Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is infected - Rootkit ZAccess


  • Please log in to reply

#1
lharper

lharper

    New Member

  • Member
  • Pip
  • 2 posts
I followed the instructions. Attached is the OTL file.

I think (at least one) problem is Rootkit ZAccess.

Please help as I need to use this computer for work tomorrow. Thanks for any help!

Attached Files

  • Attached File  OTL.Txt   94.48KB   83 downloads

  • 0

Advertisements


#2
lharper

lharper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here is the OTL file:
OTL logfile created on: 7/18/2011 7:28:25 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Robbie
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 68.29% Memory free
4.83 Gb Paging File | 4.00 Gb Available in Paging File | 82.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 199.79 Gb Free Space | 67.03% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 257.44 Gb Free Space | 86.36% Space Free | Partition Type: NTFS

Computer Name: DBTOA000 | User Name: Robbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 19:28:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robbie\greg.exe
PRC - [2011/07/18 18:16:10 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robbie\My Documents\Downloads\tdsskiller.exe
PRC - [2011/07/14 17:45:41 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Robbie\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/23 14:40:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/17 08:33:06 | 000,136,312 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Robbie\Local Settings\Application Data\Flock\Update\FlockUpdate.exe
PRC - [2010/08/29 03:53:14 | 001,039,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/08/27 05:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/05/14 09:55:58 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 14:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/25 10:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/07/18 19:28:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robbie\greg.exe
MOD - [2008/04/14 08:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 14:08:30 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2010/08/29 03:54:52 | 002,434,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/08/27 05:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/22 22:44:48 | 001,097,096 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/05/18 19:29:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2004/05/28 15:28:22 | 000,184,320 | ---- | M] (Computer Associates International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZoneLabs\isafe.exe -- (CAISafe)


========== Driver Services (SafeList) ==========

DRV - [2011/07/18 19:09:36 | 000,229,712 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2011/07/18 19:09:31 | 000,769,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2011/07/18 16:34:30 | 000,115,200 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2011/07/18 16:15:23 | 000,784,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/08/27 05:33:54 | 000,035,568 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2010/08/27 05:33:54 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/06/09 20:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/12 19:15:30 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/12 19:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kl1.sys -- (kl1)
DRV - [2009/08/24 14:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/05/18 18:30:23 | 000,896,472 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2008/08/18 19:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/08/18 19:03:12 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/18 18:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/21 17:09:12 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/07/21 17:09:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/26 23:10:38 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2008/04/14 08:00:00 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/03/11 18:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 18:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 18:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 18:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2007/12/03 12:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/20 02:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/20 02:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2004/05/28 16:19:18 | 000,021,605 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2004/05/28 16:19:18 | 000,015,668 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1060933
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Robbie\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Robbie\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@update.flock.com/Flock Update;version=8: C:\Documents and Settings\Robbie\Local Settings\Application Data\Flock\Update\1.2.213.0\npFlockOneClick8.dll (Flock Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/08 01:18:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 14:40:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/15 17:09:30 | 000,000,000 | ---D | M]

[2010/04/09 08:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Extensions
[2010/04/09 08:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/07/10 10:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\bk0hjws5.default\extensions
[2011/06/24 10:16:38 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\bk0hjws5.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2009/09/13 07:26:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\bk0hjws5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/21 09:35:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\bk0hjws5.default\extensions\[email protected]
[2011/04/03 14:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/22 09:50:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/03 10:39:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/03/29 13:53:49 | 000,000,000 | ---D | M] (Family Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2011/06/23 14:40:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2010/05/14 09:57:04 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BandwidthMeterPro.exe (BANDWIDTH-METER.NET)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Flock Update] C:\Documents and Settings\Robbie\Local Settings\Application Data\Flock\Update\FlockUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe (RescueTime, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\ZoneLabs\vetredir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\ZoneLabs\vetredir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Monopoly\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Monopoly\Images\armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/01 11:28:16 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 08:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7441951e-7cfd-11de-a738-0024e80867c1}\Shell - "" = AutoRun
O33 - MountPoints2\{7441951e-7cfd-11de-a738-0024e80867c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7441951e-7cfd-11de-a738-0024e80867c1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cabebd40-4546-11de-a731-0024e80867c1}\Shell - "" = AutoRun
O33 - MountPoints2\{cabebd40-4546-11de-a731-0024e80867c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cabebd40-4546-11de-a731-0024e80867c1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 19:28:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robbie\greg.exe
[2011/07/18 18:32:01 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Robbie\aswMBR.exe
[2011/07/18 17:40:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robbie\Start Menu\Programs\Administrative Tools
[2011/07/18 17:27:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/18 17:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/18 17:27:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/18 16:56:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/07/18 13:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Freecorder
[2011/07/18 13:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2011/07/18 11:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/07/18 11:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/07/18 08:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/18 08:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/18 19:28:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robbie\greg.exe
[2011/07/18 19:13:49 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/07/18 19:13:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/18 19:13:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/18 19:13:09 | 3220,160,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/18 19:09:36 | 000,229,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2011/07/18 19:09:31 | 000,769,536 | ---- | M] () -- C:\WINDOWS\System32\drivers\update.sys
[2011/07/18 18:52:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Robbie\MBR.dat
[2011/07/18 18:47:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/18 18:40:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4098510575-1669955942-3198683908-1005UA.job
[2011/07/18 18:38:37 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\FlockUpdateTaskUserS-1-5-21-4098510575-1669955942-3198683908-1005UA.job
[2011/07/18 18:32:39 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Robbie\aswMBR.exe
[2011/07/18 17:38:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Robbie\defogger_reenable
[2011/07/18 17:27:28 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 17:03:15 | 000,466,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/18 17:03:15 | 000,079,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/18 16:34:30 | 000,115,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2011/07/18 16:15:23 | 000,784,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2011/07/18 15:43:13 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2011/07/18 13:42:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/18 10:35:54 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/07/18 07:38:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\FlockUpdateTaskUserS-1-5-21-4098510575-1669955942-3198683908-1005Core.job
[2011/07/18 02:00:04 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DBTOA000-Robbie.job
[2011/07/17 20:40:07 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4098510575-1669955942-3198683908-1005Core.job
[2011/07/17 13:49:30 | 007,213,398 | ---- | M] () -- C:\Documents and Settings\Robbie\stlinv-large.zip
[2011/07/14 19:41:03 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Robbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/14 19:41:02 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\Google Chrome.lnk
[2011/07/14 10:07:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/07/13 10:29:18 | 001,316,864 | ---- | M] () -- C:\Camden.mdb
[2011/07/08 10:03:45 | 001,457,231 | ---- | M] () -- C:\2011-06 Camden.jlb
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/01 10:58:56 | 000,338,627 | ---- | M] () -- C:\Documents and Settings\Robbie\ALFL2010-5-20-2.mp3
[2011/07/01 10:58:39 | 001,501,265 | ---- | M] () -- C:\Documents and Settings\Robbie\alderflycatcher_feebeeo.mp3
[2011/07/01 10:56:03 | 000,251,274 | ---- | M] () -- C:\Documents and Settings\Robbie\JMJ-20110528-172056-000264-USA-MN-MurphyHanrehan-ALFL.mp3
[2011/07/01 10:55:48 | 000,790,750 | ---- | M] () -- C:\Documents and Settings\Robbie\ALFLs5-20-2010-U.mp3
[2011/07/01 10:53:27 | 000,352,553 | ---- | M] () -- C:\Documents and Settings\Robbie\Empidonax_alnorum_MI-PHSGA_20070520_S7_ATC.mp3
[2011/07/01 09:54:59 | 000,730,145 | ---- | M] () -- C:\Documents and Settings\Robbie\AcadianFlycatcher4.mp3
[2011/07/01 09:53:08 | 000,260,022 | ---- | M] () -- C:\Documents and Settings\Robbie\Empidonax_virescens_20080522_MI-NWP_S1_ATC.mp3
[2011/07/01 09:49:35 | 000,545,998 | ---- | M] () -- C:\Documents and Settings\Robbie\cp0205xc_Empidonax_virescens_17may2007_Tremont.mp3
[2011/07/01 09:47:34 | 000,368,292 | ---- | M] () -- C:\Documents and Settings\Robbie\ACFL.MP3
[2011/07/01 09:45:57 | 000,182,884 | ---- | M] () -- C:\Documents and Settings\Robbie\acadianflycatcher.wav
[2011/07/01 09:43:57 | 000,004,911 | ---- | M] () -- C:\Documents and Settings\Robbie\h4663so.mp3
[2011/07/01 09:42:57 | 000,016,091 | ---- | M] () -- C:\Documents and Settings\Robbie\h4670so.mp3
[2011/07/01 09:36:21 | 000,023,092 | ---- | M] () -- C:\Documents and Settings\Robbie\h4650so.mp3
[2011/06/30 13:39:19 | 000,026,438 | ---- | M] () -- C:\Documents and Settings\Robbie\pingpongbird.mp3
[2011/06/30 13:12:08 | 000,026,438 | ---- | M] () -- C:\Documents and Settings\Robbie\pingpongbird.mpg
[2011/06/30 12:47:54 | 000,005,375 | ---- | M] () -- C:\Documents and Settings\Robbie\DSC_0967.JPG
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/18 19:13:09 | 3220,160,512 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/18 18:42:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Robbie\MBR.dat
[2011/07/18 17:38:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Robbie\defogger_reenable
[2011/07/18 17:27:28 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/08 10:03:44 | 001,457,231 | ---- | C] () -- C:\2011-06 Camden.jlb
[2011/07/01 10:58:56 | 000,338,627 | ---- | C] () -- C:\Documents and Settings\Robbie\ALFL2010-5-20-2.mp3
[2011/07/01 10:58:30 | 001,501,265 | ---- | C] () -- C:\Documents and Settings\Robbie\alderflycatcher_feebeeo.mp3
[2011/07/01 10:56:02 | 000,251,274 | ---- | C] () -- C:\Documents and Settings\Robbie\JMJ-20110528-172056-000264-USA-MN-MurphyHanrehan-ALFL.mp3
[2011/07/01 10:55:30 | 000,790,750 | ---- | C] () -- C:\Documents and Settings\Robbie\ALFLs5-20-2010-U.mp3
[2011/07/01 10:53:27 | 000,352,553 | ---- | C] () -- C:\Documents and Settings\Robbie\Empidonax_alnorum_MI-PHSGA_20070520_S7_ATC.mp3
[2011/07/01 09:54:57 | 000,730,145 | ---- | C] () -- C:\Documents and Settings\Robbie\AcadianFlycatcher4.mp3
[2011/07/01 09:53:08 | 000,260,022 | ---- | C] () -- C:\Documents and Settings\Robbie\Empidonax_virescens_20080522_MI-NWP_S1_ATC.mp3
[2011/07/01 09:49:35 | 000,545,998 | ---- | C] () -- C:\Documents and Settings\Robbie\cp0205xc_Empidonax_virescens_17may2007_Tremont.mp3
[2011/07/01 09:47:34 | 000,368,292 | ---- | C] () -- C:\Documents and Settings\Robbie\ACFL.MP3
[2011/07/01 09:45:57 | 000,182,884 | ---- | C] () -- C:\Documents and Settings\Robbie\acadianflycatcher.wav
[2011/07/01 09:43:56 | 000,004,911 | ---- | C] () -- C:\Documents and Settings\Robbie\h4663so.mp3
[2011/07/01 09:42:56 | 000,016,091 | ---- | C] () -- C:\Documents and Settings\Robbie\h4670so.mp3
[2011/07/01 09:36:21 | 000,023,092 | ---- | C] () -- C:\Documents and Settings\Robbie\h4650so.mp3
[2011/06/30 13:39:19 | 000,026,438 | ---- | C] () -- C:\Documents and Settings\Robbie\pingpongbird.mp3
[2011/06/30 13:12:08 | 000,026,438 | ---- | C] () -- C:\Documents and Settings\Robbie\pingpongbird.mpg
[2011/06/30 12:47:51 | 000,005,375 | ---- | C] () -- C:\Documents and Settings\Robbie\DSC_0967.JPG
[2011/03/10 16:40:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Robbie\Local Settings\Application Data\PUTTY.RND
[2011/01/06 10:45:21 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/01/06 10:45:21 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/01/06 10:45:21 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2010/12/02 14:43:24 | 000,244,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/22 09:54:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/30 13:18:14 | 000,026,532 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/26 08:28:37 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2010/05/26 08:28:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL
[2010/05/26 08:28:22 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2010/05/26 08:28:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2010/05/26 08:28:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2010/05/26 08:28:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2010/05/26 08:28:22 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2010/03/29 13:55:07 | 000,000,582 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2010/03/29 13:53:39 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2009/10/18 13:45:00 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Robbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/22 09:27:54 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\Regobj.dll
[2009/06/22 09:27:50 | 000,131,107 | ---- | C] () -- C:\WINDOWS\System32\cn.dll
[2009/05/18 19:50:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/18 19:23:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/18 17:20:13 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/05/18 17:20:12 | 000,795,904 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009/05/18 17:20:12 | 000,229,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2009/05/18 17:20:12 | 000,021,605 | ---- | C] () -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2009/05/18 17:20:12 | 000,015,668 | ---- | C] () -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2009/05/18 17:20:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\vetntmsg.dll
[2009/05/18 16:57:28 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Robbie\Local Settings\Application Data\fusioncache.dat
[2009/04/30 19:01:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/04/30 14:59:06 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/04/30 14:59:06 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/04/30 14:59:06 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/04/30 14:59:06 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/04/30 14:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/04/30 14:59:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2009/04/30 14:58:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/04/30 14:58:12 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/30 12:29:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/30 12:14:32 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 17:26:23 | 000,784,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/04/25 12:16:37 | 000,769,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\update.sys
[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 12:16:22 | 000,466,744 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 12:16:22 | 000,079,834 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 12:16:16 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys
[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 05:24:34 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 05:21:52 | 003,650,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/13 18:06:06 | 000,288,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/05/18 17:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2011/01/06 12:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2010/03/29 14:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2011/01/25 17:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/04/30 12:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/07/18 17:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/30 07:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Word
[2011/02/10 16:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/09 12:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\#ISW.FS#
[2010/12/13 17:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Barnes & Noble
[2011/02/24 18:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\calibre
[2011/01/06 12:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\CheckPoint
[2010/12/07 08:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Digiarty
[2010/06/30 12:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/13 10:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Galactic Magnate
[2011/01/06 12:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\MailFrontier
[2010/06/30 11:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/12/14 07:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Mobipocket
[2010/03/29 13:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\MyHeritage
[2010/11/23 13:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\PhotoScape
[2011/06/21 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\PriceGong
[2009/05/20 13:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Smith Micro
[2010/10/01 13:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\SpinTop
[2010/09/01 09:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\TeamViewer
[2009/05/24 12:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\TextPad
[2010/03/29 13:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\The Complete Genealogy Reporter - FTB
[2011/07/18 08:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\The Word
[2009/04/30 12:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Windows Desktop Search
[2009/05/18 18:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Windows Search
[2011/07/18 07:38:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\FlockUpdateTaskUserS-1-5-21-4098510575-1669955942-3198683908-1005Core.job
[2011/07/18 18:38:37 | 000,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\FlockUpdateTaskUserS-1-5-21-4098510575-1669955942-3198683908-1005UA.job
[2011/07/18 19:13:49 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFFC859A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP