/24 19:47:22 | 000,000,481 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Opera.lnk
[2010/05/24 19:47:18 | 000,001,481 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
[2010/05/24 19:39:34 | 001,461,551 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\weebl's stuff - amazing horse.mp3
[2010/05/24 19:39:34 | 000,037,818 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\whirlpool dehumidifier 124552.jpg
[2010/05/24 19:39:34 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\weebl's stuff - amazing horse.mp3.mp3
[2010/05/24 19:39:30 | 015,790,149 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\t_screwattack_avgn_action52_d00m.mp4
[2010/05/24 19:39:30 | 000,046,496 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\The F-Bomb.jpg
[2010/05/24 19:39:29 | 001,588,224 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\SteamInstall.msi
[2010/05/24 19:39:29 | 000,000,703 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Shortcut to HijackThis.exe.lnk
[2010/05/24 19:39:29 | 000,000,637 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Shortcut to NetStumbler.lnk
[2010/05/24 19:39:03 | 109,702,934 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\SC2_Teaser_1280x720_ESRB_enUS.avi
[2010/05/24 19:39:03 | 000,475,485 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\sakura-waterfall-coverup.jpg
[2010/05/24 19:38:57 | 025,630,465 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Regrun Security Suite Platinum Edition 6.0 & RegRun Reanimator [IZR].rar
[2010/05/24 19:38:57 | 000,001,487 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\QuickTime Player.lnk
[2010/05/24 19:38:56 | 001,728,943 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\ProcessExplorer.zip
[2010/05/24 19:38:56 | 000,020,480 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\preparing copper sulfate.doc
[2010/05/24 19:38:54 | 001,076,736 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\kb650.exe
[2010/05/24 19:38:54 | 000,105,120 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\lol.jpg
[2010/05/24 19:38:54 | 000,053,471 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Image.jpg
[2010/05/24 19:38:54 | 000,007,041 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\index.jpg
[2010/05/24 19:38:53 | 001,964,686 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\GalvanizedSteelTDM.pdf
[2010/05/24 19:38:53 | 000,694,522 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\HP25 Series.pdf
[2010/05/24 19:38:52 | 003,370,854 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\CommandAndConquerTheFirstDecadev1.0NoCDNoDVDFixedexeAll.rar
[2010/05/24 19:38:52 | 000,568,786 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\CNS17_Brochure10update.pdf
[2010/05/24 19:38:52 | 000,245,760 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Fallout stuff.doc
[2010/05/24 19:38:52 | 000,001,537 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Adobe Reader 9.lnk
[2010/05/24 19:38:52 | 000,000,976 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-495
[2010/05/24 19:38:52 | 000,000,564 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-618
[2010/05/24 19:38:52 | 000,000,111 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-513
[2010/05/24 19:38:52 | 000,000,088 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-373
[2010/05/24 19:38:52 | 000,000,047 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-884
[2010/05/24 19:38:51 | 001,025,398 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Additives PK1314 Product Leaflet.pdf
[2010/05/24 19:38:51 | 000,082,215 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\117127-1.png
[2010/05/24 19:38:51 | 000,008,025 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\1996 sebring.jpg
[2010/05/24 19:33:59 | 000,000,079 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/05/24 19:33:33 | 000,000,178 | -HS- | C] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010/05/24 18:15:52 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_364.dat
[2010/05/23 14:28:52 | 000,000,077 | ---- | C] () -- D:\WINNT\lsoon.ini
[2010/05/23 13:44:16 | 001,198,368 | -H-- | C] () -- D:\WINNT\ShellIconCache
[2010/05/23 13:33:32 | 000,057,556 | ---- | C] () -- D:\WINNT\guard.bmp
[2010/05/23 13:33:32 | 000,020,192 | ---- | C] () -- D:\WINNT\WinBait.org
[2010/05/23 13:33:32 | 000,020,192 | ---- | C] () -- D:\WINNT\WinBait.exe
[2010/05/22 15:08:46 | 000,017,920 | ---- | C] () -- D:\WINNT\System32\13504.exe
[2010/05/22 15:08:44 | 000,071,680 | ---- | C] () -- D:\WINNT\System32\13503.exe
[2010/05/22 05:33:28 | 000,506,776 | ---- | C] () -- D:\BOOTEX.del
[2010/05/21 20:15:50 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_33c.dat
[2010/05/18 17:32:31 | 010,872,316 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\unhackme.zip
[2010/05/18 17:10:18 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_274.dat
[2010/05/15 19:04:16 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_338.dat
[2010/05/14 18:42:24 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_300.dat
[2010/05/14 18:42:10 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_258.dat
[2010/05/08 10:26:49 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_304.dat
[2010/05/08 09:55:01 | 000,000,648 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\System Mechanic.lnk
[2010/05/08 09:48:51 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_2b4.dat
[2010/05/08 00:43:04 | 000,000,000 | ---- | C] () -- D:\WINNT\SelSet.INI
[2010/05/08 00:02:33 | 000,000,284 | ---- | C] () -- D:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/05/05 06:43:12 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_21c.dat
[2010/05/05 06:40:50 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_19c.dat
[2010/05/04 22:48:28 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_2ec.dat
[2010/04/27 07:31:52 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_22c.dat
[2010/04/17 10:01:42 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_2d8.dat
[2010/04/16 07:03:50 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_2f0.dat
[2010/04/15 14:49:35 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_20c.dat
[2010/04/09 11:23:49 | 000,042,192 | ---- | C] () -- D:\WINNT\System32\dllcache\atibt829.sys
[2010/04/09 11:23:49 | 000,016,976 | ---- | C] () -- D:\WINNT\System32\dllcache\atitvsnd.sys
[2010/04/01 20:02:58 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_150.dat
[2010/03/08 14:00:59 | 002,115,496 | ---- | C] () -- D:\WINNT\System32\Incinerator.dll
[2009/11/05 20:21:13 | 000,000,003 | ---- | C] () -- D:\WINNT\sw_app.sys
[2009/09/04 23:15:48 | 000,051,712 | ---- | C] () -- D:\WINNT\wc98pp.dll
[2009/08/20 22:47:16 | 000,155,648 | ---- | C] () -- D:\WINNT\System32\ssleay32.dll
[2009/08/20 22:47:09 | 000,696,320 | ---- | C] () -- D:\WINNT\System32\libeay32.dll
[2009/07/23 12:51:10 | 000,040,448 | ---- | C] () -- D:\WINNT\System32\Regobj.dll
[2009/04/10 00:30:10 | 000,000,056 | RHS- | C] () -- D:\WINNT\System32\1685A4CB3E.sys
[2009/04/10 00:30:03 | 000,001,890 | -HS- | C] () -- D:\WINNT\System32\KGyGaAvL.sys
[2009/03/09 14:28:16 | 000,000,626 | ---- | C] () -- D:\WINNT\ODBC.INI
[2009/02/17 13:05:23 | 000,354,816 | ---- | C] () -- D:\WINNT\System32\psisdecd.dll
[2005/04/01 17:16:00 | 000,540,672 | ---- | C] () -- D:\WINNT\System32\nvhwvid.dll
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- D:\WINNT\System32\qt-mt331.dll
[2003/06/18 08:00:00 | 000,176,400 | ---- | C] () -- D:\WINNT\System32\qcut.dll
[2003/06/18 08:00:00 | 000,033,552 | ---- | C] () -- D:\WINNT\System32\efsadu.dll
[2003/06/18 08:00:00 | 000,007,265 | ---- | C] () -- D:\WINNT\System32\iasperf.ini
[2003/06/18 08:00:00 | 000,001,505 | ---- | C] () -- D:\WINNT\System32\faxperf.ini
[2003/06/18 08:00:00 | 000,000,023 | ---- | C] () -- D:\WINNT\welcome.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- D:\WINNT\System32\OUTLPERF.INI
[1999/09/25 06:36:24 | 000,088,816 | ---- | C] () -- D:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 06:36:22 | 000,017,424 | ---- | C] () -- D:\WINNT\System32\drivers\lvsound.sys
[1999/07/05 06:00:00 | 000,074,468 | ---- | C] () -- D:\WINNT\System32\mfc45.dll

========== LOP Check ==========

[2010/06/02 20:49:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\iolo
[2010/05/25 21:41:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Opera
[2010/06/23 13:13:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/05/27 21:34:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\iolo
[2010/06/24 00:55:02 | 000,000,432 | ---- | M] () -- D:\WINNT\Tasks\RegCure Program Check.job
[2010/06/17 03:00:00 | 000,000,366 | ---- | M] () -- D:\WINNT\Tasks\RegCure.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/22 05:33:28 | 000,506,776 | ---- | M] () -- D:\BOOTEX.del
[2010/06/24 00:53:41 | 402,653,184 | -HS- | M] () -- D:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\spool\prtprocs\w32x86\mdippr.dll
[2003/06/18 08:00:00 | 000,006,928 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\spool\prtprocs\w32x86\sfmpsprt.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/02/17 02:57:30 | 000,081,920 | ---- | M] () -- D:\WINNT\system32\config\default.sav
[2009/02/17 02:57:30 | 000,536,576 | ---- | M] () -- D:\WINNT\system32\config\software.sav
[2009/02/17 02:57:29 | 000,352,256 | ---- | M] () -- D:\WINNT\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/06 07:17:48 | 000,381,200 | ---- | M] (Microsoft Corporation) MD5=40023A7103796B1AF6CA41A6DBC54775 -- D:\WINNT\system32\USER32.DLL

< %systemroot%\system32\ws2_32.dll /md5 >
[2003/06/18 08:00:00 | 000,069,904 | ---- | M] (Microsoft Corporation) MD5=0190C62DE42396D78DB9BE771CF2403E -- D:\WINNT\system32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 8908 bytes -> D:\Documents and Settings\Administrator\My Documents\HP25 Series.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 8344 bytes -> D:\Documents and Settings\Administrator\My Documents\whirlpool dehumidifier 124552.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 8160 bytes -> D:\Documents and Settings\Administrator\My Documents\CNS17_Brochure10update.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7700 bytes -> D:\Documents and Settings\Administrator\My Documents\Additives PK1314 Product Leaflet.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6944 bytes -> D:\Documents and Settings\Administrator\My Documents\1996 sebring.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6612 bytes -> D:\Documents and Settings\Administrator\My Documents\Image.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6516 bytes -> D:\Documents and Settings\Administrator\My Documents\index.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6440 bytes -> D:\WINNT\guard.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5832 bytes -> D:\WINNT\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5776 bytes -> D:\Documents and Settings\Administrator\My Documents\sakura-waterfall-coverup.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5040 bytes -> D:\Documents and Settings\Administrator\My Documents\The F-Bomb.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4608 bytes -> D:\Documents and Settings\Administrator\My Documents\GalvanizedSteelTDM.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4384 bytes -> D:\Documents and Settings\Administrator\Desktop\x-box-360.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3904 bytes -> D:\Documents and Settings\Administrator\My Documents\lol.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3896 bytes -> D:\Documents and Settings\Administrator\Desktop\xbox360balllogolarge.ol.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3864 bytes -> D:\WINNT\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3840 bytes -> D:\WINNT\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2980 bytes -> D:\WINNT\System32\setup.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2744 bytes -> D:\WINNT\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1256 bytes -> D:\WINNT\System32\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 10116 bytes -> D:\Documents and Settings\Administrator\My Documents\117127-1.png:Q30lsldxJoudresxAaaqpcawXc
< End of report >
  • 0

Advertisements

#2
RKinner
Posted 25 June 2010 - 07:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I'd uninstall limewire, utorrent and any other p2p programs. These bring in a lot of viruses.

I don't have win2k any more so some things may not work. Let me know if they don't or if something is unclear.

Copy the text in the code box by highlighting and Ctrl + c 
:OTL
O4 - HKLM..\RunOnceEx: [Title] File not found
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - D:\WINNT\wc98pp.dll ()
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File not found
O34 - HKLM BootExecute: ("autocheck ") - File not found
O34 - HKLM BootExecute: ("autocheck autocheck ") - File not found
O34 - HKLM BootExecute: ("autocheck ?%A{5D1FA795-FCBC-11DD-9C01-806D6172696F}") - File not found
O34 - HKLM BootExecute: ("autocheck autocheck;?;A?;?;?;?;?;?;?;?;?;?;") - File not found
O34 - HKLM BootExecute: ("autocheck autocheck;?;+") - File not found
O34 - HKLM BootExecute: ("autocheck  ?;?;A") - File not found
O34 - HKLM BootExecute: ("autocheck autocheck ?%6") - File not found
O34 - HKLM BootExecute: ("autocheck  ?;?;A?;?;?;?;?;?;?;?;?;?;?;") - File not found
O34 - HKLM BootExecute: ("autocheck autocheck A") - File not found
O34 - HKLM BootExecute: ("autocheck G") - File not found
O34 - HKLM BootExecute: ("autocheck ??;?;?;") - File not found
O34 - HKLM BootExecute: ("autocheck ") - File not found
O34 - HKLM BootExecute: ("autocheck ") - File not found
O34 - HKLM BootExecute: (autocheck smrgdf D:\Documents and Settings\Administrator\Application Data\iolo\) - File not found
O34 - HKLM BootExecute: (be inserted on individual

:Files
D:\Documents and Settings\Administrator\My Documents\kb650.exe
D:\WINNT\System32\Ghost.vbs
D:\WINNT\System32\13501.exe
D:\WINNT\run2.vbs
D:\WINNT\run.vbs
D:\WINNT\System32\13504.exe
D:\WINNT\System32\13503.exe
D:\WINNT\System32\13502.exe
D:\WINNT\System32\snmp.sys
D:\WINNT\wc98pp.dll
	
:Commands
[purity]
[emptytemp]
[Reboot]
	  
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


1. Double-click My Computer, and then right-click the hard disk that you want to check. D:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, Restart. It will check your hard drive for errors. It will take about an hour to finish.

Start, Run, regedit, OK. Navigate to

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

right click on it and select Export then save the file to your desktop as BE.reg. Close the registry editor and then right click on be.reg and select Edit. Copy the text and paste it into a reply.

Ron
  • 0

#3
jeff may
Posted 26 June 2010 - 09:50 PM

jeff may

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ron,
I did everything you suggested. The only problem I have is this:
The registry entry, BootExecute, cannot be exported since it is a single value.
it is type "REG_MULTI_SZ" and data "Partizan \RPC control". Other than that, everything went smoothly.

Here's the OTL log you requested:

OTL logfile created on: 6/26/2010 9:23:36 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = D:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: | Country: | Language: | Date Format:

255.00 Mb Total Physical Memory | 92.00 Mb Available Physical Memory | 36.00% Memory free
614.00 Mb Paging File | 427.00 Mb Available in Paging File | 70.00% Paging File free
Paging file location(s): D:\pagefile.sys 384 1500 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINNT | %ProgramFiles% = D:\Program Files
Drive C: | 5.67 Gb Total Space | 1.33 Gb Free Space | 23.53% Space Free | Partition Type: FAT32
Drive D: | 23.11 Gb Total Space | 1.53 Gb Free Space | 6.64% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 1.04 Gb Free Space | 27.84% Space Free | Partition Type: FAT32
Drive F: | 4.87 Gb Total Space | 1.07 Gb Free Space | 21.88% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUNROOM-78A0008
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/26 20:57:02 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- D:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/23 17:49:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/01/14 10:57:44 | 000,712,048 | ---- | M] () -- D:\program files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2006/10/10 08:49:48 | 000,030,480 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\SNMP.EXE
PRC - [2004/09/07 11:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\mstask.exe
PRC - [2003/06/18 08:00:00 | 000,243,472 | ---- | M] (Microsoft Corporation) -- D:\WINNT\explorer.exe
PRC - [2003/06/18 08:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\wbem\winmgmt.exe
PRC - [2003/06/18 08:00:00 | 000,025,360 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\tcpsvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/06/23 17:49:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2003/06/18 08:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\msscript.ocx
MOD - [2003/06/18 08:00:00 | 000,021,776 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\wsock32.dll
MOD - [2003/06/18 08:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\netrap.dll
MOD - [2003/06/18 08:00:00 | 000,010,000 | ---- | M] (Microsoft Corporation) -- D:\WINNT\system32\lz32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ose)
SRV - File not found [Disabled | Stopped] -- -- (IOLO_SRV)
SRV - [2010/03/24 17:32:10 | 000,065,248 | ---- | M] (Greatis Software ©) [Auto | Stopped] -- D:\program files\Greatis\RegRunSuite\BootLogService.exe -- (BootlogService)
SRV - [2009/12/30 14:55:18 | 000,235,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/01/14 10:57:44 | 000,712,048 | ---- | M] () [Auto | Running] -- D:\program files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/01/14 10:57:44 | 000,712,048 | ---- | M] () [Auto | Running] -- D:\program files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2006/10/10 08:49:48 | 000,030,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINNT\system32\SNMP.EXE -- (SNMP)
SRV - [2004/09/07 11:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/18 08:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)
SRV - [2003/06/18 08:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- D:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/18 08:00:00 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINNT\system32\faxsvc.exe -- (Fax)
SRV - [2003/06/18 08:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/18 08:00:00 | 000,034,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINNT\system32\iprip.dll -- (Iprip)
SRV - [2003/06/18 08:00:00 | 000,025,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINNT\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/06/18 08:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINNT\system32\utilman.exe -- (UtilMan)


========== Driver Services (SafeList) ==========

DRV - [2010/06/26 21:07:04 | 000,034,952 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- D:\WINNT\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/06/19 18:55:51 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\program files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\program files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/30 14:54:58 | 000,018,520 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/17 12:57:59 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- D:\WINNT\system32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2009/02/17 12:57:59 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- D:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/02/13 15:02:51 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2005/04/01 17:16:00 | 003,454,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/09 03:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/09/08 17:22:16 | 000,273,107 | ---- | M] (D-Link) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\AIRPLUS.sys -- (AIRPLUS)
DRV - [2003/06/19 08:05:04 | 000,009,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/06/18 08:00:00 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- D:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/18 08:00:00 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- D:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/18 08:00:00 | 000,102,160 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINNT\system32\drivers\nbf.sys -- (Nbf)
DRV - [2003/06/18 08:00:00 | 000,065,520 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/18 08:00:00 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/18 08:00:00 | 000,058,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/06/18 08:00:00 | 000,037,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\nmnt.sys -- (nm)
DRV - [2003/06/18 08:00:00 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/06/18 08:00:00 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- D:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2003/06/18 08:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2003/06/18 08:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2003/06/18 08:00:00 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/18 08:00:00 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- D:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2001/04/01 12:01:12 | 000,036,013 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\lne100v5.sys -- (lne100v5) Linksys LNE100TX(v5)
DRV - [1999/11/06 06:11:56 | 000,044,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINNT\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1999/09/25 06:36:48 | 000,009,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\NtApm.sys -- (NtApm)
DRV - [1999/09/24 20:17:08 | 000,030,992 | ---- | M] (Linksys Group, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINNT\system32\drivers\lne100tx.sys -- (lne100tx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/05/24 19:49:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/06/13 01:02:08 | 000,000,000 | ---D | M]

[2010/05/24 19:49:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/15 01:34:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udncgudg.default\extensions
[2010/06/26 18:15:13 | 000,000,000 | ---D | M] -- D:\program files\Mozilla Firefox\extensions
[2010/06/14 19:29:27 | 000,000,000 | ---D | M] (Java Console) -- D:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/14 19:28:43 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2003/06/18 08:00:00 | 000,000,734 | ---- | M]) - D:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [@RegRunOnSecure] D:\program files\Greatis\RegRunSuite\OnSecure.exe (Greatis Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINNT\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCDRealtime] D:\WINNT\realtime.exe ()
O4 - HKLM..\Run: [RegRun WinBait] D:\WINNT\WinBait.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] D:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINNT\system32\rnr20.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINNT\system32\NWPROVAU.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - D:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1234882332331 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - D:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - D:\program files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - D:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\program files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - D:\program files\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/02/08 19:35:12 | 000,000,087 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2010/01/14 15:29:54 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/05/21 19:54:20 | 000,000,319 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/02/18 21:46:10 | 000,000,120 | ---- | M] () - C:\AUTOEXEC.SYD -- [ FAT32 ]
O32 - AutoRun File - [2009/01/02 23:08:34 | 000,000,126 | ---- | M] () - C:\AUTOEXEC.TSH -- [ FAT32 ]
O32 - AutoRun File - [2010/01/14 16:29:52 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/14 15:29:54 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/01/14 15:29:54 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (Partizan) - D:\WINNT\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (n.inf) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/26 21:02:48 | 000,000,000 | ---D | C] -- D:\_OTL
[2010/06/26 19:20:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/26 19:20:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/06/26 19:19:51 | 000,000,000 | ---D | C] -- D:\program files\SUPERAntiSpyware
[2010/06/24 00:51:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\gmer
[2010/06/23 17:55:26 | 000,444,416 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\My Documents\TFC.exe
[2010/06/23 17:55:20 | 000,791,393 | ---- | C] (Lars Hederer ) -- D:\Documents and Settings\Administrator\My Documents\erunt_setup.exe
[2010/06/23 17:49:57 | 000,574,464 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/23 17:40:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/06/23 17:40:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/06/23 17:40:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/23 17:40:39 | 000,018,520 | ---- | C] (Malwarebytes Corporation) -- D:\WINNT\System32\drivers\mbam.sys
[2010/06/23 17:40:39 | 000,000,000 | ---D | C] -- D:\program files\Malwarebytes' Anti-Malware
[2010/06/23 13:46:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Help
[2010/06/23 13:46:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Help
[2010/06/16 18:05:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\4chan
[2010/06/13 01:34:44 | 000,011,520 | R--- | C] (Western Digital Technologies) -- D:\WINNT\System32\drivers\wdcsam.sys
[2010/06/13 01:02:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/06/13 01:02:51 | 000,000,000 | ---D | C] -- D:\program files\common files\Java
[2010/06/13 01:01:31 | 000,000,000 | ---D | C] -- D:\program files\Java
[2010/06/13 01:00:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Sun
[2010/06/13 00:12:07 | 000,000,000 | ---D | C] -- D:\WINNT\System32\Adobe
[2010/06/08 10:26:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Adobe
[2010/06/08 10:25:53 | 000,000,000 | ---D | C] -- D:\program files\Adobe
[2010/06/07 20:22:51 | 000,000,000 | ---D | C] -- D:\program files\common files\Adobe
[2010/06/07 20:22:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/06/02 21:38:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/06/02 21:28:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\Downloads
[2010/06/02 21:28:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/06/02 20:53:20 | 000,000,000 | ---D | C] -- D:\program files\common files\ODBC
[2010/06/02 20:39:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\RegRunInfo
[2010/06/02 20:34:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\RegRun2
[2010/05/28 18:11:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2010/05/28 18:11:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\iolo
[2010/05/27 21:14:15 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Templates
[2010/05/27 21:13:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\iolo
[2010/05/27 21:13:42 | 000,000,000 | ---D | C] -- D:\iolo
[2010/05/27 21:04:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/05/27 21:01:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/05/26 20:37:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\DrWatson
[2010/05/25 21:41:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Opera
[2010/05/24 19:51:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/05/24 19:51:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Adobe
[2010/05/24 19:49:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/05/24 19:44:58 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Desktop\Favorites
[2010/05/24 19:44:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\CDRWIN 6
[2010/05/24 19:42:48 | 000,000,000 | ---D | C] -- D:\program files\Mozilla Firefox
[2010/05/24 19:42:17 | 000,000,000 | ---D | C] -- D:\program files\LimeWire
[2010/05/24 19:41:34 | 000,000,000 | ---D | C] -- D:\program files\Accessories
[2010/05/24 19:39:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\System Mechanic pro v7
[2010/05/24 19:38:54 | 009,849,864 | ---- | C] (Opera Software ASA ) -- D:\Documents and Settings\Administrator\My Documents\Opera_1051_en_Setup.exe
[2010/05/24 19:38:53 | 000,160,768 | ---- | C] (Soeperman Enterprises Ltd.) -- D:\Documents and Settings\Administrator\My Documents\HijackThis.exe
[2010/05/24 19:37:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\My Documents
[2010/05/24 19:34:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu
[2010/05/24 19:34:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Desktop
[2010/05/24 19:33:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Templates
[2010/05/24 19:33:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/05/24 19:33:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents
[2010/05/24 19:33:49 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Local Settings
[2010/05/24 19:33:48 | 000,000,000 | ---D | C] -- D:\WINNT\Application Data
[2010/05/24 19:33:47 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Administrator\Temporary Internet Files
[2010/05/24 19:33:47 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Administrator\History
[2010/05/24 19:33:47 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Administrator\Cookies
[2010/05/24 19:33:47 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/05/24 19:33:47 | 000,000,000 | -H-D | C] -- D:\program files\Uninstall Information
[2010/05/24 19:33:47 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Application Data
[2010/05/24 19:33:46 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\Recent
[2010/05/24 19:33:46 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Favorites
[2010/05/24 19:33:46 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\NetHood
[2010/05/24 19:33:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Start Menu
[2010/05/24 19:33:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents
[2010/05/24 19:33:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop
[2010/05/24 19:33:08 | 000,000,000 | ---D | C] -- D:\program files\windows media player
[2010/05/24 19:33:00 | 000,000,000 | ---D | C] -- D:\program files\microsoft frontpage
[2010/05/24 19:32:57 | 000,000,000 | ---D | C] -- D:\program files\common files\system
[2010/05/24 19:32:56 | 000,000,000 | ---D | C] -- D:\program files\outlook express
[2010/05/24 19:32:52 | 000,000,000 | ---D | C] -- D:\program files\windows nt
[2010/05/24 19:32:52 | 000,000,000 | ---D | C] -- D:\program files\netmeeting
[2010/05/24 19:32:51 | 000,000,000 | ---D | C] -- D:\program files\internet explorer
[2010/05/24 19:32:50 | 000,000,000 | ---D | C] -- D:\program files
[2010/05/24 19:32:50 | 000,000,000 | ---D | C] -- D:\program files\common files\microsoft shared
[2010/05/24 19:32:50 | 000,000,000 | ---D | C] -- D:\program files\common files
[2010/05/24 19:32:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/24 19:32:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data
[2010/05/24 19:32:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings
[2010/05/23 23:12:02 | 000,000,000 | ---D | C] -- D:\WINNT\RestoreSafeDeleted
[2010/05/23 23:09:14 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- D:\WINNT\System32\drivers\UnHackMeDrv.sys
[2010/05/23 13:33:32 | 001,385,184 | ---- | C] (Greatis Software) -- D:\WINNT\RunGuard.exe
[2010/05/23 13:33:16 | 000,000,000 | ---D | C] -- D:\program files\Greatis
[2010/05/21 20:11:37 | 000,000,000 | ---D | C] -- D:\RegRunInfo
[2010/05/18 17:44:22 | 000,034,952 | ---- | C] (Greatis Software) -- D:\WINNT\System32\drivers\Partizan.sys
[2010/05/18 17:42:39 | 000,037,600 | ---- | C] (Greatis Software) -- D:\WINNT\System32\Partizan.exe
[2010/05/18 17:41:44 | 000,024,416 | ---- | C] (Greatis Software) -- D:\WINNT\System32\drivers\regguard.sys
[2010/05/18 17:29:00 | 000,000,000 | ---D | C] -- D:\32788R22FWJFW
[2010/05/08 09:54:46 | 000,000,000 | ---D | C] -- D:\program files\iolo
[2010/05/08 00:03:24 | 000,000,000 | ---D | C] -- D:\program files\QuickTime
[2010/04/27 16:24:42 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- D:\WINNT\iun506.exe
[2010/04/10 02:40:36 | 000,000,000 | ---D | C] -- D:\program files\Opera
[2010/04/09 11:24:13 | 000,023,216 | ---- | C] (D-Link Corporation) -- D:\WINNT\System32\dllcache\dlh5xnd5.sys
[2010/04/09 11:23:49 | 000,039,680 | ---- | C] (Silicom Ltd.) -- D:\WINNT\System32\dllcache\cb325.sys
[2010/04/09 11:23:49 | 000,031,888 | ---- | C] (BreezeCOM) -- D:\WINNT\System32\dllcache\brzwlan.sys
[2010/04/09 11:23:48 | 000,017,168 | ---- | C] (AmbiCom, Inc.) -- D:\WINNT\System32\dllcache\amb8002.sys
[2010/04/09 11:23:01 | 000,801,072 | ---- | C] (U.S. Robotics, Inc.) -- D:\WINNT\System32\dllcache\3cpciadi.sys
[2010/04/09 11:23:01 | 000,774,928 | ---- | C] (U.S. Robotics, Inc.) -- D:\WINNT\System32\dllcache\3cisati.sys
[2010/04/09 11:23:00 | 000,792,176 | ---- | C] (U.S. Robotics, Inc.) -- D:\WINNT\System32\dllcache\3cisaadi.sys
[2010/04/09 11:23:00 | 000,763,024 | ---- | C] (3Com, Inc.) -- D:\WINNT\System32\dllcache\3cwmcru.sys

========== Files - Modified Within 90 Days ==========

[2010/06/26 21:23:15 | 000,434,176 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/26 21:07:15 | 000,021,961 | ---- | M] () -- D:\WINNT\System32\nvapps.xml
[2010/06/26 21:07:10 | 000,000,432 | ---- | M] () -- D:\WINNT\tasks\RegCure Program Check.job
[2010/06/26 21:07:04 | 000,034,952 | ---- | M] (Greatis Software) -- D:\WINNT\System32\drivers\Partizan.sys
[2010/06/26 21:06:03 | 000,000,006 | -H-- | M] () -- D:\WINNT\tasks\SA.DAT
[2010/06/26 21:04:11 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010/06/26 19:19:59 | 000,001,557 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/06/25 09:18:37 | 001,199,054 | -H-- | M] () -- D:\WINNT\ShellIconCache
[2010/06/25 01:00:00 | 000,000,480 | ---- | M] () -- D:\WINNT\tasks\Malwarebytes' Scheduled Scan for me.job
[2010/06/24 15:42:55 | 000,073,100 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\couch2.jpg
[2010/06/24 15:37:05 | 000,954,090 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\couch.jpg
[2010/06/23 19:28:00 | 000,000,284 | ---- | M] () -- D:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/06/23 17:55:27 | 000,444,416 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\My Documents\TFC.exe
[2010/06/23 17:55:21 | 000,791,393 | ---- | M] (Lars Hederer ) -- D:\Documents and Settings\Administrator\My Documents\erunt_setup.exe
[2010/06/23 17:54:59 | 000,284,915 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\gmer.zip
[2010/06/23 17:49:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/23 17:40:46 | 000,000,569 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/21 04:41:21 | 000,070,814 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\x-box-360.jpg
[2010/06/21 04:28:57 | 000,692,094 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\xbox360balllogolarge.ol.bmp
[2010/06/20 20:51:50 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_344.dat
[2010/06/20 20:51:39 | 000,000,676 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Yahoo! Messenger.lnk
[2010/06/19 18:55:51 | 000,024,416 | ---- | M] (Greatis Software) -- D:\WINNT\System32\drivers\regguard.sys
[2010/06/19 18:53:07 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_32c.dat
[2010/06/17 13:00:53 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_41c.dat
[2010/06/17 03:00:00 | 000,000,366 | ---- | M] () -- D:\WINNT\tasks\RegCure.job
[2010/06/14 19:29:27 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_53c.dat
[2010/06/12 15:57:23 | 000,001,461 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\LimeWire 5.4.6.lnk
[2010/06/11 11:31:51 | 000,000,505 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\µTorrent.lnk
[2010/06/09 11:14:32 | 003,576,461 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Service_KHS_18-24_72SeriesRevB.pdf
[2010/06/08 12:51:02 | 009,159,369 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Mini Split Training Manual 2010 Version 4-1.pdf
[2010/06/08 11:36:56 | 001,286,488 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Mini Split Install English.pdf
[2010/06/08 10:50:14 | 000,116,157 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Stealth Installation.pdf
[2010/06/08 10:27:18 | 000,001,537 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/08 10:23:24 | 001,047,827 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Handouts.pdf
[2010/06/08 00:51:20 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_314.dat
[2010/06/07 20:22:03 | 000,729,439 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\14313_ch15.pdf
[2010/06/02 21:38:17 | 000,000,601 | ---- | M] () -- D:\WINNT\win.ini
[2010/06/02 20:34:11 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_334.dat
[2010/06/02 20:33:58 | 000,002,326 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol
[2010/05/28 18:10:39 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/05/28 18:08:20 | 000,228,000 | ---- | M] () -- D:\WINNT\System32\FNTCACHE.DAT
[2010/05/24 19:49:38 | 000,001,481 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
[2010/05/24 18:15:52 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_364.dat
[2010/05/24 10:37:54 | 000,000,626 | ---- | M] () -- D:\WINNT\ODBC.INI
[2010/05/23 23:08:43 | 000,002,577 | ---- | M] () -- D:\WINNT\System32\CONFIG.NT
[2010/05/23 23:08:43 | 000,000,438 | ---- | M] () -- D:\WINNT\System32\AUTOEXEC.NT
[2010/05/23 23:08:43 | 000,000,002 | RHS- | M] () -- D:\WINNT\winstart.bat
[2010/05/23 23:07:07 | 000,037,600 | ---- | M] (Greatis Software) -- D:\WINNT\System32\Partizan.exe
[2010/05/23 14:28:52 | 000,000,077 | ---- | M] () -- D:\WINNT\lsoon.ini
[2010/05/23 13:11:29 | 025,630,465 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Regrun Security Suite Platinum Edition 6.0 & RegRun Reanimator [IZR].rar
[2010/05/23 13:08:45 | 000,000,703 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Shortcut to HijackThis.exe.lnk
[2010/05/23 12:36:53 | 001,728,943 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\ProcessExplorer.zip
[2010/05/22 12:19:46 | 000,694,522 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\HP25 Series.pdf
[2010/05/22 05:33:28 | 000,506,776 | ---- | M] () -- D:\BOOTEX.del
[2010/05/21 20:15:50 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_33c.dat
[2010/05/18 17:32:31 | 010,872,316 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\unhackme.zip
[2010/05/18 17:10:18 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_274.dat
[2010/05/15 19:04:16 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_338.dat
[2010/05/14 18:42:24 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_300.dat
[2010/05/08 10:34:49 | 000,000,976 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-495
[2010/05/08 10:34:49 | 000,000,564 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-618
[2010/05/08 10:34:49 | 000,000,111 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-513
[2010/05/08 10:34:49 | 000,000,088 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-373
[2010/05/08 10:34:49 | 000,000,047 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-884
[2010/05/08 10:26:49 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_304.dat
[2010/05/08 09:56:34 | 000,000,648 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\System Mechanic.lnk
[2010/05/08 09:48:51 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_2b4.dat
[2010/05/08 00:43:04 | 000,000,000 | ---- | M] () -- D:\WINNT\SelSet.INI
[2010/05/08 00:04:14 | 000,001,487 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\QuickTime Player.lnk
[2010/05/05 06:43:12 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_21c.dat
[2010/05/05 06:40:50 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_19c.dat
[2010/05/04 22:48:28 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_2ec.dat
[2010/05/04 06:31:26 | 003,370,854 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\CommandAndConquerTheFirstDecadev1.0NoCDNoDVDFixedexeAll.rar
[2010/05/02 22:50:27 | 015,790,149 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\t_screwattack_avgn_action52_d00m.mp4
[2010/04/27 16:23:54 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- D:\WINNT\iun506.exe
[2010/04/27 07:31:52 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_22c.dat
[2010/04/26 17:10:37 | 001,461,551 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\weebl's stuff - amazing horse.mp3
[2010/04/25 22:17:19 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\weebl's stuff - amazing horse.mp3.mp3
[2010/04/22 21:36:45 | 000,001,537 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Adobe Reader 9.lnk
[2010/04/17 10:01:42 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_2d8.dat
[2010/04/16 07:03:50 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_2f0.dat
[2010/04/15 19:46:25 | 000,245,760 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Fallout stuff.doc
[2010/04/15 14:49:35 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_20c.dat
[2010/04/10 02:40:45 | 000,000,481 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Opera.lnk
[2010/04/10 02:27:03 | 009,849,864 | ---- | M] (Opera Software ASA ) -- D:\Documents and Settings\Administrator\My Documents\Opera_1051_en_Setup.exe
[2010/04/01 20:27:43 | 000,105,120 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\lol.jpg
[2010/04/01 20:02:58 | 000,016,384 | ---- | M] () -- D:\WINNT\System32\Perflib_Perfdata_150.dat

========== Files Created - No Company Name ==========

[2010/06/26 19:19:59 | 000,001,557 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/06/24 15:42:55 | 000,073,100 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\couch2.jpg
[2010/06/24 15:37:00 | 000,954,090 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\couch.jpg
[2010/06/23 17:55:04 | 000,284,915 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\gmer.zip
[2010/06/23 17:40:46 | 000,000,569 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/21 04:28:57 | 000,692,094 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\xbox360balllogolarge.ol.bmp
[2010/06/21 03:47:28 | 000,070,814 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\x-box-360.jpg
[2010/06/20 20:51:50 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_344.dat
[2010/06/19 18:53:07 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_32c.dat
[2010/06/17 13:00:53 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_41c.dat
[2010/06/14 19:29:27 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_53c.dat
[2010/06/09 11:14:30 | 003,576,461 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Service_KHS_18-24_72SeriesRevB.pdf
[2010/06/08 12:50:54 | 009,159,369 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Mini Split Training Manual 2010 Version 4-1.pdf
[2010/06/08 11:36:56 | 001,286,488 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Mini Split Install English.pdf
[2010/06/08 10:50:12 | 000,116,157 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Stealth Installation.pdf
[2010/06/08 10:27:18 | 000,001,537 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/08 10:23:21 | 001,047,827 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Handouts.pdf
[2010/06/08 00:51:20 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_314.dat
[2010/06/07 20:21:56 | 000,729,439 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\14313_ch15.pdf
[2010/06/02 20:34:11 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_334.dat
[2010/05/31 09:07:44 | 000,002,326 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol
[2010/05/27 21:03:59 | 000,101,176 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\ShLog.txt
[2010/05/24 22:34:26 | 000,434,176 | -H-- | C] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/24 22:34:26 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2010/05/24 19:49:38 | 000,005,711 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\ShLog.txt
[2010/05/24 19:47:27 | 000,000,676 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Yahoo! Messenger.lnk
[2010/05/24 19:47:22 | 000,000,481 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Opera.lnk
[2010/05/24 19:47:18 | 000,001,481 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
[2010/05/24 19:39:34 | 001,461,551 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\weebl's stuff - amazing horse.mp3
[2010/05/24 19:39:34 | 000,037,818 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\whirlpool dehumidifier 124552.jpg
[2010/05/24 19:39:34 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\weebl's stuff - amazing horse.mp3.mp3
[2010/05/24 19:39:30 | 015,790,149 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\t_screwattack_avgn_action52_d00m.mp4
[2010/05/24 19:39:30 | 000,046,496 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\The F-Bomb.jpg
[2010/05/24 19:39:29 | 001,588,224 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\SteamInstall.msi
[2010/05/24 19:39:29 | 000,000,703 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Shortcut to HijackThis.exe.lnk
[2010/05/24 19:39:29 | 000,000,637 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Shortcut to NetStumbler.lnk
[2010/05/24 19:39:03 | 109,702,934 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\SC2_Teaser_1280x720_ESRB_enUS.avi
[2010/05/24 19:39:03 | 000,475,485 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\sakura-waterfall-coverup.jpg
[2010/05/24 19:38:57 | 025,630,465 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Regrun Security Suite Platinum Edition 6.0 & RegRun Reanimator [IZR].rar
[2010/05/24 19:38:57 | 000,001,487 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\QuickTime Player.lnk
[2010/05/24 19:38:56 | 001,728,943 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\ProcessExplorer.zip
[2010/05/24 19:38:56 | 000,020,480 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\preparing copper sulfate.doc
[2010/05/24 19:38:54 | 000,105,120 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\lol.jpg
[2010/05/24 19:38:54 | 000,053,471 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Image.jpg
[2010/05/24 19:38:54 | 000,007,041 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\index.jpg
[2010/05/24 19:38:53 | 001,964,686 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\GalvanizedSteelTDM.pdf
[2010/05/24 19:38:53 | 000,694,522 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\HP25 Series.pdf
[2010/05/24 19:38:52 | 003,370,854 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\CommandAndConquerTheFirstDecadev1.0NoCDNoDVDFixedexeAll.rar
[2010/05/24 19:38:52 | 000,568,786 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\CNS17_Brochure10update.pdf
[2010/05/24 19:38:52 | 000,245,760 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Fallout stuff.doc
[2010/05/24 19:38:52 | 000,001,537 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Adobe Reader 9.lnk
[2010/05/24 19:38:52 | 000,000,976 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-495
[2010/05/24 19:38:52 | 000,000,564 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-618
[2010/05/24 19:38:52 | 000,000,111 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-513
[2010/05/24 19:38:52 | 000,000,088 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-373
[2010/05/24 19:38:52 | 000,000,047 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\backup-20100508-103449-884
[2010/05/24 19:38:51 | 001,025,398 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Additives PK1314 Product Leaflet.pdf
[2010/05/24 19:38:51 | 000,082,215 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\117127-1.png
[2010/05/24 19:38:51 | 000,008,025 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\1996 sebring.jpg
[2010/05/24 19:33:59 | 000,000,079 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/05/24 19:33:33 | 000,000,178 | -HS- | C] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010/05/24 18:15:52 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_364.dat
[2010/05/23 14:28:52 | 000,000,077 | ---- | C] () -- D:\WINNT\lsoon.ini
[2010/05/23 13:44:16 | 001,199,054 | -H-- | C] () -- D:\WINNT\ShellIconCache
[2010/05/23 13:33:32 | 000,057,556 | ---- | C] () -- D:\WINNT\guard.bmp
[2010/05/23 13:33:32 | 000,020,192 | ---- | C] () -- D:\WINNT\WinBait.org
[2010/05/23 13:33:32 | 000,020,192 | ---- | C] () -- D:\WINNT\WinBait.exe
[2010/05/22 05:33:28 | 000,506,776 | ---- | C] () -- D:\BOOTEX.del
[2010/05/21 20:15:50 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_33c.dat
[2010/05/18 17:32:31 | 010,872,316 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\unhackme.zip
[2010/05/18 17:10:18 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_274.dat
[2010/05/15 19:04:16 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_338.dat
[2010/05/14 18:42:24 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_300.dat
[2010/05/08 10:26:49 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_304.dat
[2010/05/08 09:55:01 | 000,000,648 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\System Mechanic.lnk
[2010/05/08 09:48:51 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_2b4.dat
[2010/05/08 00:43:04 | 000,000,000 | ---- | C] () -- D:\WINNT\SelSet.INI
[2010/05/08 00:02:33 | 000,000,284 | ---- | C] () -- D:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/05/05 06:43:12 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_21c.dat
[2010/05/05 06:40:50 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_19c.dat
[2010/05/04 22:48:28 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_2ec.dat
[2010/04/27 07:31:52 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_22c.dat
[2010/04/17 10:01:42 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_2d8.dat
[2010/04/16 07:03:50 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_2f0.dat
[2010/04/15 14:49:35 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_20c.dat
[2010/04/09 11:23:49 | 000,042,192 | ---- | C] () -- D:\WINNT\System32\dllcache\atibt829.sys
[2010/04/09 11:23:49 | 000,016,976 | ---- | C] () -- D:\WINNT\System32\dllcache\atitvsnd.sys
[2010/04/01 20:02:58 | 000,016,384 | ---- | C] () -- D:\WINNT\System32\Perflib_Perfdata_150.dat
[2010/03/08 14:00:59 | 002,115,496 | ---- | C] () -- D:\WINNT\System32\Incinerator.dll
[2009/11/05 20:21:13 | 000,000,003 | ---- | C] () -- D:\WINNT\sw_app.sys
[2009/08/20 22:47:16 | 000,155,648 | ---- | C] () -- D:\WINNT\System32\ssleay32.dll
[2009/08/20 22:47:09 | 000,696,320 | ---- | C] () -- D:\WINNT\System32\libeay32.dll
[2009/07/23 12:51:10 | 000,040,448 | ---- | C] () -- D:\WINNT\System32\Regobj.dll
[2009/04/10 00:30:10 | 000,000,056 | RHS- | C] () -- D:\WINNT\System32\1685A4CB3E.sys
[2009/04/10 00:30:03 | 000,001,890 | -HS- | C] () -- D:\WINNT\System32\KGyGaAvL.sys
[2009/03/09 14:28:16 | 000,000,626 | ---- | C] () -- D:\WINNT\ODBC.INI
[2009/02/17 13:05:23 | 000,354,816 | ---- | C] () -- D:\WINNT\System32\psisdecd.dll
[2005/04/01 17:16:00 | 000,540,672 | ---- | C] () -- D:\WINNT\System32\nvhwvid.dll
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- D:\WINNT\System32\qt-mt331.dll
[2003/06/18 08:00:00 | 000,176,400 | ---- | C] () -- D:\WINNT\System32\qcut.dll
[2003/06/18 08:00:00 | 000,033,552 | ---- | C] () -- D:\WINNT\System32\efsadu.dll
[2003/06/18 08:00:00 | 000,007,265 | ---- | C] () -- D:\WINNT\System32\iasperf.ini
[2003/06/18 08:00:00 | 000,001,505 | ---- | C] () -- D:\WINNT\System32\faxperf.ini
[2003/06/18 08:00:00 | 000,000,023 | ---- | C] () -- D:\WINNT\welcome.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- D:\WINNT\System32\OUTLPERF.INI
[1999/09/25 06:36:24 | 000,088,816 | ---- | C] () -- D:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 06:36:22 | 000,017,424 | ---- | C] () -- D:\WINNT\System32\drivers\lvsound.sys
[1999/07/05 06:00:00 | 000,074,468 | ---- | C] () -- D:\WINNT\System32\mfc45.dll

========== LOP Check ==========

[2010/06/02 20:49:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\iolo
[2010/05/25 21:41:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Opera
[2010/06/26 19:22:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/05/27 21:34:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\iolo
[2010/06/26 21:07:10 | 000,000,432 | ---- | M] () -- D:\WINNT\Tasks\RegCure Program Check.job
[2010/06/17 03:00:00 | 000,000,366 | ---- | M] () -- D:\WINNT\Tasks\RegCure.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 8908 bytes -> D:\Documents and Settings\Administrator\My Documents\HP25 Series.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 8344 bytes -> D:\Documents and Settings\Administrator\My Documents\whirlpool dehumidifier 124552.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 8160 bytes -> D:\Documents and Settings\Administrator\My Documents\CNS17_Brochure10update.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7700 bytes -> D:\Documents and Settings\Administrator\My Documents\Additives PK1314 Product Leaflet.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6944 bytes -> D:\Documents and Settings\Administrator\My Documents\1996 sebring.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6612 bytes -> D:\Documents and Settings\Administrator\My Documents\Image.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6516 bytes -> D:\Documents and Settings\Administrator\My Documents\index.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6440 bytes -> D:\WINNT\guard.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5832 bytes -> D:\WINNT\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5776 bytes -> D:\Documents and Settings\Administrator\My Documents\sakura-waterfall-coverup.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5040 bytes -> D:\Documents and Settings\Administrator\My Documents\The F-Bomb.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4608 bytes -> D:\Documents and Settings\Administrator\My Documents\GalvanizedSteelTDM.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4572 bytes -> D:\Documents and Settings\Administrator\Desktop\couch2.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4384 bytes -> D:\Documents and Settings\Administrator\Desktop\x-box-360.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3904 bytes -> D:\Documents and Settings\Administrator\My Documents\lol.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3896 bytes -> D:\Documents and Settings\Administrator\Desktop\xbox360balllogolarge.ol.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3864 bytes -> D:\WINNT\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3840 bytes -> D:\WINNT\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2980 bytes -> D:\WINNT\System32\setup.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2744 bytes -> D:\WINNT\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1256 bytes -> D:\WINNT\System32\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 10116 bytes -> D:\Documents and Settings\Administrator\My Documents\117127-1.png:Q30lsldxJoudresxAaaqpcawXc
< End of report >
  • 0

#4
jeff may
Posted 26 June 2010 - 09:51 PM

jeff may

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ron,

THANK YOU

jeff
  • 0

#5
RKinner
Posted 27 June 2010 - 01:19 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Try the free virus scan at BitDefender:

http://www.bitdefend...nline/free.html

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP