I am not sure how this virus was acquired as he says he only went on Sky Sports and Facebook.
I have tried Malwarebytes (which cannot detect it), Panda Cloud which does a full scan, but cancels at the end as it doesn't detect an internet connection (although I am connected at the time of scan). Windows Defender cannot check for new definitions/updates. Windows Malicious software predicts I have 1854 infected files but can only partially remove it, and it just seems to replicate as soon as I reboot.
I cannot load any Microsoft pages from the internet, or other anti virus pages.
And most of all I cannot boot into SAFE mode as the thing prevents me from doing so. Here is the OTL log:
OTL logfile created on: 11/10/2011 23:04:53 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\deafadmin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.52% Memory free
3.85 Gb Paging File | 3.52 Gb Available in Paging File | 91.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.87 Gb Total Space | 76.22 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Drive D: | 687.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: DMOBILE-006 | User Name: deafadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/11 17:00:20 | 000,699,921 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deafadmin\Desktop\OTL.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/10/30 17:29:58 | 000,136,448 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2009/10/30 17:29:02 | 000,361,728 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/04/16 12:02:46 | 003,055,976 | ---- | M] () -- C:\Program Files\Keyboard Driver\PS2USBKbdDrv.exe
PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/30 00:17:46 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\deafadmin\Local Settings\Application Data\BluetoothEventapi\iTunesMobileplugin.dll
MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/25 16:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/04/16 12:02:46 | 003,055,976 | ---- | M] () -- C:\Program Files\Keyboard Driver\PS2USBKbdDrv.exe
MOD - [2007/02/14 12:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll
MOD - [2007/02/14 12:55:12 | 000,099,888 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll
MOD - [2006/03/14 08:46:40 | 000,041,078 | ---- | M] () -- C:\Program Files\Keyboard Driver\keydll.dll
MOD - [2004/04/25 09:27:46 | 000,429,568 | ---- | M] () -- C:\Program Files\Keyboard Driver\Dllmkkbd.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/10/30 17:29:58 | 000,136,448 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
DRV - [2009/10/30 16:18:02 | 000,146,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2009/10/13 15:50:56 | 000,114,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2009/10/13 15:50:56 | 000,101,512 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2009/10/13 15:50:56 | 000,095,880 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/12 18:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/07 17:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.g...smb&ibd=1080424
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.g...smb&ibd=1080424
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=1080424
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=1080424
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=1080424
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=1080424
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\deafadmin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
[2011/06/23 05:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deafadmin\Application Data\Mozilla\Extensions
[2011/03/02 06:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/14 21:03:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/09/13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/12/14 21:03:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/12/17 18:16:14 | 000,184,757 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npkimi.dll
[2010/03/08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2009/09/13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/02/02 00:33:12 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...ie=utf8&oe=utf8
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Click to call with Skype = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2231839A-F38E-4066-BF3C-959006189942} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (304434 Class) - {7A2F3A2E-4B59-4932-B2C3-2E7F13B03207} - Reg Error: Value error. File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (384043 Class) - {E6823149-FB2D-492B-BBF3-7389334DDD97} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WireLessKeyboard] C:\Program Files\Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe File not found
O4 - HKU\S-1-5-21-1334133724-2762677326-734048796-1005..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1334133724-2762677326-734048796-1005..\Run: [iTunesMobileplugin] C:\Documents and Settings\deafadmin\Local Settings\Application Data\BluetoothEventapi\iTunesMobileplugin.dll ()
O4 - HKU\S-1-5-21-1334133724-2762677326-734048796-1005..\Run: [JxfHrwla] C:\Documents and Settings\deafadmin\Local Settings\Application Data\brnuhwcj\jxfhrwla.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://update.micros...b?1139406804265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/d...lugin_0.5.1.cab (Imikimi_activex_plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABBC4CF9-F751-4882-9256-B45B46681103}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\deafadmin\Local Settings\Application Data\brnuhwcj\jxfhrwla.exe) -C:\Documents and Settings\deafadmin\Local Settings\Application Data\brnuhwcj\jxfhrwla.exe File not found
O24 - Desktop WallPaper: C:\Documents and Settings\deafadmin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\deafadmin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/03 11:56:41 | 000,000,030 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{79fffa22-7038-11dd-aca4-001d09cf54bf}\Shell\AutoRun\command - "" = E:\umenu.exe
O33 - MountPoints2\{9cf6eaf0-162d-11dd-abbc-001d09cf54bf}\Shell - "" = AutoRun
O33 - MountPoints2\{9cf6eaf0-162d-11dd-abbc-001d09cf54bf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9cf6eaf0-162d-11dd-abbc-001d09cf54bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/10/11 17:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/10/11 17:00:06 | 000,699,921 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\deafadmin\Desktop\OTL.exe
[2011/10/11 03:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2011/10/11 00:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\Application Data\QuickScan
[2011/10/11 00:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/10/11 00:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/10/10 21:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\My Documents\MY PICTURES
[2011/10/06 17:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\Local Settings\Application Data\brnuhwcj
[2011/10/03 12:52:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\deafadmin\Recent
[2011/09/29 13:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\Local Settings\Application Data\BluetoothEventapi
[2011/09/20 15:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\Application Data\Unity
[2011/09/20 15:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\Local Settings\Application Data\Unity
[2011/09/14 03:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\My Documents\VIRUS INFO
[2011/09/14 01:58:15 | 000,000,000 | ---D | C] -- C:\394176c79af041a89388
[2011/09/14 01:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/14 01:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/13 01:22:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/09/13 01:22:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\deafadmin\Start Menu\Programs\Administrative Tools
[2011/09/13 00:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/12 21:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/09/12 13:40:05 | 000,000,000 | ---D | C] -- C:\temp
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/10/11 23:06:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/11 23:03:48 | 000,041,638 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/10/11 23:03:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/11 23:03:19 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 23:03:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/11 23:03:03 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/11 22:33:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1334133724-2762677326-734048796-1005UA.job
[2011/10/11 22:28:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/11 20:33:03 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1334133724-2762677326-734048796-1005Core.job
[2011/10/11 17:01:02 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\deafadmin\My Documents\Shortcut to OTL.lnk
[2011/10/11 17:00:20 | 000,699,921 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deafadmin\Desktop\OTL.exe
[2011/10/11 16:53:15 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 03:52:28 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/10/11 03:50:41 | 000,095,329 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1318301298.bdinstall.bin
[2011/10/11 01:40:46 | 000,454,960 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2011/10/11 01:24:18 | 000,000,303 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/10/11 01:06:07 | 000,015,155 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/10/11 01:03:06 | 000,156,434 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1318291022.bdinstall.bin
[2011/10/11 01:01:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/10 20:53:14 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/10 16:45:44 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2011/10/09 20:36:58 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\deafadmin\Desktop\Shortcut to MICROSOFT SECURITY SCANNER.lnk
[2011/10/07 09:42:22 | 000,041,638 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/09/28 10:23:18 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/09/28 10:23:18 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/09/14 18:47:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/14 03:36:08 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\deafadmin\Desktop\MSE.lnk
[2011/09/13 22:42:55 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\deafadmin\My Documents\SECURITY_WINDOWS DEFENDER.msi
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/10/11 17:05:33 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/11 17:02:21 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/10/11 17:01:02 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\deafadmin\My Documents\Shortcut to OTL.lnk
[2011/10/11 03:52:28 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/10/11 03:50:41 | 000,095,329 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1318301298.bdinstall.bin
[2011/10/11 01:24:11 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/10/11 01:06:07 | 000,015,155 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/10/11 01:03:05 | 000,156,434 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1318291022.bdinstall.bin
[2011/10/11 01:01:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/10 16:45:44 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011/10/09 20:36:58 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\deafadmin\Desktop\Shortcut to MICROSOFT SECURITY SCANNER.lnk
[2011/09/28 10:23:18 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/09/28 10:23:18 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/09/14 23:09:59 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials (2).lnk
[2011/09/14 03:36:08 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\deafadmin\Desktop\MSE.lnk
[2011/09/13 22:42:47 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\deafadmin\My Documents\SECURITY_WINDOWS DEFENDER.msi
[2011/09/12 17:46:58 | 2145,427,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/11 21:00:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/22 16:14:22 | 000,695,642 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/08/22 16:14:22 | 000,003,558 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/06/29 20:24:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/01/25 15:53:06 | 000,032,608 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2011/01/13 15:59:33 | 000,855,641 | ---- | C] () -- C:\Documents and Settings\deafadmin\Application Data\PandaIDProtectHelp.chm
[2010/12/24 14:01:52 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\deafadmin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/08 18:04:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/18 12:25:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/06/18 12:23:41 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2008/05/06 09:23:55 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/30 09:21:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/29 20:01:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/24 06:22:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/24 06:14:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/24 06:10:05 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/04/24 06:08:52 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008/04/24 05:46:24 | 000,041,638 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/04/24 05:39:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/24 05:39:25 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/04/24 05:38:43 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/04/24 05:38:43 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/04/24 05:38:43 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/04/24 05:38:43 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/24 05:38:42 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/24 05:38:41 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/04/24 05:38:40 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/04/24 05:38:39 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/04/24 05:36:52 | 000,001,201 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 17:24:19 | 000,000,879 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,286,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,486,496 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,081,674 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== LOP Check ==========
[2010/03/03 15:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/09/11 22:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dD01610AiOoL01610
[2008/04/29 20:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/06/26 03:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2011/01/13 00:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2008/04/29 19:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/06/12 02:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D76DB64A-6787-493A-8CB7-B5039C330204}
[2008/04/29 20:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\ESET
[2011/01/18 20:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\ICAClient
[2011/05/07 17:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\LG Electronics
[2011/04/29 02:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\Opera
[2011/01/13 03:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\Panda Security
[2011/10/11 00:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\QuickScan
[2011/01/13 00:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\SurfSecret Privacy Suite
[2011/03/16 18:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\tmp
[2011/09/20 15:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\Unity
[2011/02/08 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\pandasecuritytb
[2011/02/08 23:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SurfSecret Privacy Suite
[2011/10/11 23:06:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >