Computer Infected with something and google keeps redirecting

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
←
1
2

You cannot start a new topic
This topic is locked

Computer Infected with something and google keeps redirecting Do not know how to remove it. Please help!

#16 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 02 May 2011 - 08:00 PM

Hi jaguar1,

Did you set those proxy settings:

Quote

FF - prefs.js..network.proxy.ftp: "sbcglobal.yahoo.com"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "sbcglobal.yahoo.com"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "sbcglobal.yahoo.com"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "sbcglobal.yahoo.com"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "sbcglobal.yahoo.com"
FF - prefs.js..network.proxy.ssl_port: 80

Do you know what these folders are and if you created them?

Quote

[2008/03/02 06:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Afson
[2010/09/22 08:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Akmoe
[2010/09/23 04:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Anutal
[2004/08/29 06:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Atexfu
[2007/07/20 00:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Dazusu
[2010/09/23 04:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ecxy
[2005/09/01 03:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Egco
[2005/05/11 19:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ezonfe
[2010/09/23 04:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Haiv
[2004/04/17 03:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ibuvti
[2010/09/23 04:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ifygt
[2007/05/15 21:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Iwyt
[2010/09/23 04:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Kiri
[2010/09/23 04:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Kuimy
[2010/09/22 08:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Kumeo
[2010/08/22 10:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Mafui
[2010/09/23 04:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Maop
[2006/06/27 20:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Moxa
[2010/09/04 00:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Naxiz
[2004/09/05 20:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Nixe
[2010/07/24 13:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Owpyal
[2010/09/23 04:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ozfao
[2005/12/26 01:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Roymh
[2011/04/26 18:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Sammsoft
[2010/09/23 04:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Siryaf
[2010/09/12 14:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Uzse
[2005/01/10 07:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Worox
[2010/09/23 04:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Xoku
[2010/09/22 07:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ykzy
[2004/11/30 09:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Zabi

STEP 1 UPDATING TASKS

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader X to your PC's desktop.

* Uninstall Adobe Reader 9.4.1 via Start => Control Panel > Add/Remove Programs
* Install the new downloaded updated software.

Note: Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
Posted Image

Note: Adobe Reader X is a large program and if you prefer a smaller program you can get Foxit Reader 4 x instead.

Foxit Reader 4x offer 5 levels of security. Click Me for more information.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

Upgrading Java:

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 25 .
Click the JDK 6 Update 25 (JDK or JRE) "Download JRE" button to the right.
Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation ( jre-6u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. (Java™ 6 Update 20 and Java 2 Runtime Environment, SE v1.4.2)
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u25-windows-i586.exe and select "Run as an Administrator.")

Your Mozilla Firefox is out of date!

You can download and install the latest version 4.0.1 from here if you want.
I would recommend you to do a backup of your existing profile using Mozbackup before you proceed with the update (just in case).

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.

Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.

You can check these by visiting Secunia Software Inspector and Calendar of Updates.

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:OTL
SRV - File not found [Auto | Stopped] -- -- (MSK80Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (Avg7UpdSvc)
SRV - File not found [Auto | Stopped] -- -- (Avg7Alrt)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.pestpatrol.com/pestscan/pestscan.cab (Reg Error: Key error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://actris.mlxchange.com/4.2.08.30/Control/IRCSharc.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://realist2.firstamres.com/mapviewer/mapviewer.cab (Reg Error: Key error.)
[2007/03/19 20:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2007/03/19 20:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/03/19 20:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
[2007/03/19 19:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft(3)
[2007/11/29 13:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/03/19 20:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2007/03/19 20:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\AVG7
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Office\Desktop\MozillaCacheView.chm:SummaryInformation
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E985157
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
:commands
[reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

Regards,
Georgi

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#17 jaguar1

New Member

Group: Members
Posts: 11
Joined: 28-April 11

Posted 03 May 2011 - 12:33 PM

Georgi,

Proxy Settings: I believe that the proxy settings are for my e-mail account.

Folders: I have no clue what these folders are for or relate to.

Adobe Reader: Deleted Adobe reader through ADD/REMOVE programs and installed FOXIT READER.

JAVA: Was able to delete JAVA 2 runtime environment, SE V1.4.2 but ADD/REMOVE program would not let me delete the JAVA 6 update 20. I rebooted the computer several times while trying to delete this program to no avail. Ultimately I downloaded the UPDATE 25 and when I looked in the ADD/DELETE program the Update 20 had disappeared and just showed the Update 25 program. I then deleted the Update 25 program and was successful. Then I reinstalled the Update 25.

Mozilla Firefox. Updated this program.

Viewpoint Programs: Deleted all.

Secunia Software: Ran program and updated all software except for one program. Even though I downloaded the update to Adobe Flash Player 10.X (Active X) numerous times; repeated Secunia scans show this file as not updated.

Calendar of Updates. Could not figure out how to scan my files with this site.

OTL fix. Ran OTL with the copy and paste info and rebooted computer but did not receive a report. Was I suppose to check the boxes that we changed before prior to running the "Run Fix" button?

Thanks.

#18 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 04 May 2011 - 02:33 AM

Hi,

I'll be able to reply later today as I must go to work now.
Stay tuned and sorry for the inconvenience.

Regards,
Georgi

This post has been edited by B-boy/StyLe/: 04 May 2011 - 02:34 AM
Reason for edit: typo.

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#19 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 04 May 2011 - 06:17 PM

Hi jaguar1,

Quote

Proxy Settings: I believe that the proxy settings are for my e-mail account.

Okey, thanks for letting me know.

Quote

Folders: I have no clue what these folders are for or relate to.

In this case please, go in there then see if there are any files. If there are any, upload them here for a scan: www.virustotal.com and let me know the results in your next post. <-- Important, don't run any files from those folders to avoid re-infection.

Quote

OTL fix. Ran OTL with the copy and paste info and rebooted computer but did not receive a report. Was I suppose to check the boxes that we changed before prior to running the "Run Fix" button?

I need to see the OTL log to see if the script worked.

Please do this: ... navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.

Copy/paste the contents of that document back here in your next post.

Regards,
Georgi

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#20 jaguar1

New Member

Group: Members
Posts: 11
Joined: 28-April 11

Posted 05 May 2011 - 09:05 AM

Good Morning Georgi,

First of all thanks for all of your help.

Folders:

Some folders had files and some did not. The ones that did have files were uploaded and scanned through virustotal and there were no infections indicated.

OTL log:

Attached is the last OTL log dated 05/03/2011 at 12:06:23 pm

========== OTL ==========
Error: No service named MSK80Service was found to stop!
Service\Driver key MSK80Service not found.
Error: No service named HidServ was found to stop!
Service\Driver key HidServ not found.
Error: No service named Avg7UpdSvc was found to stop!
Service\Driver key Avg7UpdSvc not found.
Error: No service named Avg7Alrt was found to stop!
Service\Driver key Avg7Alrt not found.
Starting removal of ActiveX control {193C772A-87BE-4B19-A7BB-445B226FE9A1}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ not found.
Starting removal of ActiveX control {4B48D5DF-9021-45F7-A240-60304302A215}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4B48D5DF-9021-45F7-A240-60304302A215}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B48D5DF-9021-45F7-A240-60304302A215}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4B48D5DF-9021-45F7-A240-60304302A215}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B48D5DF-9021-45F7-A240-60304302A215}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {56393399-041A-4650-94C7-13DFCB1F4665}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56393399-041A-4650-94C7-13DFCB1F4665}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56393399-041A-4650-94C7-13DFCB1F4665}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{56393399-041A-4650-94C7-13DFCB1F4665}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56393399-041A-4650-94C7-13DFCB1F4665}\ not found.
Starting removal of ActiveX control {77E32299-629F-43C6-AB77-6A1E6D7663F6}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{77E32299-629F-43C6-AB77-6A1E6D7663F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77E32299-629F-43C6-AB77-6A1E6D7663F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{77E32299-629F-43C6-AB77-6A1E6D7663F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77E32299-629F-43C6-AB77-6A1E6D7663F6}\ not found.
Starting removal of ActiveX control {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {F375116A-793C-11D2-BFE1-444553540001}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F375116A-793C-11D2-BFE1-444553540001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F375116A-793C-11D2-BFE1-444553540001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F375116A-793C-11D2-BFE1-444553540001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F375116A-793C-11D2-BFE1-444553540001}\ not found.
Folder C:\Documents and Settings\All Users\Application Data\AVG7\ not found.
Folder C:\Documents and Settings\All Users\Application Data\Grisoft\ not found.
Folder C:\Documents and Settings\All Users\Application Data\Grisoft(2)\ not found.
Folder C:\Documents and Settings\All Users\Application Data\Grisoft(3)\ not found.
Folder C:\Documents and Settings\All Users\Application Data\Viewpoint\ not found.
Folder C:\Documents and Settings\LocalService\Application Data\AVG7\ not found.
Folder C:\Documents and Settings\Office\Application Data\AVG7\ not found.
Unable to delete ADS C:\Documents and Settings\Office\Desktop\MozillaCacheView.chm:SummaryInformation .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:9E985157 .
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05032011_120623

#21 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 05 May 2011 - 02:38 PM

Hi jaguar1,

STEP 1

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:OTL
[2008/03/02 06:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Afson
[2010/09/22 08:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Akmoe
[2010/09/23 04:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Anutal
[2004/08/29 06:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Atexfu
[2007/07/20 00:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Dazusu
[2010/09/23 04:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ecxy
[2005/09/01 03:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Egco
[2005/05/11 19:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ezonfe
[2010/09/23 04:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Haiv
[2004/04/17 03:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ibuvti
[2010/09/23 04:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ifygt
[2007/05/15 21:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Iwyt
[2010/09/23 04:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Kiri
[2010/09/23 04:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Kuimy
[2010/09/22 08:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Kumeo
[2010/08/22 10:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Mafui
[2010/09/23 04:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Maop
[2006/06/27 20:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Moxa
[2010/09/04 00:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Naxiz
[2004/09/05 20:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Nixe
[2010/07/24 13:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Owpyal
[2010/09/23 04:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ozfao
[2005/12/26 01:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Roymh
[2010/09/23 04:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Siryaf
[2010/09/12 14:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Uzse
[2005/01/10 07:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Worox
[2010/09/23 04:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Xoku
[2010/09/22 07:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Ykzy
[2004/11/30 09:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Zabi
:commands
[reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

STEP 2

I want to be sure that nothing reappeared. Please perform the following scan:

We need to run an OTL Custom Scan

Please download OTL from the link below:
- OTL.exe
Save it to your desktop.
Double click on the icon on your desktop.
OTL should now start. Change the following settings:
- Click on Scan All Users checkbox given at the top.
- Under File Scans, change File age to 90
- Under the Standard Registry box change it to All
- Check the boxes beside LOP Check and Purity Check.

Copy and Paste the following code into the Posted Image

textbox.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\AppData\*.*
%USERPROFILE%\My Documents\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop

Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

How are the things now ? Are there any problems left ?

Regards,
Georgi

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#22 jaguar1

New Member

Group: Members
Posts: 11
Joined: 28-April 11

Posted 05 May 2011 - 05:13 PM

Georgi,

Thanks for hanging in there with me. Truly appreciated.

Here are the logs that you requested. At the end of the OTL scan I did not get an extra.txt file.

Lastly, the computer seems to be working fine. What does these latest logs tell you?

========== OTL ==========
C:\Documents and Settings\Office\Application Data\Afson folder moved successfully.
C:\Documents and Settings\Office\Application Data\Akmoe folder moved successfully.
C:\Documents and Settings\Office\Application Data\Anutal folder moved successfully.
C:\Documents and Settings\Office\Application Data\Atexfu folder moved successfully.
C:\Documents and Settings\Office\Application Data\Dazusu folder moved successfully.
C:\Documents and Settings\Office\Application Data\Ecxy folder moved successfully.
C:\Documents and Settings\Office\Application Data\Egco folder moved successfully.
C:\Documents and Settings\Office\Application Data\Ezonfe folder moved successfully.
C:\Documents and Settings\Office\Application Data\Haiv folder moved successfully.
C:\Documents and Settings\Office\Application Data\Ibuvti folder moved successfully.
C:\Documents and Settings\Office\Application Data\Ifygt folder moved successfully.
C:\Documents and Settings\Office\Application Data\Iwyt folder moved successfully.
C:\Documents and Settings\Office\Application Data\Kiri folder moved successfully.
C:\Documents and Settings\Office\Application Data\Kuimy folder moved successfully.
C:\Documents and Settings\Office\Application Data\Kumeo folder moved successfully.
C:\Documents and Settings\Office\Application Data\Mafui folder moved successfully.
C:\Documents and Settings\Office\Application Data\Maop folder moved successfully.
C:\Documents and Settings\Office\Application Data\Moxa folder moved successfully.
C:\Documents and Settings\Office\Application Data\Naxiz folder moved successfully.
C:\Documents and Settings\Office\Application Data\Nixe folder moved successfully.
C:\Documents and Settings\Office\Application Data\Owpyal folder moved successfully.
C:\Documents and Settings\Office\Application Data\Ozfao folder moved successfully.
C:\Documents and Settings\Office\Application Data\Roymh folder moved successfully.
C:\Documents and Settings\Office\Application Data\Siryaf folder moved successfully.
C:\Documents and Settings\Office\Application Data\Uzse folder moved successfully.
C:\Documents and Settings\Office\Application Data\Worox folder moved successfully.
C:\Documents and Settings\Office\Application Data\Xoku folder moved successfully.
C:\Documents and Settings\Office\Application Data\Ykzy folder moved successfully.
C:\Documents and Settings\Office\Application Data\Zabi folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05052011_155723

OTL logfile created on: 5/5/2011 4:26:42 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Office\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 3200 4086 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 26.97 Gb Free Space | 24.14% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 378.99 Gb Free Space | 81.37% Space Free | Partition Type: NTFS

Computer Name: CRAIG1 | User Name: Office | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 16:24:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Office\Desktop\OTL.exe
PRC - [2011/05/03 10:22:02 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/30 19:01:50 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 19:00:10 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/30 14:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/09/15 13:13:30 | 000,299,008 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2008/08/27 19:30:04 | 000,152,824 | ---- | M] (CardScan, Inc.) -- C:\Program Files\CardScan\CardScan\CardScanAgent.exe
PRC - [2008/08/13 18:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtMon.exe
PRC - [2005/06/07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003/12/03 06:40:28 | 000,118,784 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2003/08/13 11:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/02/20 17:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2002/10/29 10:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

========== Modules (SafeList) ==========

MOD - [2011/05/05 16:24:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Office\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/02/20 17:45:52 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011/03/30 19:00:10 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 18:57:40 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\SYSTEM32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/09/15 13:13:30 | 000,299,008 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/04/03 18:12:14 | 000,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/08/11 01:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 22:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/02/10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 23:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 23:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 23:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/07 02:20:00 | 000,024,888 | ---- | M] (NewSoft Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/24 18:38:05 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/25 11:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/03/27 11:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 16:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 16:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 16:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 16:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PFMODNT.SYS -- (PfModNT)
DRV - [2003/02/20 17:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2003/02/20 17:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 17:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 17:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 13:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XND5.SYS -- (EL90X)
DRV - [2001/02/18 10:09:56 | 000,009,312 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hp4200c.sys -- (hp4200c)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tb50-ff-dlink-chromesbox-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.9.1
FF - prefs.js..extensions.enabledItems: {926a10d2-4ce7-4331-b96f-ca4e22590fac}:5.45.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.16
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=tb50-ff-dlink-ab-en-us&query="
FF - prefs.js..network.proxy.ftp: "sbcglobal.yahoo.com"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "sbcglobal.yahoo.com"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "sbcglobal.yahoo.com"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "sbcglobal.yahoo.com"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "sbcglobal.yahoo.com"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 03:00:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/03 10:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/05/03 11:49:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 10:22:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 10:23:47 | 000,000,000 | ---D | M]

[2008/12/11 09:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Office\Application Data\Mozilla\Extensions
[2008/12/11 09:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Office\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/03 09:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Office\Application Data\Mozilla\Firefox\Profiles\jcnm41fs.default\extensions
[2010/06/14 13:17:23 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Documents and Settings\Office\Application Data\Mozilla\Firefox\Profiles\jcnm41fs.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}
[2011/05/03 09:22:17 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Office\Application Data\Mozilla\Firefox\Profiles\jcnm41fs.default\extensions\piclens@cooliris.com
[2010/06/14 13:17:33 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Office\Application Data\Mozilla\Firefox\Profiles\jcnm41fs.default\searchplugins\aol-search.xml
[2011/05/03 11:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/03 09:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/05/03 11:50:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/03 10:22:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/05/03 11:49:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/06/19 04:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2008/06/19 04:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
[2011/05/03 11:49:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2011/05/03 10:22:37 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2011/05/03 09:48:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/05/03 09:48:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/05/03 09:48:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/05/03 09:48:49 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/05/03 09:48:49 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/05/03 09:48:49 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/05/03 09:48:49 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/05/03 09:48:49 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
[2011/05/03 10:23:47 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2011/05/03 10:22:18 | 000,105,472 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/01/01 03:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 03:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 03:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/04/29 08:50:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101108153607.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [CardScanAgent] C:\Program Files\CardScan\CardScan\CardScanAgent.exe (CardScan, Inc.)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hplampc] C:\WINDOWS\SYSTEM32\hplampc.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-3979482497-2800649904-4014859138-1007\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186964579546 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4350/mcfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/29 12:38:03 | 000,000,014 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/03/29 12:38:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.LTS -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\SYSTEM32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2011/05/05 15:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/05/04 11:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\My Documents\Downloads
[2011/05/04 07:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/03 11:59:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/03 11:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/03 11:50:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/03 11:50:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/03 11:50:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/03 11:50:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/03 10:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/03 10:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/03 10:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/03 10:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/03 10:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/03 10:22:38 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/03 10:22:11 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/03 10:22:11 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/03 10:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/05/03 10:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/05/03 09:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/05/03 09:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/05/03 09:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/03 09:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2011/05/03 09:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MozBackup
[2011/05/03 08:51:00 | 016,537,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Office\Desktop\jre-6u25-windows-i586.exe
[2011/05/03 08:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\Application Data\Foxit Software
[2011/05/03 08:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/05/03 08:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/05/02 08:58:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Office\Desktop\OTL.exe
[2011/04/29 15:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/29 14:05:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Office\Recent
[2011/04/29 13:26:19 | 000,567,296 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Office\Desktop\aswMBR.exe
[2011/04/29 12:28:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/29 11:20:52 | 004,406,784 | ---- | C] (Geza Kovacs) -- C:\Documents and Settings\Office\Desktop\unetbootin-xpud-windows-387.exe
[2011/04/29 08:37:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/29 08:34:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/29 08:34:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/29 08:34:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/29 08:34:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/29 08:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/29 08:32:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 20:20:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Office\Desktop\1.com
[2011/04/28 20:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\Desktop\tdsskiller
[2011/04/28 19:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\Desktop\ERDNT
[2011/04/28 19:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\Desktop\erunt
[2011/04/28 08:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\Desktop\gmer
[2011/04/26 18:33:18 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/04/26 18:33:17 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/04/26 18:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
[2011/04/26 18:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\Application Data\TuneUp Software
[2011/04/26 18:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011/04/26 18:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/04/26 18:32:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/04/26 18:04:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/26 18:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/26 18:04:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/26 18:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/26 17:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\Application Data\Sammsoft
[2011/04/12 08:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\PrivacIE
[2011/04/12 08:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\IETldCache
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/03/28 09:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/28 09:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/03/12 11:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\My Documents\TEAC DV-W58 fw D0N
[2011/03/12 11:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Office\Start Menu\Programs\Dell Inc
[2011/03/12 10:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2011/02/11 08:25:52 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2004/08/25 12:22:08 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2004/02/24 15:36:01 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/05/05 16:24:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Office\Desktop\OTL.exe
[2011/05/05 16:00:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 15:59:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 15:59:12 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3979482497-2800649904-4014859138-1007.job
[2011/05/05 15:59:06 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/05 15:58:55 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/05/05 15:58:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/05 15:58:33 | 3220,230,144 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 15:57:56 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/05/05 15:57:56 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/05/05 15:57:56 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/05/05 15:57:56 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/05/05 15:57:56 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/05/05 15:57:56 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/05/05 15:57:56 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/05/05 15:57:56 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/05/05 15:57:30 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2011/05/05 01:36:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/04 15:19:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2011/05/04 14:56:22 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3979482497-2800649904-4014859138-1007.job
[2011/05/03 19:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/03 11:49:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/03 11:49:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/03 11:49:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/03 11:49:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/03 11:49:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/03 10:47:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/03 10:23:37 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/03 10:22:38 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/03 10:22:11 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/03 10:22:11 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/03 09:48:30 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/03 09:21:18 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Office\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/03 09:21:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/03 09:18:44 | 005,471,712 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\Firefox 3.0.16 (en-US) - 2011-05-03.pcv
[2011/05/03 09:17:30 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2011/05/03 09:17:18 | 001,035,926 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\MozBackup-1.5.1-EN.exe
[2011/05/03 08:51:00 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Office\Desktop\jre-6u25-windows-i586.exe
[2011/05/03 08:42:28 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Office\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/05/03 08:42:28 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/04/29 13:28:57 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\RKUnhookerLE.EXE
[2011/04/29 13:27:29 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\MBR.dat
[2011/04/29 13:26:23 | 000,567,296 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Office\Desktop\aswMBR.exe
[2011/04/29 11:57:36 | 004,333,078 | R--- | M] () -- C:\Documents and Settings\Office\Desktop\ComboFix.exe
[2011/04/29 11:21:06 | 004,406,784 | ---- | M] (Geza Kovacs) -- C:\Documents and Settings\Office\Desktop\unetbootin-xpud-windows-387.exe
[2011/04/29 11:19:47 | 067,108,864 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\xpud-0.9.2.iso
[2011/04/29 08:50:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/04/29 08:37:32 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/04/28 20:20:37 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Office\Desktop\1.com
[2011/04/28 19:46:42 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\erunt.zip
[2011/04/28 08:21:39 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\gmer.zip
[2011/04/27 08:13:45 | 000,000,159 | ---- | M] () -- C:\WINDOWS\System32\81cde678-1b27-4763-9e22-49d8065c6453.4.lrf
[2011/04/26 20:12:36 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\dds.scr
[2011/04/26 20:05:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Office\defogger_reenable
[2011/04/26 20:04:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\Defogger.exe
[2011/04/26 18:33:15 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/04/26 18:33:15 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/04/26 18:04:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 16:05:12 | 000,036,916 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20110426_160507.reg
[2011/04/22 10:14:53 | 000,036,015 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\97668884_1thumb_550x410.jpg
[2011/04/21 10:04:35 | 017,892,864 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\Contacts.cdb
[2011/04/19 10:34:13 | 000,058,802 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\New Labels.vls
[2011/04/16 09:01:42 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Office\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/16 09:01:35 | 000,451,940 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/04/16 09:01:35 | 000,074,642 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/04/16 03:33:36 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 11:09:49 | 000,182,785 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\texas-football-cheerleader.jpg
[2011/04/11 19:22:01 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20110411_192158.reg
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/04 15:05:29 | 000,006,493 | ---- | M] () -- C:\WINDOWS\System32\NEWSOFT
[2011/03/31 10:17:10 | 000,039,176 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20110331_101705.reg
[2011/03/30 19:02:28 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/03/30 18:57:40 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/03/23 19:19:03 | 000,014,164 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20110323_191859.reg
[2011/03/12 14:02:32 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Office\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/12 12:17:28 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\Microsoft Office Word 2003.lnk
[2011/03/12 12:00:43 | 000,013,303 | ---- | M] () -- C:\WINDOWS\123R5.INI
[2011/03/12 11:11:51 | 000,000,026 | ---- | M] () -- C:\WINDOWS\UpdaterDVW58E.INI
[2011/03/12 11:09:48 | 000,516,448 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\TEAC DV-W58 fw D0N.zip
[2011/03/12 10:38:35 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Burn CDs & DVDs with RecordNow!.lnk
[2011/03/12 10:26:36 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2011/03/07 00:33:50 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/03/04 01:45:07 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2011/03/04 01:45:07 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2011/03/04 01:45:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2011/03/04 01:45:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2011/03/03 08:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/03/03 08:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/03/03 01:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2011/02/25 19:37:39 | 000,710,474 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\billboardtranscript.pdf
[2011/02/23 17:45:12 | 000,002,421 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\CardScan.lnk
[2011/02/22 10:45:26 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Office\Desktop\Microsoft Office Excel 2003.lnk
[2011/02/20 12:57:50 | 000,000,755 | ---- | M] () -- C:\WINDOWS\lotus.ini
[2011/02/17 14:00:29 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/02/17 14:00:28 | 006,075,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/02/17 14:00:28 | 003,607,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/02/17 14:00:28 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2011/02/17 14:00:28 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2011/02/17 14:00:28 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/02/17 14:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2011/02/17 14:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/02/17 14:00:28 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/02/17 14:00:28 | 000,468,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2011/02/17 14:00:28 | 000,468,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/02/17 14:00:28 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2011/02/17 14:00:28 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2011/02/17 14:00:28 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2011/02/17 14:00:28 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2011/02/17 14:00:28 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/02/17 14:00:28 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2011/02/17 14:00:28 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2011/02/17 14:00:28 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2011/02/17 14:00:28 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2011/02/17 14:00:28 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2011/02/17 14:00:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2011/02/17 14:00:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/02/17 14:00:28 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2011/02/17 14:00:28 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2011/02/17 14:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2011/02/17 14:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2011/02/17 14:00:28 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2011/02/17 14:00:28 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2011/02/17 14:00:28 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2011/02/17 14:00:28 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2011/02/17 14:00:28 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/02/17 14:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2011/02/17 14:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2011/02/17 14:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2011/02/17 14:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2011/02/17 14:00:28 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2011/02/17 14:00:28 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2011/02/17 14:00:27 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2011/02/17 14:00:27 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2011/02/17 14:00:27 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2011/02/17 14:00:27 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2011/02/17 14:00:27 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2011/02/17 14:00:27 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2011/02/17 14:00:27 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2011/02/17 14:00:27 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2011/02/17 14:00:27 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011/02/17 06:44:16 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/02/17 06:43:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2011/02/17 06:43:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2011/02/15 07:56:39 | 000,290,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2011/02/15 07:56:39 | 000,290,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2011/02/14 07:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2011/02/14 07:15:36 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2011/02/14 07:15:36 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2011/02/11 08:25:52 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscover.exe
[2011/02/11 08:25:52 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/02/09 08:53:52 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/02/09 08:53:52 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/02/08 08:33:55 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2011/02/08 08:33:55 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/02/08 08:33:55 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2011/02/08 08:33:55 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 10:47:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/03 10:24:11 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3979482497-2800649904-4014859138-1007.job
[2011/05/03 10:24:11 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3979482497-2800649904-4014859138-1007.job
[2011/05/03 10:23:37 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/03 09:48:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/03 09:45:00 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/03 09:21:17 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/05/03 09:18:41 | 005,471,712 | ---- | C] () -- C:\Documents and Settings\Office\My Documents\Firefox 3.0.16 (en-US) - 2011-05-03.pcv
[2011/05/03 09:17:30 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2011/05/03 09:17:06 | 001,035,926 | ---- | C] () -- C:\Documents and Settings\Office\Desktop\MozBackup-1.5.1-EN.exe
[2011/05/03 08:42:28 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Office\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/05/03 08:42:28 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/04/29 13:28:51 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Office\Desktop\RKUnhookerLE.EXE
[2011/04/29 13:27:29 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Office\Desktop\MBR.dat
[2011/04/29 11:57:27 | 004,333,078 | R--- | C] () -- C:\Documents and Settings\Office\Desktop\ComboFix.exe
[2011/04/29 10:54:37 | 067,108,864 | ---- | C] () -- C:\Documents and Settings\Office\Desktop\xpud-0.9.2.iso
[2011/04/29 08:37:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/29 08:37:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/29 08:34:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/29 08:34:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/29 08:34:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/29 08:34:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/29 08:34:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/28 19:46:40 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Office\Desktop\erunt.zip
[2011/04/28 08:21:38 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Office\Desktop\gmer.zip
[2011/04/27 08:13:45 | 000,000,159 | ---- | C] () -- C:\WINDOWS\System32\81cde678-1b27-4763-9e22-49d8065c6453.4.lrf
[2011/04/26 20:12:20 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Office\Desktop\dds.scr
[2011/04/26 20:05:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Office\defogger_reenable
[2011/04/26 20:04:02 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Office\Desktop\Defogger.exe
[2011/04/26 18:33:15 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/04/26 18:33:15 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/04/26 18:33:14 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
[2011/04/26 18:04:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 16:05:09 | 000,036,916 | ---- | C] () -- C:\Documents and Settings\Office\My Documents\cc_20110426_160507.reg
[2011/04/22 10:16:57 | 000,036,015 | ---- | C] () -- C:\Documents and Settings\Office\Desktop\97668884_1thumb_550x410.jpg
[2011/04/13 11:11:36 | 000,182,785 | ---- | C] () -- C:\Documents and Settings\Office\Desktop\texas-football-cheerleader.jpg
[2011/04/11 19:21:59 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Office\My Documents\cc_20110411_192158.reg
[2011/03/31 10:17:07 | 000,039,176 | ---- | C] () -- C:\Documents and Settings\Office\My Documents\cc_20110331_101705.reg
[2011/03/28 09:25:50 | 481,143,404 | ---- | C] () -- C:\Program Files\Data1.cab
[2011/03/23 19:19:01 | 000,014,164 | ---- | C] () -- C:\Documents and Settings\Office\My Documents\cc_20110323_191859.reg
[2011/03/12 11:11:51 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UpdaterDVW58E.INI
[2011/03/12 11:08:55 | 000,516,448 | ---- | C] () -- C:\Documents and Settings\Office\My Documents\TEAC DV-W58 fw D0N.zip
[2011/03/12 10:38:42 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Burn CDs & DVDs with RecordNow!.lnk
[2011/02/25 19:37:39 | 000,710,474 | ---- | C] () -- C:\Documents and Settings\Office\My Documents\billboardtranscript.pdf
[2011/02/09 08:53:52 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/02/09 08:53:52 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2010/06/09 18:09:09 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/06/09 18:09:09 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/16 18:04:19 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/12/10 16:40:36 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/08 17:21:31 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/07/08 17:14:25 | 000,000,108 | ---- | C] () -- C:\WINDOWS\setscan.ini
[2008/07/08 17:00:50 | 000,115,326 | ---- | C] () -- C:\WINDOWS\hpgins25.dat
[2008/07/08 17:00:50 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl25.dat
[2008/07/04 13:06:37 | 000,015,047 | ---- | C] () -- C:\WINDOWS\HPSETUP.INI
[2007/06/09 16:46:37 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/06/09 16:46:37 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2007/02/05 13:40:09 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2005/12/04 10:59:30 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/05/28 11:36:01 | 000,118,784 | R--- | C] () -- C:\WINDOWS\MakeToddReg.exe
[2005/05/28 11:35:07 | 000,000,082 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/03/11 16:23:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2004/08/30 12:50:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/28 18:27:08 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Office\Local Settings\Application Data\fusioncache.dat
[2004/08/05 12:23:29 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Office\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 02:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\spdwnwxp.exe
[2004/05/16 11:17:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\mcrtl32(2).dll
[2004/03/29 12:36:42 | 000,000,755 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2004/03/29 12:36:41 | 000,013,303 | ---- | C] () -- C:\WINDOWS\123R5.INI
[2004/03/29 12:36:41 | 000,000,478 | ---- | C] () -- C:\WINDOWS\LODBF04.INI
[2004/03/02 16:10:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/03/02 15:53:50 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2004/03/01 20:41:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/02/24 15:50:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/24 15:47:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/24 15:44:40 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/02/24 15:42:13 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2004/02/24 15:42:13 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2004/02/24 15:39:26 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/02/24 15:36:22 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/02/24 15:36:21 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/02/24 15:36:03 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2004/02/24 15:36:03 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2004/02/24 15:36:03 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004/02/24 15:36:03 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2004/02/24 15:36:03 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2004/02/24 15:36:03 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/02/24 15:36:03 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2004/02/24 15:36:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2004/02/24 15:36:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2004/02/24 15:36:03 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/02/24 15:36:03 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/02/24 15:36:03 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/02/24 15:36:01 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2004/02/24 15:35:58 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2004/02/24 15:35:32 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/02/24 15:34:19 | 000,001,361 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/24 15:24:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/02/24 15:23:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/24 15:23:00 | 000,451,940 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/02/24 15:23:00 | 000,074,642 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/02/24 15:22:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/24 15:08:52 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/16 16:50:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/14 02:13:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 14:42:36 | 000,157,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 14:35:18 | 000,004,298 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 14:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1980/01/01 01:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 01:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/01/12 14:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CardScan
[2010/06/09 17:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D-Link Toolbar
[2008/07/13 18:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2004/03/02 15:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/08/24 14:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/03/24 15:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2011/03/28 09:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/01/12 15:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/07/11 15:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/03/24 15:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007/12/26 14:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/16 18:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/26 18:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/04/26 18:32:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/05/03 10:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/09 18:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}(2)
[2009/09/29 07:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 10:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/11 13:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/05/04 07:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/09/02 09:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\BitZipper
[2009/01/12 15:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\CardScan
[2008/12/14 10:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/03 08:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Foxit Software
[2010/07/06 14:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Image Zone Express
[2008/07/13 18:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\ISIS Drivers
[2004/06/24 11:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Leadertech
[2008/07/13 17:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\NewSoft
[2009/08/24 14:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Nitro PDF
[2008/07/13 17:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Printer Info Cache
[2010/03/24 15:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Publish Providers
[2011/04/26 18:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Sammsoft
[2009/08/24 16:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Smart PDF Converter
[2010/03/24 15:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Sony
[2011/04/26 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\TuneUp Software
[2007/09/21 19:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Uniblue
[2007/11/29 13:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\Viewpoint
[2010/06/09 19:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Office\Application Data\VirtualStore
[2011/05/05 01:36:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/04 15:19:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2007/08/12 14:10:53 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/06/09 22:13:01 | 000,054,714 | ---- | M] () -- C:\aaw7boot.log
[2004/03/29 12:38:03 | 000,000,014 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/03/29 12:38:03 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.LTS
[2004/08/30 13:03:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/29 08:37:32 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 14:13:28 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/29 12:13:35 | 000,015,857 | ---- | M] () -- C:\ComboFix.txt
[2002/09/03 14:36:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/02/24 15:13:42 | 000,006,541 | RH-- | M] () -- C:\DELL.SDR
[2011/05/05 15:58:33 | 3220,230,144 | -HS- | M] () -- C:\hiberfil.sys
[2005/12/27 23:06:19 | 000,212,849 | ---- | M] () -- C:\HijackThis.zip
[2002/09/03 14:36:02 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/02/24 15:40:35 | 000,000,868 | -H-- | M] () -- C:\IPH.PH
[2004/03/02 15:59:52 | 000,000,005 | ---- | M] () -- C:\lcl.txt
[2002/09/03 14:36:02 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/30 12:57:41 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/11 18:57:00 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2011/05/05 15:58:32 | 3355,443,200 | -HS- | M] () -- C:\pagefile.sys
[2005/12/28 15:09:48 | 000,001,451 | ---- | M] () -- C:\smitfiles.txt
[2008/05/28 09:48:54 | 000,000,495 | ---- | M] () -- C:\stub.log
[2011/05/02 08:57:19 | 000,060,684 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_02.05.2011_08.54.58_log.txt
[2011/04/28 19:59:06 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_19.59.04_log.txt
[2011/04/28 19:59:25 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_19.59.23_log.txt
[2011/04/28 19:59:42 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_19.59.40_log.txt
[2011/04/28 20:00:20 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.00.04_log.txt
[2011/04/28 20:01:26 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.01.19_log.txt
[2011/04/28 20:02:05 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.02.03_log.txt
[2011/04/28 20:09:35 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.09.23_log.txt
[2011/04/28 20:11:38 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.11.37_log.txt
[2011/04/28 20:12:49 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.12.47_log.txt
[2011/04/28 20:13:04 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.12.58_log.txt
[2011/04/28 20:16:44 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.16.30_log.txt
[2011/04/28 20:17:29 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.17.22_log.txt
[2011/04/28 20:22:03 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.21.56_log.txt
[2011/04/28 20:22:32 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.22.25_log.txt
[2011/04/28 20:31:04 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.31.02_log.txt
[2011/04/28 20:41:09 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.41.06_log.txt
[2011/04/28 20:44:30 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_20.41.58_log.txt
[2011/04/28 21:03:07 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_21.02.54_log.txt
[2011/04/28 21:03:24 | 000,002,008 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_21.03.22_log.txt
[2010/04/29 16:48:13 | 000,001,166 | ---- | M] () -- C:\updatedatfix.log

< %USERPROFILE%\*.* >
[2009/04/09 23:00:09 | 000,208,022 | RH-- | M] () -- C:\Documents and Settings\Office\Backup Log
[2011/04/26 20:05:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Office\defogger_reenable
[2011/05/05 15:57:57 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Office\ntuser.dat
[2011/05/05 16:30:32 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Office\ntuser.dat.LOG
[2011/05/03 18:10:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Office\NTUSER.INI

< %USERPROFILE%\Application Data\*.* >
[2002/09/03 14:26:20 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Office\Application Data\DESKTOP.INI

< %USERPROFILE%\Local Settings\Application Data\*.* >
[2011/03/12 14:02:32 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Office\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/28 18:27:08 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Office\Local Settings\Application Data\fusioncache.dat
[2004/02/24 15:49:50 | 000,025,296 | ---- | M] () -- C:\Documents and Settings\Office\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

< %AllUsersProfile%\*.* >
[2004/03/01 19:43:32 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2007/04/13 04:00:39 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG

< %AllUsersProfile%\Application Data\*.* >
[2002/09/03 14:26:20 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2010/09/22 09:41:08 | 000,011,421 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

< %USERPROFILE%\AppData\*.* >

< %USERPROFILE%\My Documents\*.* >
[2011/02/25 19:37:39 | 000,710,474 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\billboardtranscript.pdf
[2010/06/09 09:38:47 | 000,118,388 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20100609_093835.reg
[2010/06/22 11:57:03 | 000,112,310 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20100622_115655.reg
[2010/07/06 11:04:37 | 000,010,770 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20100706_110432.reg
[2010/08/25 13:32:17 | 000,013,018 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20100825_133210.reg
[2010/09/13 10:46:05 | 000,019,412 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20100913_104600.reg
[2010/09/30 19:18:53 | 000,033,576 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20100930_191848.reg
[2010/10/18 09:37:33 | 000,010,202 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20101018_093729.reg
[2010/10/29 11:26:41 | 000,011,772 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20101029_112636.reg
[2010/11/22 13:57:58 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20101122_125754.reg
[2010/12/28 12:47:59 | 000,000,976 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20101228_114755.reg
[2011/01/28 10:20:31 | 000,012,880 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20110128_092026.reg
[2011/03/23 19:19:03 | 000,014,164 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20110323_191859.reg
[2011/03/31 10:17:10 | 000,039,176 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20110331_101705.reg
[2011/04/11 19:22:01 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20110411_192158.reg
[2011/04/26 16:05:12 | 000,036,916 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\cc_20110426_160507.reg
[2009/03/16 11:20:19 | 012,769,686 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\Contacts Backup file.CBK
[2011/04/21 10:04:35 | 017,892,864 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\Contacts.cdb
[2011/04/12 08:43:24 | 000,000,077 | -HS- | M] () -- C:\Documents and Settings\Office\My Documents\desktop.ini
[2011/05/03 09:18:44 | 005,471,712 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\Firefox 3.0.16 (en-US) - 2011-05-03.pcv
[2011/01/24 18:57:21 | 000,057,289 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\New Labels.VLB
[2011/04/19 10:34:13 | 000,058,802 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\New Labels.vls
[2011/01/15 11:58:00 | 000,051,382 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\Rental Agreement Craig.pdf
[2011/01/15 16:18:38 | 000,020,007 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\Rental Contract- Keystone, Colorado.rtf
[2010/12/15 10:44:39 | 000,450,427 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\Southside Bank Appraisal Indemnity letter.pdf
[2011/03/12 11:09:48 | 000,516,448 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\TEAC DV-W58 fw D0N.zip
[2011/04/04 14:42:51 | 000,119,131 | ---- | M] () -- C:\Documents and Settings\Office\My Documents\Thrasher Lane Joint Venture Agreement 8 04-04-2011.docx

< %systemroot%\system32\*.dll /lockedfiles >
[2011/02/17 14:00:27 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2011/02/17 14:00:27 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[2011/02/17 14:00:28 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iepeers.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
[2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2002/08/29 06:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\SYSTEM32\DRIVERS\volsnap.sys
[2002/08/29 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=6FDC9523EF81617CF5028F47FCAF0FBE -- C:\I386\VOLSNAP.SYS

< MD5 for: WINLOGON.EXE >
[2002/08/29 06:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< >

< >

< End of report >

#23 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 05 May 2011 - 06:03 PM

Hi jaguar1,

Nicely done !

I have some final words for you.

All Clean :thumbsup:

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean

STEP 1 CLEANUP

1. Uninstall Combofix

The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall

2. To remove all of the tools we used and the files and folders they created, please do the following:

Please reopen Posted Image

on your desktop.

In the upper right click CleanUp

Posted Image

This will delete OTL and will clean up after it.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

You can uninstall now - ESET Online Scanner v3 and ERUNT.

STEP 2 SECURITY ADVICES

Change all your passwords !

Since your computer was infected with a MBR rootkit for peace of mind, I would however advise you that all your passwords be changed immediately !! (just in case).

Keep your antivirus software turned on and up-to-date

Make sure your antivirus software is turned on and up-to-date.
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Note:
You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Install an AntiSpyware Program

An effective scanner that you already have is Malwarebytes Anti-Malware.

Other highly recommended AntiSpyware program is SuperAntiSpyware.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection.

You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Be sure to check for and download any definition updates prior to performing a scan.

Visit Microsoft's Windows Update Site Frequently

It is important that you visit Windows Update regularly.

This will ensure your computer has always the latest security updates available installed on your computer.

If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:

Foistware, And how to avoid it.

There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Use a Firewall

I noticed that you use Windows XP.

The Windows Firewall in Windows XP provides one-way network protection only.

It blocks incoming traffic as configured, but it will not block any outgoing traffic.

Firewall with outgoing protection may warn you about malware file wishing access.

That's why I recommend you to install a 3rd party firewall like PCtools Firewall. (only if you don't use a router !!!).

It's very light and simple to use.

Simply using it in its default configuration can increase the security of your system greatly.

For more information => please take a look here => http://www.pctools.com/firewall/

However it can be a bit complicated if you are newbie in firewall configuration...if you encounter any troubles with PC Tools Firewall, please uninstall it and stick with Windows Firewall.

Another great alternatives are: (they includes powerful HIPS functions as well).

Online Armor Firewall 5.0.0.1097
Outpost Security Suite Free 7.1.1
Privatefirewall 7.0.23.4

Don't use pirated software !!!

Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems.

So my advice is - stay away from them!

Create an image of your system

It is always a good idea to do a backup of all important files just in case something happens it.

Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.

The download link is here => http://www.macrium.com/reflectfree.asp

The tutorials can be found here => http://www.macrium.com/tutorial.asp

Be sure to read the tutorial first. :thumbup2:

Follow this list and your potential for being infected again will reduce dramatically.

STEP 3 IMPROVE YOUR PC PERFORMANCE

Use Disk Cleanup to delete files you no longer need and reclaim storage space on your computer.

Open Disk Cleanup by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.

If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.

Click the Disk Cleanup tab, and then select the check boxes for the files you want to delete.

When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.

You can use Disk Defragmenter to rearrange files and unused space on your hard disk so that programs run faster

Please Open Disk Defragmenter by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Defragmenter

Select the drive you want to Defragment (the drive where Windows is installed).

Click Defragment Now.

Use MSConfig to disable any processes that you do not want running in the background of the computer.

Please type msconfig in the start menu, then hit enter.

Go to the startup tab and then uncheck any programs that you don't need to load with Windows.

Click the "Apply" button and click "OK" to close the MSCONFIG window.

Restart your computer to save the changes you made to the Startup.

You might have a popup window when you log on. This is typical. Just click ok. You can also make the popup window not come up anymore by checking the box there.

The programs you removed will no longer automatically launch once Windows starts up.

Safe Surfing ! ;)

Regards,
Georgi

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#24 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 09 May 2011 - 10:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!