I have a notebook and a jump drive to move files back and forth.
Can you help
Windows Recovery Virus and maybe something else?
Started by
jvonhorn
, Jun 05 2011 07:22 AM
-
This topic is locked
#1
Posted 05 June 2011 - 07:22 AM
jvonhorn
-
- Member
-
- 14 posts
Member
I have a notebook and a jump drive to move files back and forth.
Can you help
#2
Posted 05 June 2011 - 07:36 AM
jvonhorn
- Topic Starter
-
- Member
-
- 14 posts
Member
OTL logfile created on: 6/5/2011 8:32:01 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.74 Gb Total Space | 64.50 Gb Free Space | 36.29% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.61 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 4.97 Gb Free Space | 66.49% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 11:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/09/03 01:45:02 | 000,227,232 | -H-- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/15 16:41:15 | 001,119,888 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 08:18:24 | 000,045,744 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/30 17:42:18 | 000,133,792 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 03:48:40 | 000,072,280 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 10:10:56 | 000,749,696 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 06:24:20 | 000,214,672 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/16 19:27:12 | 000,169,584 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/16 19:27:10 | 000,202,352 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/16 19:27:06 | 000,192,112 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 10:21:14 | 001,160,800 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 09:22:48 | 000,198,368 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/02 19:19:16 | 000,058,880 | -H-- | M] (Microsoft) [Disabled | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/10 13:41:30 | 000,067,656 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,012,872 | -H-- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/27 16:12:22 | 007,655,872 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/17 19:16:06 | 001,390,976 | RH-- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 15:21:28 | 000,142,336 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/18 18:48:58 | 004,816,896 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | -H-- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/15 16:41:16 | 000,010,344 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | -H-- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 04:00:00 | 000,799,208 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 04:00:00 | 000,077,864 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 10:31:04 | 000,013,056 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 06:20:50 | 000,241,664 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:42 | 000,670,208 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 06:20:40 | 000,936,448 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/16 19:20:06 | 000,108,168 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 10:21:14 | 000,389,728 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 14:07:36 | 000,199,408 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 09:22:50 | 000,053,896 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 09:22:48 | 000,334,984 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/06 11:12:36 | 000,021,632 | -H-- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005/02/14 12:54:26 | 000,013,824 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys -- (AmdAcpi)
DRV - [2004/08/03 09:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 09:15:56 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 09:15:56 | 000,000,000 | -H-D | M]
[2009/08/22 21:25:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/07 11:19:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aiuzspyk.default\extensions
[2011/05/05 14:34:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 15:50:21 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/06 11:40:39 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 09:15:41 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/03/24 12:00:00 | 000,555,008 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2011/02/02 22:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 09:15:47 | 000,002,252 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/05/25 06:54:18 | 000,000,850 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 16:02:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/05 08:31:28 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/04 21:48:45 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/04 15:59:53 | 004,112,369 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:09:20 | 000,000,000 | --SD | C] -- C:\123456
[2011/06/04 11:07:34 | 000,000,000 | --SD | C] -- C:\ComboFix12315949C
[2011/06/04 11:06:35 | 000,000,000 | --SD | C] -- C:\ComboFix123
[2011/06/04 11:03:29 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2011/05/25 06:58:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/25 06:53:50 | 000,289,144 | -H-- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/05/25 06:53:50 | 000,288,417 | -H-- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/05/25 06:53:50 | 000,135,168 | -H-- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/05/25 06:53:50 | 000,087,552 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/05/25 06:53:50 | 000,082,944 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/05/25 06:53:50 | 000,082,944 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/05/25 06:53:50 | 000,082,432 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/05/25 06:53:50 | 000,080,384 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/05/25 06:53:50 | 000,079,360 | -H-- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/05/25 06:53:50 | 000,078,336 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/05/25 06:53:50 | 000,053,248 | -H-- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/05/25 06:53:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\SmitfraudFix
[2011/05/25 06:51:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/05/25 06:51:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/25 06:44:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/05/24 23:24:51 | 000,369,152 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14671652.exe
[2011/05/24 23:15:47 | 000,473,600 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa .exe
[2011/05/15 12:26:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Datel
[2011/05/14 21:40:50 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW.5.tmp
[2011/05/12 20:59:40 | 000,000,000 | -H-D | C] -- C:\ERDNT
[2011/05/12 20:59:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ERUNT
[2011/05/12 20:59:34 | 000,000,000 | -H-D | C] -- C:\!FixIEDef
[2011/05/12 20:44:12 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW.4.tmp
[2011/05/10 20:44:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/05/10 20:43:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/10 20:43:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/07 14:30:10 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW.3.tmp
[2011/05/07 11:55:07 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW.2.tmp
[2011/05/07 09:33:59 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW.1.tmp
[2011/05/07 09:15:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\pss
[5 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/04 21:48:56 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 17:35:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 16:07:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2011/06/04 16:07:10 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2011/06/04 16:07:06 | 000,832,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2011/06/04 12:00:42 | 004,112,369 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:08:34 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011/06/04 11:03:23 | 000,000,275 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/06/04 10:23:41 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 07:05:52 | 000,000,335 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/05/25 07:05:32 | 000,000,896 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 07:05:15 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\MDGFNB.job
[2011/05/25 07:05:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/05/25 06:54:20 | 000,003,474 | -H-- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:54:18 | 000,000,850 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/25 06:31:47 | 000,001,038 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007UA.job
[2011/05/25 00:24:19 | 000,221,196 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
[2011/05/24 23:47:36 | 000,000,986 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007Core.job
[2011/05/24 23:25:11 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 23:24:51 | 000,369,152 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14671652.exe
[2011/05/24 23:15:46 | 000,473,600 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa .exe
[2011/05/24 21:30:24 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/05/23 06:55:24 | 000,111,618 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/05/17 06:53:17 | 000,524,080 | -H-- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/05/17 06:53:17 | 000,442,796 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/17 06:53:17 | 000,071,936 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/17 06:49:40 | 000,249,230 | -H-- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/17 06:46:32 | 000,000,477 | -H-- | M] () -- C:\WINDOWS\win.ini
[2011/05/17 06:46:32 | 000,000,227 | -H-- | M] () -- C:\WINDOWS\system.ini
[2011/05/10 18:51:52 | 000,012,540 | -H-- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/10 18:42:04 | 000,000,186 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/07 09:11:50 | 000,016,384 | -H-- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[5 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/04 21:48:56 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 11:03:34 | 006,568,480 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware(2).exe
[2011/06/04 11:03:23 | 000,000,275 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/05/25 06:54:20 | 000,003,474 | -H-- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:53:50 | 000,075,776 | -H-- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/05/25 06:53:50 | 000,051,200 | -H-- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/05/25 06:51:31 | 000,000,896 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 23:25:11 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 23:15:47 | 000,221,196 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
[2011/05/05 15:49:53 | 000,114,176 | RHS- | C] () -- C:\WINDOWS\System32\d3d9capsn.dll
[2011/03/10 04:50:05 | 000,054,272 | -H-- | C] () -- C:\WINDOWS\System32\cmdlperf.dll
[2009/10/27 13:10:11 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/27 12:52:49 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/07/21 03:01:42 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 22:25:14 | 000,000,319 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009/02/26 20:15:08 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/10/07 09:13:30 | 000,197,912 | -H-- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/14 20:39:53 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 16:58:50 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 22:29:48 | 000,022,328 | -H-- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/01/15 16:51:43 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/15 16:31:31 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/15 16:26:43 | 000,012,989 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/15 16:26:37 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/15 16:23:25 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/15 16:13:37 | 000,000,108 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 16:12:18 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/15 16:06:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/15 16:03:05 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/15 16:03:05 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/15 16:01:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/15 15:39:58 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 02:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2011/04/02 09:47:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/01/15 16:17:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/06/04 17:29:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 22:32:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/02/26 21:09:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2007/06/06 11:20:27 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2011/05/25 07:05:15 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\MDGFNB.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.74 Gb Total Space | 64.50 Gb Free Space | 36.29% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.61 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 4.97 Gb Free Space | 66.49% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 11:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/09/03 01:45:02 | 000,227,232 | -H-- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/15 16:41:15 | 001,119,888 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 08:18:24 | 000,045,744 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/30 17:42:18 | 000,133,792 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 03:48:40 | 000,072,280 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 10:10:56 | 000,749,696 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 06:24:20 | 000,214,672 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/16 19:27:12 | 000,169,584 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/16 19:27:10 | 000,202,352 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/16 19:27:06 | 000,192,112 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 10:21:14 | 001,160,800 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 09:22:48 | 000,198,368 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/02 19:19:16 | 000,058,880 | -H-- | M] (Microsoft) [Disabled | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/10 13:41:30 | 000,067,656 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,012,872 | -H-- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/27 16:12:22 | 007,655,872 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/17 19:16:06 | 001,390,976 | RH-- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 15:21:28 | 000,142,336 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/18 18:48:58 | 004,816,896 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | -H-- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/15 16:41:16 | 000,010,344 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | -H-- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 04:00:00 | 000,799,208 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 04:00:00 | 000,077,864 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 10:31:04 | 000,013,056 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 06:20:50 | 000,241,664 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:42 | 000,670,208 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 06:20:40 | 000,936,448 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/16 19:20:06 | 000,108,168 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 10:21:14 | 000,389,728 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 14:07:36 | 000,199,408 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 09:22:50 | 000,053,896 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 09:22:48 | 000,334,984 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/06 11:12:36 | 000,021,632 | -H-- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005/02/14 12:54:26 | 000,013,824 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys -- (AmdAcpi)
DRV - [2004/08/03 09:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 09:15:56 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 09:15:56 | 000,000,000 | -H-D | M]
[2009/08/22 21:25:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/07 11:19:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aiuzspyk.default\extensions
[2011/05/05 14:34:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 15:50:21 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/06 11:40:39 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 09:15:41 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/03/24 12:00:00 | 000,555,008 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2011/02/02 22:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 09:15:47 | 000,002,252 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/05/25 06:54:18 | 000,000,850 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 16:02:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/05 08:31:28 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/04 21:48:45 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/04 15:59:53 | 004,112,369 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:09:20 | 000,000,000 | --SD | C] -- C:\123456
[2011/06/04 11:07:34 | 000,000,000 | --SD | C] -- C:\ComboFix12315949C
[2011/06/04 11:06:35 | 000,000,000 | --SD | C] -- C:\ComboFix123
[2011/06/04 11:03:29 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2011/05/25 06:58:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/25 06:53:50 | 000,289,144 | -H-- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/05/25 06:53:50 | 000,288,417 | -H-- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/05/25 06:53:50 | 000,135,168 | -H-- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/05/25 06:53:50 | 000,087,552 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/05/25 06:53:50 | 000,082,944 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/05/25 06:53:50 | 000,082,944 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/05/25 06:53:50 | 000,082,432 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/05/25 06:53:50 | 000,080,384 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/05/25 06:53:50 | 000,079,360 | -H-- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/05/25 06:53:50 | 000,078,336 | -H-- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/05/25 06:53:50 | 000,053,248 | -H-- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/05/25 06:53:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\SmitfraudFix
[2011/05/25 06:51:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/05/25 06:51:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/25 06:44:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/05/24 23:24:51 | 000,369,152 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14671652.exe
[2011/05/24 23:15:47 | 000,473,600 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa .exe
[2011/05/15 12:26:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Datel
[2011/05/14 21:40:50 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW.5.tmp
[2011/05/12 20:59:40 | 000,000,000 | -H-D | C] -- C:\ERDNT
[2011/05/12 20:59:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ERUNT
[2011/05/12 20:59:34 | 000,000,000 | -H-D | C] -- C:\!FixIEDef
[2011/05/12 20:44:12 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW.4.tmp
[2011/05/10 20:44:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/05/10 20:43:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/10 20:43:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/07 14:30:10 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW.3.tmp
[2011/05/07 11:55:07 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW.2.tmp
[2011/05/07 09:33:59 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW.1.tmp
[2011/05/07 09:15:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\pss
[5 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/04 21:48:56 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 17:35:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 16:07:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2011/06/04 16:07:10 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2011/06/04 16:07:06 | 000,832,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2011/06/04 12:00:42 | 004,112,369 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:08:34 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011/06/04 11:03:23 | 000,000,275 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/06/04 10:23:41 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 07:05:52 | 000,000,335 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/05/25 07:05:32 | 000,000,896 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 07:05:15 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\MDGFNB.job
[2011/05/25 07:05:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/05/25 06:54:20 | 000,003,474 | -H-- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:54:18 | 000,000,850 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/25 06:31:47 | 000,001,038 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007UA.job
[2011/05/25 00:24:19 | 000,221,196 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
[2011/05/24 23:47:36 | 000,000,986 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007Core.job
[2011/05/24 23:25:11 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 23:24:51 | 000,369,152 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14671652.exe
[2011/05/24 23:15:46 | 000,473,600 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa .exe
[2011/05/24 21:30:24 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/05/23 06:55:24 | 000,111,618 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/05/17 06:53:17 | 000,524,080 | -H-- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/05/17 06:53:17 | 000,442,796 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/17 06:53:17 | 000,071,936 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/17 06:49:40 | 000,249,230 | -H-- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/17 06:46:32 | 000,000,477 | -H-- | M] () -- C:\WINDOWS\win.ini
[2011/05/17 06:46:32 | 000,000,227 | -H-- | M] () -- C:\WINDOWS\system.ini
[2011/05/10 18:51:52 | 000,012,540 | -H-- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/10 18:42:04 | 000,000,186 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/07 09:11:50 | 000,016,384 | -H-- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[5 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/04 21:48:56 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 11:03:34 | 006,568,480 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware(2).exe
[2011/06/04 11:03:23 | 000,000,275 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/05/25 06:54:20 | 000,003,474 | -H-- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:53:50 | 000,075,776 | -H-- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/05/25 06:53:50 | 000,051,200 | -H-- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/05/25 06:51:31 | 000,000,896 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 23:25:11 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 23:15:47 | 000,221,196 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
[2011/05/05 15:49:53 | 000,114,176 | RHS- | C] () -- C:\WINDOWS\System32\d3d9capsn.dll
[2011/03/10 04:50:05 | 000,054,272 | -H-- | C] () -- C:\WINDOWS\System32\cmdlperf.dll
[2009/10/27 13:10:11 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/27 12:52:49 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/07/21 03:01:42 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 22:25:14 | 000,000,319 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009/02/26 20:15:08 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/10/07 09:13:30 | 000,197,912 | -H-- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/14 20:39:53 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 16:58:50 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 22:29:48 | 000,022,328 | -H-- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/01/15 16:51:43 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/15 16:31:31 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/15 16:26:43 | 000,012,989 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/15 16:26:37 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/15 16:23:25 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/15 16:13:37 | 000,000,108 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 16:12:18 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/15 16:06:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/15 16:03:05 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/15 16:03:05 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/15 16:01:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/15 15:39:58 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 02:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2011/04/02 09:47:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/01/15 16:17:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/06/04 17:29:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 22:32:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/02/26 21:09:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2007/06/06 11:20:27 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2011/05/25 07:05:15 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\MDGFNB.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
#3
Posted 05 June 2011 - 08:14 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi there - lets see if we can get you out of this fix
Download RogueKiller to your desktop
THEN
Run RogueKiller again this time selecting option 6
Again the log will be saved, add that to your post as well
NEXT
Run OTL
Download RogueKiller to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 1 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
THEN
Run RogueKiller again this time selecting option 6
Again the log will be saved, add that to your post as well
NEXT
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
[2011/05/24 23:24:51 | 000,369,152 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14671652.exe
[2011/05/24 23:15:47 | 000,473,600 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa .exe
[2011/05/25 07:05:15 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\MDGFNB.job
[2011/05/24 23:25:11 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 23:24:51 | 000,369,152 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14671652.exe
[2011/05/24 23:15:46 | 000,473,600 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa .exe
[2011/05/24 21:30:24 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/05/23 06:55:24 | 000,111,618 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/05/07 09:11:50 | 000,016,384 | -H-- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2011/05/24 23:25:11 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 23:15:47 | 000,221,196 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#4
Posted 05 June 2011 - 08:49 AM
jvonhorn
- Topic Starter
-
- Member
-
- 14 posts
Member
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: Administrator [Admin rights]
Mode: Scan -- Date : 06/05/2011 09:25:33
Bad processes: 1
[SUSP PATH] notepad.exe -- c:\windows\notepad.exe -> KILLED
Registry Entries: 5
[SUSP PATH] HKUS\.DEFAULT[...]\Run : R8388QA8U8 (C:\WINDOWS\TEMP\Pdx.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : R8388QA8U8 (C:\WINDOWS\TEMP\Pdx.exe) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
HOSTS File:
127.0.0.1 localhost
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date : 06/05/2011 09:46:19
Bad processes: 0
File attributes restored:
Desktop: Success 6 / Fail 0
Quick launch: Success 9 / Fail 0
Programs: Success 137085 / Fail 0
Start menu: Success 100 / Fail 0
User folder: Success 1173 / Fail 0
My documents: Success 187 / Fail 0
My favorites: Success 9 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 70894 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\Harddisk2\DP(1)0-0+9 -- 0x2 --> Restored
[G:] \Device\Harddisk3\DP(1)0-0+a -- 0x2 --> Restored
[H:] \Device\Harddisk4\DP(1)0-0+b -- 0x2 --> Restored
[I:] \Device\Harddisk5\DP(1)0-0+c -- 0x2 --> Restored
[K:] \Device\CdRom3 -- 0x5 --> Skipped
[L:] \Device\Harddisk1\DP(1)0-0+10 -- 0x2 --> Restored
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: Administrator [Admin rights]
Mode: Scan -- Date : 06/05/2011 09:25:33
Bad processes: 1
[SUSP PATH] notepad.exe -- c:\windows\notepad.exe -> KILLED
Registry Entries: 5
[SUSP PATH] HKUS\.DEFAULT[...]\Run : R8388QA8U8 (C:\WINDOWS\TEMP\Pdx.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : R8388QA8U8 (C:\WINDOWS\TEMP\Pdx.exe) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
HOSTS File:
127.0.0.1 localhost
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date : 06/05/2011 09:46:19
Bad processes: 0
File attributes restored:
Desktop: Success 6 / Fail 0
Quick launch: Success 9 / Fail 0
Programs: Success 137085 / Fail 0
Start menu: Success 100 / Fail 0
User folder: Success 1173 / Fail 0
My documents: Success 187 / Fail 0
My favorites: Success 9 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 70894 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\Harddisk2\DP(1)0-0+9 -- 0x2 --> Restored
[G:] \Device\Harddisk3\DP(1)0-0+a -- 0x2 --> Restored
[H:] \Device\Harddisk4\DP(1)0-0+b -- 0x2 --> Restored
[I:] \Device\Harddisk5\DP(1)0-0+c -- 0x2 --> Restored
[K:] \Device\CdRom3 -- 0x5 --> Skipped
[L:] \Device\Harddisk1\DP(1)0-0+10 -- 0x2 --> Restored
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
#5
Posted 05 June 2011 - 08:53 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
All files and folders should have returned now
#6
Posted 05 June 2011 - 09:05 AM
jvonhorn
- Topic Starter
-
- Member
-
- 14 posts
Member
OTL logfile created on: 6/5/2011 9:58:41 AM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 93.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.74 Gb Total Space | 64.67 Gb Free Space | 36.39% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.61 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 6.89 Gb Free Space | 92.16% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 08:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 03:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 10:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 10:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 09:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Disabled | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 15:21:28 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/18 18:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/15 16:41:16 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 04:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 04:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/16 19:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 10:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 14:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 09:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 09:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/06 11:12:36 | 000,021,632 | ---- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005/02/14 12:54:26 | 000,013,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys -- (AmdAcpi)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
[2009/08/22 21:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/07 11:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aiuzspyk.default\extensions
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 15:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/06 11:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 09:15:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/03/24 12:00:00 | 000,555,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 09:15:47 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/06/05 09:53:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 16:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2011/06/05 09:53:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/05 09:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/06/05 08:31:28 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/04 15:59:53 | 004,112,369 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:09:20 | 000,000,000 | --SD | C] -- C:\123456
[2011/06/04 11:07:34 | 000,000,000 | --SD | C] -- C:\ComboFix12315949C
[2011/06/04 11:06:35 | 000,000,000 | --SD | C] -- C:\ComboFix123
[2011/05/25 06:58:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/25 06:53:50 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/05/25 06:53:50 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/05/25 06:53:50 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/05/25 06:53:50 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/05/25 06:53:50 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/05/25 06:53:50 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/05/25 06:53:50 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/05/25 06:53:50 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/05/25 06:53:50 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/05/25 06:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\SmitfraudFix
[2011/05/25 06:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/05/25 06:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/25 06:44:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/05/24 23:24:51 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14671652.exe
[2011/05/24 23:15:47 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa .exe
[2011/05/15 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2011/05/14 21:40:50 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.5.tmp
[2011/05/12 20:59:40 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/05/12 20:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2011/05/12 20:59:34 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/05/12 20:44:12 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.4.tmp
[2011/05/10 20:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/05/10 20:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/10 20:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/07 14:30:10 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.3.tmp
[2011/05/07 11:55:07 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp
[2011/05/07 09:33:59 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2011/05/07 09:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/06 04:59:39 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/05/05 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/05 10:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/05 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/04 21:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2011/05/04 18:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/05/04 18:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/04 18:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/02 09:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Plants vs Zombies
[2011/04/02 09:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/04/02 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/02 09:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/03/31 07:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/03/31 07:22:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[5 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2011/06/05 09:56:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 09:54:41 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011/06/05 09:53:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2011/06/05 09:53:20 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2011/06/05 09:53:18 | 001,107,216 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2011/06/05 09:53:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/05 09:23:36 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/04 21:48:56 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 12:00:42 | 004,112,369 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:03:23 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/06/04 10:23:41 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 07:05:52 | 000,000,335 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/05/25 07:05:32 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 07:05:15 | 000,000,306 | --S- | M] () -- C:\WINDOWS\tasks\MDGFNB.job
[2011/05/25 07:05:15 | 000,000,006 | ---- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/05/25 06:54:20 | 000,003,474 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:31:47 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007UA.job
[2011/05/25 00:24:19 | 000,221,196 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
[2011/05/24 23:47:36 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007Core.job
[2011/05/24 23:25:11 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 21:30:24 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/05/23 06:55:24 | 000,111,618 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/05/17 06:53:17 | 000,524,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/05/17 06:53:17 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/17 06:53:17 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/17 06:49:40 | 000,249,230 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/17 06:46:32 | 000,000,477 | -H-- | M] () -- C:\WINDOWS\win.ini
[2011/05/17 06:46:32 | 000,000,227 | -H-- | M] () -- C:\WINDOWS\system.ini
[2011/05/10 18:51:52 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/10 18:42:04 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/07 09:11:50 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2011/05/05 17:57:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 15:49:53 | 000,114,176 | R-S- | M] () -- C:\WINDOWS\System32\d3d9capsn.dll
[2011/04/15 07:48:34 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/10 04:50:05 | 000,054,272 | ---- | M] () -- C:\WINDOWS\System32\cmdlperf.dll
[5 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/05 09:25:12 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/04 21:48:56 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 11:03:34 | 006,568,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware(2).exe
[2011/06/04 11:03:23 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/05/25 06:54:20 | 000,003,474 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:53:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/05/25 06:53:50 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/05/25 06:51:31 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 23:25:11 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 23:15:47 | 000,221,196 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
[2011/05/05 15:49:55 | 000,000,306 | --S- | C] () -- C:\WINDOWS\tasks\MDGFNB.job
[2011/05/05 15:49:53 | 000,114,176 | R-S- | C] () -- C:\WINDOWS\System32\d3d9capsn.dll
[2011/05/05 09:22:06 | 000,111,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/05/05 09:22:05 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/03/10 04:50:05 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\cmdlperf.dll
[2009/10/27 13:10:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/27 12:52:49 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/07/21 03:01:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 22:25:14 | 000,000,319 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009/02/26 20:15:08 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/14 20:39:53 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 16:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 22:29:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/01/15 16:51:43 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/15 16:31:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/15 16:26:43 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/15 16:26:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/15 16:23:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/15 16:13:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 16:12:18 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/15 16:06:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/15 16:03:05 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/15 16:03:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/15 16:01:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/15 15:39:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 02:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2011/04/02 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/01/15 16:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/06/05 09:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 22:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/02/26 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2007/06/06 11:20:27 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2011/05/25 07:05:15 | 000,000,306 | --S- | M] () -- C:\WINDOWS\Tasks\MDGFNB.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 93.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.74 Gb Total Space | 64.67 Gb Free Space | 36.39% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.61 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 6.89 Gb Free Space | 92.16% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 08:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 03:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 10:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 10:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 09:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Disabled | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 15:21:28 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/18 18:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/15 16:41:16 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 04:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 04:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/16 19:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 10:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 14:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 09:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 09:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/06 11:12:36 | 000,021,632 | ---- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005/02/14 12:54:26 | 000,013,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys -- (AmdAcpi)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
[2009/08/22 21:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/07 11:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aiuzspyk.default\extensions
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 15:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/06 11:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 09:15:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/03/24 12:00:00 | 000,555,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 09:15:47 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/06/05 09:53:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 16:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2011/06/05 09:53:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/05 09:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/06/05 08:31:28 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/04 15:59:53 | 004,112,369 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:09:20 | 000,000,000 | --SD | C] -- C:\123456
[2011/06/04 11:07:34 | 000,000,000 | --SD | C] -- C:\ComboFix12315949C
[2011/06/04 11:06:35 | 000,000,000 | --SD | C] -- C:\ComboFix123
[2011/05/25 06:58:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/25 06:53:50 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/05/25 06:53:50 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/05/25 06:53:50 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/05/25 06:53:50 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/05/25 06:53:50 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/05/25 06:53:50 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/05/25 06:53:50 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/05/25 06:53:50 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/05/25 06:53:50 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/05/25 06:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\SmitfraudFix
[2011/05/25 06:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/05/25 06:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/25 06:44:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/05/24 23:24:51 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14671652.exe
[2011/05/24 23:15:47 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa .exe
[2011/05/15 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2011/05/14 21:40:50 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.5.tmp
[2011/05/12 20:59:40 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/05/12 20:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2011/05/12 20:59:34 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/05/12 20:44:12 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.4.tmp
[2011/05/10 20:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/05/10 20:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/10 20:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/07 14:30:10 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.3.tmp
[2011/05/07 11:55:07 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp
[2011/05/07 09:33:59 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2011/05/07 09:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/06 04:59:39 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/05/05 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/05 10:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/05 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/04 21:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2011/05/04 18:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/05/04 18:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/04 18:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/02 09:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Plants vs Zombies
[2011/04/02 09:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/04/02 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/02 09:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/03/31 07:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/03/31 07:22:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[5 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2011/06/05 09:56:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 09:54:41 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011/06/05 09:53:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2011/06/05 09:53:20 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2011/06/05 09:53:18 | 001,107,216 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2011/06/05 09:53:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/05 09:23:36 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/04 21:48:56 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 12:00:42 | 004,112,369 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:03:23 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/06/04 10:23:41 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 07:05:52 | 000,000,335 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/05/25 07:05:32 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 07:05:15 | 000,000,306 | --S- | M] () -- C:\WINDOWS\tasks\MDGFNB.job
[2011/05/25 07:05:15 | 000,000,006 | ---- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/05/25 06:54:20 | 000,003,474 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:31:47 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007UA.job
[2011/05/25 00:24:19 | 000,221,196 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
[2011/05/24 23:47:36 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007Core.job
[2011/05/24 23:25:11 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 21:30:24 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/05/23 06:55:24 | 000,111,618 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/05/17 06:53:17 | 000,524,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/05/17 06:53:17 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/17 06:53:17 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/17 06:49:40 | 000,249,230 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/17 06:46:32 | 000,000,477 | -H-- | M] () -- C:\WINDOWS\win.ini
[2011/05/17 06:46:32 | 000,000,227 | -H-- | M] () -- C:\WINDOWS\system.ini
[2011/05/10 18:51:52 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/10 18:42:04 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/07 09:11:50 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2011/05/05 17:57:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 15:49:53 | 000,114,176 | R-S- | M] () -- C:\WINDOWS\System32\d3d9capsn.dll
[2011/04/15 07:48:34 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/10 04:50:05 | 000,054,272 | ---- | M] () -- C:\WINDOWS\System32\cmdlperf.dll
[5 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/05 09:25:12 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/04 21:48:56 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 11:03:34 | 006,568,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware(2).exe
[2011/06/04 11:03:23 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/05/25 06:54:20 | 000,003,474 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:53:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/05/25 06:53:50 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/05/25 06:51:31 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 23:25:11 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 23:15:47 | 000,221,196 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
[2011/05/05 15:49:55 | 000,000,306 | --S- | C] () -- C:\WINDOWS\tasks\MDGFNB.job
[2011/05/05 15:49:53 | 000,114,176 | R-S- | C] () -- C:\WINDOWS\System32\d3d9capsn.dll
[2011/05/05 09:22:06 | 000,111,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/05/05 09:22:05 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/03/10 04:50:05 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\cmdlperf.dll
[2009/10/27 13:10:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/27 12:52:49 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/07/21 03:01:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 22:25:14 | 000,000,319 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009/02/26 20:15:08 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/14 20:39:53 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 16:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 22:29:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/01/15 16:51:43 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/15 16:31:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/15 16:26:43 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/15 16:26:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/15 16:23:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/15 16:13:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 16:12:18 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/15 16:06:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/15 16:03:05 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/15 16:03:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/15 16:01:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/15 15:39:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 02:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2011/04/02 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/01/15 16:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/06/05 09:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 22:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/02/26 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2007/06/06 11:20:27 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2011/05/25 07:05:15 | 000,000,306 | --S- | M] () -- C:\WINDOWS\Tasks\MDGFNB.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
#7
Posted 05 June 2011 - 09:13 AM
jvonhorn
- Topic Starter
-
- Member
-
- 14 posts
Member
I am still in safe mode but it looks like the windows recovery virus is still present...next step?
#8
Posted 05 June 2011 - 09:55 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Now run RogueKiller and execute option 2
Then
Run OTL
Then
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
[2011/05/24 23:24:51 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14671652.exe
[2011/05/24 23:15:47 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa .exe
[2011/05/25 07:05:15 | 000,000,306 | --S- | M] () -- C:\WINDOWS\tasks\MDGFNB.job
[2011/05/25 00:24:19 | 000,221,196 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
[2011/05/24 23:25:11 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 21:30:24 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/05/23 06:55:24 | 000,111,618 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/05/24 23:25:11 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652r
[2011/05/24 23:25:11 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~14671652
[2011/05/24 23:24:56 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\14671652
[2011/05/24 23:15:47 | 000,221,196 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
[2011/05/05 15:49:55 | 000,000,306 | --S- | C] () -- C:\WINDOWS\tasks\MDGFNB.job
[2011/05/05 09:22:06 | 000,111,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/05/05 09:22:05 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#9
Posted 05 June 2011 - 10:19 AM
jvonhorn
- Topic Starter
-
- Member
-
- 14 posts
Member
OTL logfile created on: 6/5/2011 11:16:19 AM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 93.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.74 Gb Total Space | 64.88 Gb Free Space | 36.50% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.61 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 6.88 Gb Free Space | 92.06% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 08:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 03:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 10:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 10:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 09:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Disabled | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 15:21:28 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/18 18:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/15 16:41:16 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 04:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 04:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/16 19:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 10:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 14:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 09:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 09:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/06 11:12:36 | 000,021,632 | ---- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005/02/14 12:54:26 | 000,013,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys -- (AmdAcpi)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
[2009/08/22 21:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/07 11:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aiuzspyk.default\extensions
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 15:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/06 11:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 09:15:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/03/24 12:00:00 | 000,555,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 09:15:47 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/06/05 11:14:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 16:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2011/06/05 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/06/05 09:53:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/05 08:31:28 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/04 15:59:53 | 004,112,369 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:09:20 | 000,000,000 | --SD | C] -- C:\123456
[2011/06/04 11:07:34 | 000,000,000 | --SD | C] -- C:\ComboFix12315949C
[2011/06/04 11:06:35 | 000,000,000 | --SD | C] -- C:\ComboFix123
[2011/05/25 06:58:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/25 06:53:50 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/05/25 06:53:50 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/05/25 06:53:50 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/05/25 06:53:50 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/05/25 06:53:50 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/05/25 06:53:50 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/05/25 06:53:50 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/05/25 06:53:50 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/05/25 06:53:50 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/05/25 06:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\SmitfraudFix
[2011/05/25 06:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/05/25 06:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/25 06:44:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/05/15 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2011/05/12 20:59:40 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/05/12 20:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2011/05/12 20:59:34 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/05/10 20:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/05/10 20:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/10 20:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/07 09:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/06 04:59:39 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/05/05 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/05 10:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/05 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/04 21:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2011/05/04 18:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/05/04 18:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/04 18:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/02 09:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Plants vs Zombies
[2011/04/02 09:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/04/02 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/02 09:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/03/31 07:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/03/31 07:22:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
========== Files - Modified Within 90 Days ==========
[2011/06/05 11:15:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 11:14:39 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2011/06/05 11:14:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2011/06/05 11:14:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/05 10:30:59 | 000,832,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2011/06/05 10:17:18 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 09:54:41 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011/06/05 09:23:36 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/04 12:00:42 | 004,112,369 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:03:23 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/06/04 10:23:41 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 07:05:52 | 000,000,335 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/05/25 07:05:32 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 07:05:15 | 000,000,006 | ---- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/05/25 06:54:20 | 000,003,474 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:31:47 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007UA.job
[2011/05/24 23:47:36 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007Core.job
[2011/05/17 06:53:17 | 000,524,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/05/17 06:53:17 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/17 06:53:17 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/17 06:49:40 | 000,249,230 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/17 06:46:32 | 000,000,477 | -H-- | M] () -- C:\WINDOWS\win.ini
[2011/05/17 06:46:32 | 000,000,227 | -H-- | M] () -- C:\WINDOWS\system.ini
[2011/05/10 18:51:52 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/10 18:42:04 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/07 09:11:50 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2011/05/05 17:57:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 15:49:53 | 000,114,176 | R-S- | M] () -- C:\WINDOWS\System32\d3d9capsn.dll
[2011/04/15 07:48:34 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/10 04:50:05 | 000,054,272 | ---- | M] () -- C:\WINDOWS\System32\cmdlperf.dll
========== Files Created - No Company Name ==========
[2011/06/05 09:25:12 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/04 21:48:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 11:03:34 | 006,568,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware(2).exe
[2011/06/04 11:03:23 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/05/25 06:54:20 | 000,003,474 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:53:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/05/25 06:53:50 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/05/25 06:51:31 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 15:49:53 | 000,114,176 | R-S- | C] () -- C:\WINDOWS\System32\d3d9capsn.dll
[2011/03/10 04:50:05 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\cmdlperf.dll
[2009/10/27 13:10:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/27 12:52:49 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/07/21 03:01:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 22:25:14 | 000,000,319 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009/02/26 20:15:08 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/14 20:39:53 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 16:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 22:29:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/01/15 16:51:43 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/15 16:31:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/15 16:26:43 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/15 16:26:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/15 16:23:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/15 16:13:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 16:12:18 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/15 16:06:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/15 16:03:05 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/15 16:03:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/15 16:01:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/15 15:39:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 02:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2011/04/02 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/01/15 16:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/06/05 09:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 22:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/02/26 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2007/06/06 11:20:27 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 93.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.74 Gb Total Space | 64.88 Gb Free Space | 36.50% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.61 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 6.88 Gb Free Space | 92.06% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 08:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 03:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 10:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 10:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 09:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Disabled | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 15:21:28 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/18 18:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/15 16:41:16 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 04:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 04:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/16 19:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 10:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 14:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 09:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 09:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/06 11:12:36 | 000,021,632 | ---- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005/02/14 12:54:26 | 000,013,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys -- (AmdAcpi)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
[2009/08/22 21:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/07 11:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aiuzspyk.default\extensions
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 15:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/06 11:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 09:15:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/03/24 12:00:00 | 000,555,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 09:15:47 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/06/05 11:14:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 16:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2011/06/05 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/06/05 09:53:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/05 08:31:28 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/04 15:59:53 | 004,112,369 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:09:20 | 000,000,000 | --SD | C] -- C:\123456
[2011/06/04 11:07:34 | 000,000,000 | --SD | C] -- C:\ComboFix12315949C
[2011/06/04 11:06:35 | 000,000,000 | --SD | C] -- C:\ComboFix123
[2011/05/25 06:58:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/25 06:53:50 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/05/25 06:53:50 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/05/25 06:53:50 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/05/25 06:53:50 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/05/25 06:53:50 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/05/25 06:53:50 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/05/25 06:53:50 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/05/25 06:53:50 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/05/25 06:53:50 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/05/25 06:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\SmitfraudFix
[2011/05/25 06:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/05/25 06:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/25 06:44:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/05/15 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2011/05/12 20:59:40 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/05/12 20:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2011/05/12 20:59:34 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/05/10 20:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/05/10 20:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/10 20:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/07 09:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/06 04:59:39 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/05/05 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/05 10:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/05 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/04 21:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2011/05/04 18:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/05/04 18:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/04 18:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/02 09:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Plants vs Zombies
[2011/04/02 09:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/04/02 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/02 09:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/03/31 07:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/03/31 07:22:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
========== Files - Modified Within 90 Days ==========
[2011/06/05 11:15:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 11:14:39 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2011/06/05 11:14:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2011/06/05 11:14:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/05 10:30:59 | 000,832,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2011/06/05 10:17:18 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 09:54:41 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011/06/05 09:23:36 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/04 12:00:42 | 004,112,369 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\abc123.exe
[2011/06/04 11:03:23 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/06/04 10:23:41 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 07:05:52 | 000,000,335 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/05/25 07:05:32 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 07:05:15 | 000,000,006 | ---- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/05/25 06:54:20 | 000,003,474 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:31:47 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007UA.job
[2011/05/24 23:47:36 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007Core.job
[2011/05/17 06:53:17 | 000,524,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/05/17 06:53:17 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/17 06:53:17 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/17 06:49:40 | 000,249,230 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/17 06:46:32 | 000,000,477 | -H-- | M] () -- C:\WINDOWS\win.ini
[2011/05/17 06:46:32 | 000,000,227 | -H-- | M] () -- C:\WINDOWS\system.ini
[2011/05/10 18:51:52 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/10 18:42:04 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/07 09:11:50 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2011/05/05 17:57:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 15:49:53 | 000,114,176 | R-S- | M] () -- C:\WINDOWS\System32\d3d9capsn.dll
[2011/04/15 07:48:34 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/10 04:50:05 | 000,054,272 | ---- | M] () -- C:\WINDOWS\System32\cmdlperf.dll
========== Files Created - No Company Name ==========
[2011/06/05 09:25:12 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/04 21:48:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 11:03:34 | 006,568,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware(2).exe
[2011/06/04 11:03:23 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
[2011/05/25 06:54:20 | 000,003,474 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:53:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/05/25 06:53:50 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/05/25 06:51:31 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 15:49:53 | 000,114,176 | R-S- | C] () -- C:\WINDOWS\System32\d3d9capsn.dll
[2011/03/10 04:50:05 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\cmdlperf.dll
[2009/10/27 13:10:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/27 12:52:49 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/07/21 03:01:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 22:25:14 | 000,000,319 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009/02/26 20:15:08 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/14 20:39:53 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 16:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 22:29:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/01/15 16:51:43 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/15 16:31:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/15 16:26:43 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/15 16:26:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/15 16:23:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/15 16:13:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 16:12:18 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/15 16:06:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/15 16:03:05 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/15 16:03:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/15 16:01:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/15 15:39:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 02:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2011/04/02 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/01/15 16:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/06/05 09:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 22:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/02/26 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2007/06/06 11:20:27 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
#10
Posted 05 June 2011 - 10:22 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you now boot to normal mode please and let me know what problems you are having when you get there... Could you confirm that you ran RogueKiller with option 2
#11
Posted 05 June 2011 - 10:24 AM
jvonhorn
- Topic Starter
-
- Member
-
- 14 posts
Member
will do and yes I ran RK with option 2
#12
Posted 05 June 2011 - 10:30 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Once you are in normal mode could you run a fresh OTL log and ensure all users is selected
#13
Posted 05 June 2011 - 12:11 PM
jvonhorn
- Topic Starter
-
- Member
-
- 14 posts
Member
OTL logfile created on: 6/5/2011 1:05:17 PM - Run 4
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.74 Gb Total Space | 64.77 Gb Free Space | 36.44% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.61 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 6.88 Gb Free Space | 92.06% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2011/06/05 11:51:16 | 000,221,192 | ---- | M] () -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/05 11:37:06 | 000,111,618 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/05/25 06:58:19 | 000,221,196 | ---- | M] () -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2011/05/25 06:51:27 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
PRC - [2011/05/07 10:45:57 | 000,221,196 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2011/05/07 09:11:07 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2011/05/07 09:10:00 | 000,221,192 | ---- | M] () -- C:\Program Files\Steam\steam.exe
PRC - [2011/05/07 09:09:55 | 000,221,192 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2011/05/05 09:19:43 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2011/05/05 09:19:32 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
PRC - [2011/05/05 09:19:25 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/05/05 09:19:18 | 000,221,188 | ---- | M] () -- C:\WINDOWS\SMINST\RECGUARD.EXE
PRC - [2010/10/29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched .exe
PRC - [2010/08/20 23:35:29 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate .exe
PRC - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
PRC - [2009/06/30 11:00:02 | 002,836,376 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 21:57:56 | 000,075,352 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2007/10/30 21:57:54 | 001,095,256 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2007/03/14 22:01:30 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
PRC - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/15 16:11:37 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched .exe
PRC - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/16 19:27:02 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp .exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/09/23 13:38:24 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2005/09/16 19:33:36 | 000,377,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccL40.dll
MOD - [2003/03/18 23:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/02/21 07:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 08:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 03:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 10:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 10:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 09:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 15:21:28 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/18 18:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/15 16:41:16 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 04:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 04:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/16 19:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 10:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 14:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 09:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 09:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/06 11:12:36 | 000,021,632 | ---- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005/02/14 12:54:26 | 000,013,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys -- (AmdAcpi)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
[2008/12/14 13:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions
[2010/07/28 19:37:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 19:37:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 15:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/06 11:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 09:15:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/03/24 12:00:00 | 000,555,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 09:15:47 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/06/05 11:14:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe ()
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ()
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [Steam] c:\program files\steam\steam.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 16:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell - "" = AutoRun
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2011/06/05 13:04:52 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/05 12:37:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/06/05 12:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/06/05 12:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2011/06/05 09:53:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 11:09:20 | 000,000,000 | --SD | C] -- C:\123456
[2011/06/04 11:07:34 | 000,000,000 | --SD | C] -- C:\ComboFix12315949C
[2011/06/04 11:06:35 | 000,000,000 | --SD | C] -- C:\ComboFix123
[2011/05/25 07:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Google
[2011/05/25 06:53:50 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/05/25 06:53:50 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/05/25 06:53:50 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/05/25 06:53:50 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/05/25 06:53:50 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/05/25 06:53:50 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/05/25 06:53:50 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/05/25 06:53:50 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/05/25 06:53:50 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/05/25 06:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/15 12:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\A
[2011/05/15 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2011/05/12 20:59:40 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/05/12 20:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2011/05/12 20:59:34 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/05/12 20:59:25 | 001,093,459 | ---- | C] (Zoll Technologies) -- C:\Documents and Settings\Compaq_Administrator\Desktop\FixIEDef.exe
[2011/05/07 09:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/06 04:59:39 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/05/05 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/05 10:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/05 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/04 21:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2011/05/04 18:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/05/04 18:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/04 18:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/02 09:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Plants vs Zombies
[2011/04/02 09:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/04/02 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/02 09:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/03/31 07:22:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2011/03/07 22:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
========== Files - Modified Within 90 Days ==========
[2011/06/05 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/06/05 12:40:37 | 000,525,066 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/06/05 12:40:37 | 000,443,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/05 12:40:37 | 000,072,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/05 12:36:28 | 000,000,337 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/06/05 12:36:07 | 000,249,230 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/05 12:35:59 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 12:35:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/06/05 12:35:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 12:33:21 | 002,682,366 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\IconCache.db
[2011/06/05 12:24:04 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007UA.job
[2011/06/05 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/06/05 11:37:06 | 000,111,618 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/06/05 11:37:06 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/06/05 11:30:15 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 11:29:25 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.dat
[2011/06/05 11:29:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.ini
[2011/06/05 11:29:06 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011/06/05 11:14:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/05 10:17:18 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 06:54:20 | 000,003,474 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/24 23:47:36 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007Core.job
[2011/05/24 23:25:11 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Windows XP Recovery.lnk
[2011/05/17 06:46:32 | 000,000,477 | -H-- | M] () -- C:\WINDOWS\win.ini
[2011/05/17 06:46:32 | 000,000,227 | -H-- | M] () -- C:\WINDOWS\system.ini
[2011/05/17 03:21:30 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CCleaner.lnk
[2011/05/12 20:59:25 | 001,093,459 | ---- | M] (Zoll Technologies) -- C:\Documents and Settings\Compaq_Administrator\Desktop\FixIEDef.exe
[2011/05/12 17:02:52 | 000,005,252 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110512_170249.reg
[2011/05/10 18:51:52 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/10 18:42:04 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/07 11:59:46 | 000,014,642 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110507_115943.reg
[2011/05/07 09:11:50 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2011/05/06 05:02:46 | 004,342,728 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\rrrttt.exe
[2011/05/06 05:02:46 | 004,342,728 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\abc123.exe
[2011/05/05 17:57:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 17:25:00 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Google Chrome.lnk
[2011/04/18 10:10:28 | 074,030,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Persephone_-__'Stronghold_1_'.wmv
[2011/04/15 07:48:34 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 18:55:54 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\mcs.rma
[2011/04/14 18:55:54 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\FE6B67
[2011/04/05 09:19:03 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Internet.lnk
[2011/03/31 06:47:11 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\1.gif
[2011/03/14 12:41:25 | 000,011,671 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\my SORLA sub letter.docx
========== Files Created - No Company Name ==========
[2011/06/05 11:37:06 | 000,111,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/06/05 11:37:06 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/06/04 21:48:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 06:54:20 | 000,003,474 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:53:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/05/25 06:53:50 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/05/25 06:51:31 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 23:25:11 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Windows XP Recovery.lnk
[2011/05/18 17:02:33 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CCleaner.lnk
[2011/05/14 11:37:03 | 004,342,728 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\abc123.exe
[2011/05/12 17:02:50 | 000,005,252 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110512_170249.reg
[2011/05/07 11:59:44 | 000,014,642 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110507_115943.reg
[2011/04/18 10:05:42 | 074,030,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Persephone_-__'Stronghold_1_'.wmv
[2011/04/05 09:19:03 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Internet.lnk
[2011/03/31 06:47:11 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\1.gif
[2011/03/29 15:56:53 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.dat
[2011/03/14 12:41:25 | 000,011,671 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\my SORLA sub letter.docx
[2009/10/27 13:10:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/27 12:52:49 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/07/21 03:01:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 22:25:14 | 000,000,319 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009/02/26 20:15:08 | 000,000,337 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/14 20:39:53 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 16:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 22:29:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/01/15 16:51:43 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/15 16:31:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/15 16:26:43 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/15 16:26:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/15 16:23:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/15 16:13:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 16:12:18 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/15 16:06:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/15 16:03:05 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/15 16:03:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/15 16:01:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/15 15:39:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 02:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2011/04/02 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/01/15 16:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/06/05 12:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 22:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/02/26 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/08/09 17:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\IObit
[2009/02/26 20:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SystemRequirementsLab
[2010/03/31 17:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Ubisoft
[2007/10/18 19:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/06/05 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/06/05 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2007/06/06 11:20:27 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.74 Gb Total Space | 64.77 Gb Free Space | 36.44% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.61 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 6.88 Gb Free Space | 92.06% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2011/06/05 11:51:16 | 000,221,192 | ---- | M] () -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/05 11:37:06 | 000,111,618 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/05/25 06:58:19 | 000,221,196 | ---- | M] () -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2011/05/25 06:51:27 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
PRC - [2011/05/07 10:45:57 | 000,221,196 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2011/05/07 09:11:07 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2011/05/07 09:10:00 | 000,221,192 | ---- | M] () -- C:\Program Files\Steam\steam.exe
PRC - [2011/05/07 09:09:55 | 000,221,192 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2011/05/05 09:19:43 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2011/05/05 09:19:32 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
PRC - [2011/05/05 09:19:25 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/05/05 09:19:18 | 000,221,188 | ---- | M] () -- C:\WINDOWS\SMINST\RECGUARD.EXE
PRC - [2010/10/29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched .exe
PRC - [2010/08/20 23:35:29 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate .exe
PRC - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
PRC - [2009/06/30 11:00:02 | 002,836,376 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 21:57:56 | 000,075,352 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2007/10/30 21:57:54 | 001,095,256 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2007/03/14 22:01:30 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
PRC - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/15 16:11:37 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched .exe
PRC - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/16 19:27:02 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp .exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/09/23 13:38:24 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2005/09/16 19:33:36 | 000,377,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccL40.dll
MOD - [2003/03/18 23:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/02/21 07:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 08:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 03:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 10:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 10:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 09:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 15:21:28 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/18 18:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/15 16:41:16 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 04:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 04:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/16 19:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 10:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 14:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 09:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 09:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/06 11:12:36 | 000,021,632 | ---- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005/02/14 12:54:26 | 000,013,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys -- (AmdAcpi)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
[2008/12/14 13:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions
[2010/07/28 19:37:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 19:37:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 15:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/06 11:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 09:15:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/03/24 12:00:00 | 000,555,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 09:15:47 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/06/05 11:14:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe ()
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ()
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [Steam] c:\program files\steam\steam.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 16:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell - "" = AutoRun
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2011/06/05 13:04:52 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/05 12:37:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/06/05 12:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/06/05 12:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2011/06/05 09:53:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 11:09:20 | 000,000,000 | --SD | C] -- C:\123456
[2011/06/04 11:07:34 | 000,000,000 | --SD | C] -- C:\ComboFix12315949C
[2011/06/04 11:06:35 | 000,000,000 | --SD | C] -- C:\ComboFix123
[2011/05/25 07:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Google
[2011/05/25 06:53:50 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/05/25 06:53:50 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/05/25 06:53:50 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/05/25 06:53:50 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/05/25 06:53:50 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/05/25 06:53:50 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/05/25 06:53:50 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/05/25 06:53:50 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/05/25 06:53:50 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/05/25 06:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/15 12:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\A
[2011/05/15 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2011/05/12 20:59:40 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/05/12 20:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2011/05/12 20:59:34 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/05/12 20:59:25 | 001,093,459 | ---- | C] (Zoll Technologies) -- C:\Documents and Settings\Compaq_Administrator\Desktop\FixIEDef.exe
[2011/05/07 09:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/06 04:59:39 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/05/05 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/05 10:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/05 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/04 21:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2011/05/04 18:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/05/04 18:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/04 18:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/02 09:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Plants vs Zombies
[2011/04/02 09:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/04/02 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/02 09:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/03/31 07:22:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2011/03/07 22:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
========== Files - Modified Within 90 Days ==========
[2011/06/05 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/06/05 12:40:37 | 000,525,066 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/06/05 12:40:37 | 000,443,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/05 12:40:37 | 000,072,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/05 12:36:28 | 000,000,337 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/06/05 12:36:07 | 000,249,230 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/05 12:35:59 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 12:35:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/06/05 12:35:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 12:33:21 | 002,682,366 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\IconCache.db
[2011/06/05 12:24:04 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007UA.job
[2011/06/05 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/06/05 11:37:06 | 000,111,618 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/06/05 11:37:06 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/06/05 11:30:15 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 11:29:25 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.dat
[2011/06/05 11:29:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.ini
[2011/06/05 11:29:06 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011/06/05 11:14:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/05 10:17:18 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 06:54:20 | 000,003,474 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/24 23:47:36 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007Core.job
[2011/05/24 23:25:11 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Windows XP Recovery.lnk
[2011/05/17 06:46:32 | 000,000,477 | -H-- | M] () -- C:\WINDOWS\win.ini
[2011/05/17 06:46:32 | 000,000,227 | -H-- | M] () -- C:\WINDOWS\system.ini
[2011/05/17 03:21:30 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CCleaner.lnk
[2011/05/12 20:59:25 | 001,093,459 | ---- | M] (Zoll Technologies) -- C:\Documents and Settings\Compaq_Administrator\Desktop\FixIEDef.exe
[2011/05/12 17:02:52 | 000,005,252 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110512_170249.reg
[2011/05/10 18:51:52 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/10 18:42:04 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/07 11:59:46 | 000,014,642 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110507_115943.reg
[2011/05/07 09:11:50 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2011/05/06 05:02:46 | 004,342,728 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\rrrttt.exe
[2011/05/06 05:02:46 | 004,342,728 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\abc123.exe
[2011/05/05 17:57:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 17:25:00 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Google Chrome.lnk
[2011/04/18 10:10:28 | 074,030,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Persephone_-__'Stronghold_1_'.wmv
[2011/04/15 07:48:34 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 18:55:54 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\mcs.rma
[2011/04/14 18:55:54 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\FE6B67
[2011/04/05 09:19:03 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Internet.lnk
[2011/03/31 06:47:11 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\1.gif
[2011/03/14 12:41:25 | 000,011,671 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\my SORLA sub letter.docx
========== Files Created - No Company Name ==========
[2011/06/05 11:37:06 | 000,111,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/06/05 11:37:06 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/06/04 21:48:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 06:54:20 | 000,003,474 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:53:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/05/25 06:53:50 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/05/25 06:51:31 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 23:25:11 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Windows XP Recovery.lnk
[2011/05/18 17:02:33 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CCleaner.lnk
[2011/05/14 11:37:03 | 004,342,728 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\abc123.exe
[2011/05/12 17:02:50 | 000,005,252 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110512_170249.reg
[2011/05/07 11:59:44 | 000,014,642 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110507_115943.reg
[2011/04/18 10:05:42 | 074,030,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Persephone_-__'Stronghold_1_'.wmv
[2011/04/05 09:19:03 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Internet.lnk
[2011/03/31 06:47:11 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\1.gif
[2011/03/29 15:56:53 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.dat
[2011/03/14 12:41:25 | 000,011,671 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\my SORLA sub letter.docx
[2009/10/27 13:10:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/27 12:52:49 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/07/21 03:01:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 22:25:14 | 000,000,319 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009/02/26 20:15:08 | 000,000,337 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/14 20:39:53 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 16:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 22:29:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/01/15 16:51:43 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/15 16:31:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/15 16:26:43 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/15 16:26:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/15 16:23:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/15 16:13:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 16:12:18 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/15 16:06:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/15 16:03:05 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/15 16:03:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/15 16:01:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/15 15:39:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 02:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2011/04/02 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/01/15 16:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/06/05 12:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 22:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/02/26 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/08/09 17:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\IObit
[2009/02/26 20:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SystemRequirementsLab
[2010/03/31 17:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Ubisoft
[2007/10/18 19:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/06/05 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/06/05 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/06/05 11:37:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2007/06/06 11:20:27 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
#14
Posted 05 June 2011 - 12:21 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
On completion of this can you let me know what problems remain
Run OTL
THEN
Update and run Malwarebytes posting the resultant log
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
[2011/06/05 11:37:06 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ahu00A5K.dat
[2011/05/24 23:25:11 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Windows XP Recovery.lnk
[2011/05/06 05:02:46 | 004,342,728 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\rrrttt.exe
:Files
ipconfig /flushdns /c
C:\Documents and Settings\All Users\Application Data\FL0821pU.exe
C:\WINDOWS\tasks\At*.job
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Update and run Malwarebytes posting the resultant log
#15
Posted 05 June 2011 - 12:33 PM
jvonhorn
- Topic Starter
-
- Member
-
- 14 posts
Member
OTL logfile created on: 6/5/2011 1:30:09 PM - Run 5
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.74 Gb Total Space | 64.78 Gb Free Space | 36.45% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.61 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2011/06/05 11:51:16 | 000,221,192 | ---- | M] () -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui .exe
PRC - [2011/05/25 06:58:19 | 000,221,196 | ---- | M] () -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2011/05/25 06:51:27 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
PRC - [2011/05/23 10:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/05/07 10:45:57 | 000,221,196 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2011/05/07 09:15:47 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/05/07 09:15:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/07 09:11:07 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2011/05/07 09:10:00 | 000,221,192 | ---- | M] () -- C:\Program Files\Steam\steam.exe
PRC - [2011/05/07 09:09:55 | 000,221,192 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2011/05/05 09:19:55 | 000,221,188 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
PRC - [2011/05/05 09:19:43 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2011/05/05 09:19:32 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
PRC - [2011/05/05 09:19:25 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/05/05 09:19:18 | 000,221,188 | ---- | M] () -- C:\WINDOWS\SMINST\RECGUARD.EXE
PRC - [2010/08/20 23:35:29 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate .exe
PRC - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
PRC - [2009/06/30 11:00:02 | 002,836,376 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 21:57:56 | 000,075,352 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2007/10/30 21:57:54 | 001,095,256 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2007/03/14 22:01:30 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
PRC - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/15 16:11:37 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched .exe
PRC - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/16 19:27:02 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp .exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/11/02 10:59:52 | 000,218,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt .exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/09/23 13:38:24 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2005/09/16 19:33:36 | 000,377,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccL40.dll
MOD - [2003/03/18 23:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/02/21 07:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 08:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 03:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 10:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 10:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 09:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 15:21:28 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/18 18:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/15 16:41:16 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 04:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 04:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/16 19:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 10:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 14:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 09:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 09:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/06 11:12:36 | 000,021,632 | ---- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005/02/14 12:54:26 | 000,013,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys -- (AmdAcpi)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
[2008/12/14 13:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions
[2010/07/28 19:37:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 19:37:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 15:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/06 11:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 09:15:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/03/24 12:00:00 | 000,555,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 09:15:47 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/06/05 13:24:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe ()
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ()
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [Steam] c:\program files\steam\steam.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 16:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell - "" = AutoRun
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2011/06/05 13:04:52 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/05 12:37:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/06/05 12:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/06/05 12:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2011/06/05 09:53:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 11:09:20 | 000,000,000 | --SD | C] -- C:\123456
[2011/06/04 11:07:34 | 000,000,000 | --SD | C] -- C:\ComboFix12315949C
[2011/06/04 11:06:35 | 000,000,000 | --SD | C] -- C:\ComboFix123
[2011/05/25 07:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Google
[2011/05/25 06:53:50 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/05/25 06:53:50 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/05/25 06:53:50 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/05/25 06:53:50 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/05/25 06:53:50 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/05/25 06:53:50 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/05/25 06:53:50 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/05/25 06:53:50 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/05/25 06:53:50 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/05/25 06:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/15 12:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\A
[2011/05/15 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2011/05/12 20:59:40 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/05/12 20:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2011/05/12 20:59:34 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/05/12 20:59:25 | 001,093,459 | ---- | C] (Zoll Technologies) -- C:\Documents and Settings\Compaq_Administrator\Desktop\FixIEDef.exe
[2011/05/07 09:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/06 04:59:39 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/05/05 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/05 10:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/05 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/04 21:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2011/05/04 18:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/05/04 18:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/04 18:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/02 09:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Plants vs Zombies
[2011/04/02 09:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/04/02 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/02 09:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/03/31 07:22:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2011/03/07 22:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
========== Files - Modified Within 90 Days ==========
[2011/06/05 13:30:06 | 000,525,066 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/06/05 13:30:06 | 000,443,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/05 13:30:06 | 000,072,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/05 13:26:03 | 000,000,337 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/06/05 13:25:58 | 000,249,230 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/05 13:25:42 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 13:25:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/06/05 13:25:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 13:24:44 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.dat
[2011/06/05 13:24:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.ini
[2011/06/05 13:24:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/05 13:24:04 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007UA.job
[2011/06/05 12:33:21 | 002,682,366 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\IconCache.db
[2011/06/05 11:30:15 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 11:29:06 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011/06/05 10:17:18 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 06:54:20 | 000,003,474 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/24 23:47:36 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007Core.job
[2011/05/17 06:46:32 | 000,000,477 | -H-- | M] () -- C:\WINDOWS\win.ini
[2011/05/17 06:46:32 | 000,000,227 | -H-- | M] () -- C:\WINDOWS\system.ini
[2011/05/17 03:21:30 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CCleaner.lnk
[2011/05/12 20:59:25 | 001,093,459 | ---- | M] (Zoll Technologies) -- C:\Documents and Settings\Compaq_Administrator\Desktop\FixIEDef.exe
[2011/05/12 17:02:52 | 000,005,252 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110512_170249.reg
[2011/05/10 18:51:52 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/10 18:42:04 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/07 11:59:46 | 000,014,642 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110507_115943.reg
[2011/05/07 09:11:50 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2011/05/06 05:02:46 | 004,342,728 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\abc123.exe
[2011/05/05 17:57:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 17:25:00 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Google Chrome.lnk
[2011/04/18 10:10:28 | 074,030,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Persephone_-__'Stronghold_1_'.wmv
[2011/04/15 07:48:34 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 18:55:54 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\mcs.rma
[2011/04/14 18:55:54 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\FE6B67
[2011/04/05 09:19:03 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Internet.lnk
[2011/03/31 06:47:11 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\1.gif
[2011/03/14 12:41:25 | 000,011,671 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\my SORLA sub letter.docx
========== Files Created - No Company Name ==========
[2011/06/04 21:48:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 06:54:20 | 000,003,474 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:53:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/05/25 06:53:50 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/05/25 06:51:31 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 17:02:33 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CCleaner.lnk
[2011/05/14 11:37:03 | 004,342,728 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\abc123.exe
[2011/05/12 17:02:50 | 000,005,252 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110512_170249.reg
[2011/05/07 11:59:44 | 000,014,642 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110507_115943.reg
[2011/04/18 10:05:42 | 074,030,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Persephone_-__'Stronghold_1_'.wmv
[2011/04/05 09:19:03 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Internet.lnk
[2011/03/31 06:47:11 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\1.gif
[2011/03/29 15:56:53 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.dat
[2011/03/14 12:41:25 | 000,011,671 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\my SORLA sub letter.docx
[2009/10/27 13:10:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/27 12:52:49 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/07/21 03:01:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 22:25:14 | 000,000,319 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009/02/26 20:15:08 | 000,000,337 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/14 20:39:53 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 16:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 22:29:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/01/15 16:51:43 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/15 16:31:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/15 16:26:43 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/15 16:26:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/15 16:23:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/15 16:13:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 16:12:18 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/15 16:06:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/15 16:03:05 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/15 16:03:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/15 16:01:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/15 15:39:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 02:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2011/04/02 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/01/15 16:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/06/05 13:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 22:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/02/26 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/08/09 17:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\IObit
[2009/02/26 20:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SystemRequirementsLab
[2010/03/31 17:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Ubisoft
[2007/10/18 19:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2007/06/06 11:20:27 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.74 Gb Total Space | 64.78 Gb Free Space | 36.45% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.61 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2011/06/05 11:51:16 | 000,221,192 | ---- | M] () -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui .exe
PRC - [2011/05/25 06:58:19 | 000,221,196 | ---- | M] () -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2011/05/25 06:51:27 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
PRC - [2011/05/23 10:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/05/07 10:45:57 | 000,221,196 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2011/05/07 09:15:47 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/05/07 09:15:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/07 09:11:07 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2011/05/07 09:10:00 | 000,221,192 | ---- | M] () -- C:\Program Files\Steam\steam.exe
PRC - [2011/05/07 09:09:55 | 000,221,192 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2011/05/05 09:19:55 | 000,221,188 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
PRC - [2011/05/05 09:19:43 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2011/05/05 09:19:32 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
PRC - [2011/05/05 09:19:25 | 000,221,188 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/05/05 09:19:18 | 000,221,188 | ---- | M] () -- C:\WINDOWS\SMINST\RECGUARD.EXE
PRC - [2010/08/20 23:35:29 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate .exe
PRC - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
PRC - [2009/06/30 11:00:02 | 002,836,376 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 21:57:56 | 000,075,352 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2007/10/30 21:57:54 | 001,095,256 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2007/03/14 22:01:30 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
PRC - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/15 16:11:37 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched .exe
PRC - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/16 19:27:02 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp .exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/11/02 10:59:52 | 000,218,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt .exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/28 10:03:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/09/23 13:38:24 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2005/09/16 19:33:36 | 000,377,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccL40.dll
MOD - [2003/03/18 23:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/02/21 07:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/15 16:41:15 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 08:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/30 17:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 03:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 10:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 06:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/16 19:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/16 19:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/16 19:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 10:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 09:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 15:21:28 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/18 18:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/15 16:41:16 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 04:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 04:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/16 19:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 10:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 14:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 09:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 09:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/06 11:12:36 | 000,021,632 | ---- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005/02/14 12:54:26 | 000,013,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys -- (AmdAcpi)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 09:15:56 | 000,000,000 | ---D | M]
[2008/12/14 13:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions
[2010/07/28 19:37:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 19:37:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\oodvftks.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/05 14:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 15:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/06 11:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 09:15:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/03/24 12:00:00 | 000,555,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 09:15:47 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/06/05 13:24:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe ()
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ()
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [Steam] c:\program files\steam\steam.exe ()
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2481930444-1452283683-3536906317-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 16:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell - "" = AutoRun
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e722436e-88f3-11de-b4c5-0018f3563763}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2011/06/05 13:04:52 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/05 12:37:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/06/05 12:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/06/05 12:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2011/06/05 09:53:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 11:09:20 | 000,000,000 | --SD | C] -- C:\123456
[2011/06/04 11:07:34 | 000,000,000 | --SD | C] -- C:\ComboFix12315949C
[2011/06/04 11:06:35 | 000,000,000 | --SD | C] -- C:\ComboFix123
[2011/05/25 07:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Google
[2011/05/25 06:53:50 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/05/25 06:53:50 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/05/25 06:53:50 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/05/25 06:53:50 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/05/25 06:53:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/05/25 06:53:50 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/05/25 06:53:50 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/05/25 06:53:50 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/05/25 06:53:50 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/05/25 06:53:50 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/05/25 06:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/15 12:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\A
[2011/05/15 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2011/05/12 20:59:40 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/05/12 20:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2011/05/12 20:59:34 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/05/12 20:59:25 | 001,093,459 | ---- | C] (Zoll Technologies) -- C:\Documents and Settings\Compaq_Administrator\Desktop\FixIEDef.exe
[2011/05/07 09:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/06 04:59:39 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/05/05 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/05 10:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/05 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/04 21:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2011/05/04 18:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/05/04 18:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/04 18:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/02 09:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Plants vs Zombies
[2011/04/02 09:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/04/02 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/02 09:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/03/31 07:22:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2011/03/07 22:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
========== Files - Modified Within 90 Days ==========
[2011/06/05 13:30:06 | 000,525,066 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/06/05 13:30:06 | 000,443,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/05 13:30:06 | 000,072,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/05 13:26:03 | 000,000,337 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/06/05 13:25:58 | 000,249,230 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/05 13:25:42 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 13:25:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/06/05 13:25:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 13:24:44 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.dat
[2011/06/05 13:24:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.ini
[2011/06/05 13:24:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/05 13:24:04 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007UA.job
[2011/06/05 12:33:21 | 002,682,366 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\IconCache.db
[2011/06/05 11:30:15 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 11:29:06 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011/06/05 10:17:18 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 06:54:20 | 000,003,474 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/24 23:47:36 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481930444-1452283683-3536906317-1007Core.job
[2011/05/17 06:46:32 | 000,000,477 | -H-- | M] () -- C:\WINDOWS\win.ini
[2011/05/17 06:46:32 | 000,000,227 | -H-- | M] () -- C:\WINDOWS\system.ini
[2011/05/17 03:21:30 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CCleaner.lnk
[2011/05/12 20:59:25 | 001,093,459 | ---- | M] (Zoll Technologies) -- C:\Documents and Settings\Compaq_Administrator\Desktop\FixIEDef.exe
[2011/05/12 17:02:52 | 000,005,252 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110512_170249.reg
[2011/05/10 18:51:52 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/10 18:42:04 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/07 11:59:46 | 000,014,642 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110507_115943.reg
[2011/05/07 09:11:50 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2011/05/06 05:02:46 | 004,342,728 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\abc123.exe
[2011/05/05 17:57:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 17:25:00 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Google Chrome.lnk
[2011/04/18 10:10:28 | 074,030,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Persephone_-__'Stronghold_1_'.wmv
[2011/04/15 07:48:34 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 18:55:54 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\mcs.rma
[2011/04/14 18:55:54 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\FE6B67
[2011/04/05 09:19:03 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Internet.lnk
[2011/03/31 06:47:11 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\1.gif
[2011/03/14 12:41:25 | 000,011,671 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\my SORLA sub letter.docx
========== Files Created - No Company Name ==========
[2011/06/04 21:48:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 06:54:20 | 000,003,474 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/05/25 06:53:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/05/25 06:53:50 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/05/25 06:51:31 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 17:02:33 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CCleaner.lnk
[2011/05/14 11:37:03 | 004,342,728 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\abc123.exe
[2011/05/12 17:02:50 | 000,005,252 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110512_170249.reg
[2011/05/07 11:59:44 | 000,014,642 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20110507_115943.reg
[2011/04/18 10:05:42 | 074,030,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Persephone_-__'Stronghold_1_'.wmv
[2011/04/05 09:19:03 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Internet.lnk
[2011/03/31 06:47:11 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\1.gif
[2011/03/29 15:56:53 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.dat
[2011/03/14 12:41:25 | 000,011,671 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\my SORLA sub letter.docx
[2009/10/27 13:10:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/27 12:52:49 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/07/21 03:01:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 22:25:14 | 000,000,319 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009/02/26 20:15:08 | 000,000,337 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/14 20:39:53 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 16:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/29 22:29:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/01/15 16:51:43 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/15 16:31:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/15 16:26:43 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/15 16:26:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/15 16:23:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/15 16:13:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 16:12:18 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/15 16:06:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/15 16:03:05 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/15 16:03:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/15 16:01:46 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/15 15:39:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 02:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2011/04/02 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2007/01/15 16:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/06/05 13:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 22:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/02/26 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/08/09 17:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\IObit
[2009/02/26 20:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SystemRequirementsLab
[2010/03/31 17:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Ubisoft
[2007/10/18 19:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2007/06/06 11:20:27 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
