Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malwarebytes and Avast cannot find it

Started by moe jr , May 02 2011 10:10 PM

  • This topic is locked This topic is locked

#61
Render
Posted 09 May 2011 - 06:19 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Is the new service pack requiring more power and that's why initial startup takes a while?

It shouldn't. Run and use machine for some day or two and you will see.

I was wondering, for future reference, what are the differences between an OTL scan/fix and the Combofix scan/fix?

With scanning we gather informations about current state of the system. With fixing well... we can move files and so one. You can read about OTL here.
I would leave Combofix. It's a very powerful tool but also can be very dangerous tool. You can join GeeksToGo' Geek University. It's a great place to learn more on what we do and then be able to help others on the forum. You can find more informations about Geek Univeristy here.
  • 0

Advertisements

#62
moe jr
Posted 09 May 2011 - 06:26 PM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Ok here's the last scan. How does it look?

OTL logfile created on: 5/9/2011 4:47:30 PM - Run 8
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\catman3152\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 15.08 Gb Free Space | 40.49% Space Free | Partition Type: NTFS

Computer Name: NUMEROUNO | User Name: catman3152 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
PRC - [2011/04/18 09:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 09:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/18 09:25:09 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/19 11:06:18 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2006/01/19 11:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
PRC - [2006/01/19 11:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
PRC - [2003/08/13 08:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe


========== Modules (SafeList) ==========

MOD - [2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
MOD - [2011/04/18 09:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2008/04/14 05:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 09:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/18 09:25:09 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 09:18:45 | 000,102,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/04/18 09:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 09:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 09:17:20 | 000,192,984 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/04/18 09:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 09:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 09:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 09:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 09:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/18 08:49:53 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\86061092.sys -- (86061092)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\8606109.sys -- (setup_9.0.0.722_07.05.2011_23-37drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\86061091.sys -- (86061091)
DRV - [2006/06/11 17:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DGIVECP.SYS -- (DgiVecp)
DRV - [2004/08/03 21:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 21:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/07/26 19:09:20 | 000,005,593 | ---- | M] (VIEWQUEST THCHNOLOGIES LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VQ2101XP.SYS -- (VQ21FIL) ViewQuest USB Filter Driver (FILTER)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/05/08 15:52:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [USPTO Direct Recovery] C:\Program Files\USPTO\etdirrcv.exe (Entrust®)
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\catman3152\Start Menu\Programs\Startup\setup_9.0.0.722_07.05.2011_23-37.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {13EC470D-6583-42A3-B07D-648F70BC5CA0} http://extranet.prot...rrent/setup.exe (ProtoView Class)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1083551604734 (MSSecurityAdvisor Class)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by15fd.bay15....ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 15:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Musicmatch
[2011/05/09 15:42:14 | 000,108,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2011/05/09 15:42:14 | 000,104,960 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2011/05/09 15:42:14 | 000,056,832 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/05/09 15:42:13 | 001,093,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/05/09 15:42:13 | 000,057,344 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/05/09 15:42:13 | 000,054,272 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/05/09 15:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\catman3152\Application Data\Musicmatch
[2011/05/09 15:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\catman3152\Local Settings\Application Data\Musicmatch
[2011/05/09 15:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/05/09 13:43:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/09 09:36:48 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/05/09 09:36:48 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/05/09 09:36:38 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2011/05/09 09:36:37 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2011/05/09 09:36:34 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2011/05/09 09:36:30 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2011/05/09 09:36:30 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2011/05/09 09:36:29 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll
[2011/05/09 09:36:28 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2011/05/09 09:36:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/05/09 09:36:08 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/05/09 09:36:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/05/09 09:36:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/05/09 09:36:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/05/09 09:36:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/05/09 09:36:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/05/09 09:36:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2011/05/09 09:36:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2011/05/09 09:36:06 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/05/09 09:36:06 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/05/09 09:36:06 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2011/05/09 09:36:06 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/05/09 09:36:06 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/05/09 09:36:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2011/05/09 09:36:05 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/05/09 09:36:05 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/05/09 09:36:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2011/05/09 09:36:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2011/05/09 09:36:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/05/09 09:36:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/05/09 09:36:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/05/09 09:36:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/05/09 09:36:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/05/09 09:36:00 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/05/09 09:36:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/05/09 09:36:00 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/05/09 09:36:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/05/09 09:35:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/05/09 09:35:59 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/05/09 09:35:59 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/05/09 09:35:59 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/05/09 09:35:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/05/09 09:35:58 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2011/05/09 09:35:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/05/09 09:35:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2011/05/09 09:35:57 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/05/09 09:35:56 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/05/09 09:35:56 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2011/05/09 09:35:56 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/05/09 09:35:54 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/05/09 09:35:53 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/05/09 09:35:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/09 09:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/05/09 09:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2011/05/09 09:35:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/05/09 09:29:37 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2011/05/09 09:29:28 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4dmod.dll
[2011/05/09 09:29:23 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2011/05/09 09:29:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll
[2011/05/09 09:29:22 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2011/05/09 09:29:18 | 002,940,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll
[2011/05/09 09:29:18 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll
[2011/05/09 09:29:18 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2011/05/08 09:57:51 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/05/08 09:57:19 | 000,192,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/05/08 09:56:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/05/08 09:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2011/05/08 09:54:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/08 09:11:44 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/08 09:11:44 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/08 09:11:37 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/08 09:11:36 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/08 09:11:35 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/08 09:11:34 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/08 09:11:34 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/08 09:11:33 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/08 09:10:57 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/08 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/08 09:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/08 08:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/08 08:13:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/08 08:07:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/08 08:07:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/08 08:07:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/08 08:07:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/08 08:05:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/07 13:32:51 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\86061091.sys
[2011/05/07 13:32:51 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\86061092.sys
[2011/05/07 13:32:50 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\8606109.sys
[2011/05/07 08:32:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/04 11:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\catman3152\Local Settings\Application Data\PhotoChannel
[2011/05/04 11:15:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/05/04 11:15:28 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/05/03 08:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\catman3152\Application Data\QFX Software
[2011/05/03 08:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/05/03 07:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/05/02 20:31:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 15:55:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/09 15:55:08 | 1340,149,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 15:43:41 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\catman3152\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2011/05/09 15:43:41 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Musicmatch JUKEBOX.lnk
[2011/05/09 15:18:00 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/09 13:47:26 | 000,814,096 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/09 13:47:26 | 000,158,586 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/09 13:45:19 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\catman3152\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/09 13:42:44 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/09 13:41:20 | 000,377,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/09 09:24:32 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2011/05/08 15:52:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/05/08 10:05:07 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/08 08:14:04 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/05/08 08:03:28 | 004,343,565 | R--- | M] () -- C:\Documents and Settings\catman3152\Desktop\ComboFix.exe
[2011/05/08 06:55:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/07 13:36:06 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\catman3152\Start Menu\Programs\Startup\setup_9.0.0.722_07.05.2011_23-37.lnk
[2011/05/07 02:35:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/05/05 18:43:45 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
[2011/04/29 18:01:01 | 000,096,059 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt TEST PDF.pdf
[2011/04/25 18:37:09 | 000,096,116 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs L PDF.pdf
[2011/04/25 18:35:27 | 000,486,400 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/22 13:34:40 | 000,038,021 | ---- | M] () -- C:\invoice 3 EAST WEST.rtf
[2011/04/20 10:05:49 | 000,096,059 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt pdf final.pdf
[2011/04/20 09:58:37 | 000,956,928 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/18 09:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 09:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 09:18:45 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/04/18 09:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 09:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 09:17:20 | 000,192,984 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/04/18 09:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 09:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 09:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 09:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 09:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 09:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/18 08:49:53 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 15:43:41 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Musicmatch JUKEBOX.lnk
[2011/05/09 09:36:41 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/05/09 09:36:41 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/05/09 09:36:41 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/05/09 09:36:41 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/05/09 09:36:40 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/05/09 09:36:40 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/05/09 09:36:40 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/05/09 09:36:39 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/05/09 09:36:39 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/05/09 09:36:39 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/05/09 09:36:39 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/05/09 09:36:39 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/05/09 09:36:39 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/05/09 09:36:38 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/05/09 09:36:38 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/05/09 09:36:38 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/05/09 09:36:38 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/05/09 09:36:37 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/05/09 09:36:37 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/05/09 09:36:36 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/05/09 09:36:36 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/05/09 09:36:36 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/05/09 09:36:36 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/05/09 09:36:36 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/05/09 09:36:36 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/05/09 09:36:36 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/05/09 09:36:36 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/05/09 09:36:35 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/05/09 09:36:35 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/05/09 09:36:35 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/05/09 09:36:35 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/05/09 09:36:35 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/05/09 09:36:35 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/05/09 09:36:35 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/05/09 09:36:35 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/05/09 09:36:35 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/05/09 09:36:34 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/05/09 09:36:34 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/05/09 09:36:34 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/05/09 09:36:34 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/05/09 09:36:34 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/05/09 09:36:34 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/05/09 09:36:34 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/05/09 09:36:34 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/05/09 09:36:33 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/05/09 09:36:33 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/05/09 09:36:33 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/05/09 09:36:33 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/05/09 09:36:33 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/05/09 09:36:33 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/05/09 09:36:33 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/05/09 09:36:33 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/05/09 09:36:33 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/05/09 09:36:33 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/05/09 09:36:33 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/05/09 09:36:32 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/05/09 09:36:32 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/05/09 09:36:32 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/05/09 09:36:32 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/05/09 09:36:32 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/05/09 09:36:32 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/05/09 09:36:32 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/05/09 09:36:32 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/05/09 09:36:32 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/05/09 09:36:30 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/05/09 09:36:30 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/05/09 09:36:30 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/05/09 09:36:29 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/05/09 09:36:28 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/05/09 09:36:27 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/05/09 09:36:27 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/05/09 09:36:27 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/05/09 09:36:27 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/05/09 09:36:27 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/05/09 09:36:27 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/05/09 09:36:27 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/05/09 09:36:27 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/05/09 09:36:27 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/05/09 09:36:26 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/05/09 09:36:26 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/05/09 09:29:27 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2011/05/08 16:52:30 | 1340,149,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/08 08:14:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/08 08:14:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/08 08:07:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/08 08:07:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/08 08:07:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/08 08:07:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/08 08:07:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/08 08:03:19 | 004,343,565 | R--- | C] () -- C:\Documents and Settings\catman3152\Desktop\ComboFix.exe
[2011/05/07 13:36:06 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\catman3152\Start Menu\Programs\Startup\setup_9.0.0.722_07.05.2011_23-37.lnk
[2011/05/05 18:43:45 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/05/05 18:43:45 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/04/29 18:00:54 | 000,096,059 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt TEST PDF.pdf
[2011/04/25 18:37:03 | 000,096,116 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs L PDF.pdf
[2011/04/25 18:35:27 | 000,486,400 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/22 13:34:40 | 000,038,021 | ---- | C] () -- C:\invoice 3 EAST WEST.rtf
[2011/01/31 17:11:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/12/25 09:12:30 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/12/23 10:19:56 | 000,006,690 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\B40A.FB7
[2010/12/16 06:05:30 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\html.html
[2009/11/03 14:55:06 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/06/30 14:42:35 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\tiff2pdf.dll
[2009/04/29 11:58:34 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2008/02/29 10:07:53 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/26 10:51:51 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/04 11:04:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstpw.exe
[2006/01/04 10:19:16 | 004,464,640 | ---- | C] () -- C:\WINDOWS\System32\ImageMagickObject.dll
[2004/12/08 12:22:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/10/02 08:09:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/22 08:11:00 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/02 18:32:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24581_up.exe
[2004/04/29 06:37:36 | 000,000,136 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/25 20:50:28 | 000,028,775 | ---- | C] () -- C:\WINDOWS\javaw.exe
[2004/02/25 20:50:28 | 000,024,677 | ---- | C] () -- C:\WINDOWS\java.exe
[2004/02/24 17:28:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/23 22:16:59 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\fusioncache.dat
[2004/02/23 22:05:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/02/20 20:57:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/02/20 20:57:19 | 000,000,014 | ---- | C] () -- C:\WINDOWS\exchng32.ini
[2004/02/20 20:57:19 | 000,000,012 | ---- | C] () -- C:\WINDOWS\datalink.ini
[2004/02/20 20:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2004/02/04 09:38:00 | 000,000,027 | ---- | C] () -- C:\WINDOWS\V2101LOC.INI
[2004/02/04 08:56:20 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2004/02/04 08:56:19 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2004/02/04 08:56:19 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2004/02/04 08:56:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2004/02/03 20:41:46 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\PFP110JPR.{PB
[2004/02/03 20:41:46 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\PFP110JCM.{PB
[2004/02/03 19:36:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/01/31 08:52:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/29 18:04:08 | 000,000,695 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/01/29 16:09:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/01/29 09:25:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2004/01/21 18:33:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 18:27:52 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/01/21 18:22:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/01/21 18:20:40 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/21 18:07:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/01/21 18:05:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/21 18:05:28 | 000,814,096 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/01/21 18:05:28 | 000,158,586 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/01/21 18:05:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/21 17:51:44 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/19 11:41:32 | 000,377,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/19 11:40:04 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/08/19 11:38:56 | 000,000,889 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/13 20:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/14 11:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/07/14 11:30:27 | 000,034,816 | ---- | C] () -- C:\WINDOWS\patch.exe
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2002/10/08 12:24:44 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2002/09/03 06:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 06:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\TRAFFIC.DLL
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/03/20 00:00:00 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1996/03/20 00:00:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI

========== LOP Check ==========

[2010/02/15 21:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/08 09:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/03/24 20:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2004/01/29 18:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/03/21 07:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/02/26 10:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/03/06 12:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dKiFoJf06510
[2006/02/02 11:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel
[2010/12/25 09:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pCiFh08200
[2011/03/18 07:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/05/03 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2010/02/22 17:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/15 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2007/06/19 10:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\ICAClient
[2004/01/31 08:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Leadertech
[2011/05/09 15:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Musicmatch
[2011/01/31 17:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\pdfforge
[2011/05/03 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\QFX Software
[2011/01/31 17:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Search Settings
[2011/05/07 02:35:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/01/04 10:17:03 | 005,743,477 | ---- | M] (USPTO) -- C:\ABX121.exe
[2006/01/13 12:23:26 | 008,054,797 | ---- | M] () -- C:\DesignWorkshop_Lite-Win.exe
[2006/01/17 19:12:33 | 006,054,832 | ---- | M] (SolidWorks Corporation ) -- C:\eDrawingsEnglish.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004/08/03 23:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2002/08/29 03:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2002/08/29 03:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2002/08/29 03:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2002/08/29 03:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe
[2004/05/26 17:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#63
Render
Posted 09 May 2011 - 06:41 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
See you tomorrow.:)
  • 0

#64
Render
Posted 10 May 2011 - 03:07 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Congratulations, your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Reset System Restore points:

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [WinampAgent] File not found

    :Files
    C:\Documents and Settings\All Users\Application Data\dKiFoJf06510
    C:\Documents and Settings\All Users\Application Data\pCiFh08200
    C:\Documents and Settings\All Users\Application Data\Viewpoint

    :Commands
    [ClearAllRestorePoints]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Java and Adobe Reader updates

There are certain programs that are security vulnerabilities, it is recommended that you keep everything updated. Two of the main vulnerabilities are Java and Adobe Reader.

Java Updates - Java needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uninstall older versions of Java:

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.

Note:
If the normal uninstallation process (as mentioned above) fails, then please try Microsoft Windows Installer Cleanup Utility. This tool will ensure that all irrelevant Java Runtime Environment Microsoft Installer (msi) registries are removed. Detailed information and download is available at: Description of the Windows Installer CleanUp Utility

Removal instructions:

  • Download the Microsoft Installer Clean Up utility file and save it on your desktop
  • Double click on executable file. The installation process will start. Follow the instructions accordingly
  • Once installation process is over, go to Start -> All Programs -> Run Windows Install Clean Up utility
  • This will launch the Windows Installer Clean Up utility dialog box
  • Under the Installed products list, select Java 2 Runtime Environment v1.5.0_03
  • Click Remove and Exit


Update Adobe Acrobat Reader to latest version. You can download it HERE.

Suggestion:

Foxit is a great free PDF alternative. It uses fewer system resources and is not vulnerable to the exploits affecting Adobe Reader. Providing full PDF functionality, Foxit is rapidly becoming the PDF reader of choice for many. Get it here.


Other Software Updates - Go HERE to scan your computer for any out of date software at least once per week. The vast majority of virus, worm and spyware infections could have been prevented, if the user had kept their software up-to-date. You should do everything you can to keep your software up-to-date. Doing so will help you prevent infections and the headaches that follow them.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

#65
moe jr
Posted 10 May 2011 - 08:52 AM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Thank you Render, I appreciate all your time and effort. I will do the upgrades you suggested and keep a closer eye on things. Thanks again.

Moe
  • 0

#66
Render
Posted 10 May 2011 - 09:04 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You are welcome and let me know if you have any other questions.
  • 0

#67
moe jr
Posted 10 May 2011 - 03:12 PM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Actually something came up since I installed the service pack. In the past, when I wanted to download pics from my camera to my computer I would plug it in to a usb port and automatically Windows Camera Wizard would open. I tried it just now and it beeped, which tells me it recognizes the camera being connected, but the Wizard does not open. Can reset some settings to get it to do that?

Thanks
  • 0

#68
Render
Posted 10 May 2011 - 03:16 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

USB connection between camera and PC is working or not?
  • 0

#69
moe jr
Posted 10 May 2011 - 03:27 PM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Yes, it's working, in fact I found the pictures when I went to 'My Computer' and opened the 'removable disc' icon. But I can't seem to find Camera Wizard to set it to open automatically.
  • 0

#70
Render
Posted 10 May 2011 - 03:38 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
If it's working then is OK.:)

For wizard please install camera software. You can usually download it from manufacturer web site if you no longer have install CD.
  • 0

Advertisements

#71
moe jr
Posted 10 May 2011 - 03:39 PM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Actually a dialog box would open once the camera was connected and powered on. I'm not getting that box now.
  • 0

#72
Render
Posted 10 May 2011 - 03:46 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes. But that is not malware related problem. My knowledge ends here. :)

I recommend you to ask about that issue in Windows XP™, 2000, 2003, NT forum.
  • 0

#73
Render
Posted 10 May 2011 - 04:17 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You mean something like this:

Posted Image

or this:

Posted Image
  • 0

#74
moe jr
Posted 10 May 2011 - 05:06 PM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
yes, a dialogue box opens and i can pick to open it with Windows Camera Wizard. The box is not opening and when I go to My Computer it shows an icon of a removable disc instead of a camera. I heard that sometimes downloading the service pack disables these programs from opening automatically.
  • 0

#75
Render
Posted 10 May 2011 - 06:11 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I think that I now know what you've meant. You are talking about so-called autoplay or autorun.

That feature has been disabled with one of the windows updates. It was disabled because of security reasons. You can learn more about that here: Autorun: good for you?, here and here.

So I don't recommend you to enable that feature from security reasons.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP