Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects - HJT log


  • This topic is locked This topic is locked
3 replies to this topic

#1 EdgeVetto

EdgeVetto

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 11 May 2009 - 04:14 PM

I can't open any google search links without being redirected to ad sites. I had a bunch of popups and other things, but spybot and some registry editing stopped them. I can't get rid of the redirects myself though. Can/should I use the combo fix like the earlier poster(s)?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:42 PM, on 5/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\ld08.exe
C:\windows\pp06.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\WINDOWS\system32\SYS32DLL.exe
C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\921448182.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\bndmss.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Gizmo\gservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\SYS32DLL.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {c2ba40a1-74f3-42bd-f434-12345a2c8953} - (no file)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld08.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp06.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [E-MU USB Audio Control Panel] "C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
O4 - HKCU\..\Run: [A00F13A1430A.exe] C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\_A00F13A1430A.exe
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKCU\..\Run: [A00F13A7969B.exe] C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\_A00F13A7969B.exe
O4 - HKCU\..\Run: [A00F14583EF9.exe] C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\_A00F14583EF9.exe
O4 - HKCU\..\Run: [A00F145AF213.exe] C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\_A00F145AF213.exe
O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-8883663883-4266415340-451257987-3218\service.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\921448182.exe
O4 - HKCU\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3216738872.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{92917716-996F-4F67-91EF-843B3A40CE30}: NameServer = 192.168.1.1
O20 - Winlogon Notify: __c00cd3d6 - C:\WINDOWS\system32\__c00CD3D6.dat (file missing)
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Network Data Management System Service (bndmss) - Unknown owner - C:\WINDOWS\system32\bndmss.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\WINDOWS\system32\emaudsv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 6412 bytes

I did some editing/deleting/restoring earlier, so it may be that the log file is kind of screwed up.

BC AdBot (Login to Remove)

 


#2 EdgeVetto

EdgeVetto
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 11 May 2009 - 04:26 PM

Ok, I noticed you were asking for people's OTListIt2 reports. Here's mine. Slight update: one popup came up after almost 3 hours of not having them.

OTListIt logfile created on: 5/11/2009 5:22:38 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\John Doe\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.89 Gb Available in Paging File | 97.32% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 20.32 Gb Free Space | 8.72% Space Free | Partition Type: NTFS
Drive D: | 57.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NONYA
Current User Name: John Doe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/01/03 13:43:36 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/01/03 13:43:36 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/05/20 10:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/07/17 12:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
PRC - [2008/06/10 05:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2009/05/10 23:59:13 | 00,015,872 | -H-- | M] () -- C:\windows\ld08.exe
PRC - [2009/05/10 20:39:28 | 00,011,776 | -H-- | M] () -- C:\windows\pp06.exe
PRC - [2008/12/29 02:25:51 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2007/11/26 16:03:12 | 00,274,432 | ---- | M] (E-MU Systems) -- C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
PRC - [2009/05/10 20:39:27 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\SYS32DLL.exe
PRC - [2009/05/11 16:44:02 | 00,021,505 | ---- | M] () -- C:\Documents and Settings\John Doe\Local Settings\Temp\921448182.exe
PRC - [2007/07/17 12:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2008/09/30 18:46:12 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/09/30 18:46:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2007/03/21 14:42:38 | 00,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2009/05/10 20:45:59 | 00,030,720 | ---- | M] () -- C:\WINDOWS\system32\bndmss.exe
PRC - [2007/11/26 16:10:08 | 00,020,992 | ---- | M] (E-MU Systems) -- C:\WINDOWS\system32\emaudsv.exe
PRC - [2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/12/24 22:34:36 | 00,028,272 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2004/08/04 00:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/08/04 00:56:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/05/10 20:39:27 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\SYS32DLL.exe
PRC - [2008/11/29 06:59:40 | 01,252,352 | ---- | M] () -- C:\Program Files\foobar2000\foobar2000.exe
PRC - [2008/06/10 05:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2009/05/02 03:36:09 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/11 16:36:38 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2009/05/11 17:21:55 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Doe\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/03/21 14:42:38 | 00,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe -- (acs [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/01/03 13:43:36 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/05/10 20:45:59 | 00,030,720 | ---- | M] () -- C:\WINDOWS\system32\bndmss.exe -- (bndmss [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/11/26 16:10:08 | 00,020,992 | ---- | M] (E-MU Systems) -- C:\WINDOWS\system32\emaudsv.exe -- (emaudsv [Auto | Running])
SRV - [2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2009/05/04 13:09:06 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/12/24 22:34:36 | 00,028,272 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/08/03 20:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/06/20 12:56:48 | 00,178,688 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2006/08/07 08:57:30 | 00,093,952 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\AEAudio.sys -- (AEAudioService [On_Demand | Running])
DRV - [2008/01/03 14:32:52 | 02,782,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/05/02 12:34:32 | 00,161,792 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2007/11/26 16:14:54 | 00,163,352 | ---- | M] (E-MU Systems) -- C:\WINDOWS\system32\DRIVERS\emusba10.sys -- (emusba10 [On_Demand | Running])
DRV - [2008/12/24 22:34:38 | 00,023,624 | ---- | M] (Arainia Solutions LLC) -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv [System | Running])
DRV - [2008/12/29 02:18:46 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2005/01/07 18:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/06/26 07:15:34 | 03,630,080 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw5x32.sys -- (NETw5x32 [On_Demand | Running])
DRV - [2008/06/01 03:13:10 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (npf [Auto | Running])
DRV - [2004/08/03 19:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])
DRV - [2004/08/06 20:17:44 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/18 16:48:50 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2004/07/17 11:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/07/25 11:04:08 | 00,048,640 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2009/02/28 15:51:52 | 00,716,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/10/24 12:47:26 | 00,023,288 | ---- | M] (SIA Syncrosoft) -- C:\WINDOWS\system32\drivers\SynasUSB.sys -- (SynasUSB [On_Demand | Stopped])
DRV - [2008/09/08 14:04:46 | 00,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd [Boot | Running])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/08/10 10:48:28 | 00,329,072 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6 [On_Demand | Running])
DRV - [2007/07/03 19:46:24 | 00,057,344 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\wsimd.sys -- (WSIMD [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/07 04:14:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/07 04:14:18 | 00,000,000 | ---D | M]

[2008/12/19 21:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Doe\Application Data\mozilla\Extensions
[2008/12/19 21:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Doe\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/11 05:02:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Doe\Application Data\mozilla\Firefox\Profiles\o78rh3v2.default\extensions
[2008/12/20 15:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Doe\Application Data\mozilla\Firefox\Profiles\o78rh3v2.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/13 01:46:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Doe\Application Data\mozilla\Firefox\Profiles\o78rh3v2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/19 03:01:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Doe\Application Data\mozilla\Firefox\Profiles\o78rh3v2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/12/20 03:57:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Doe\Application Data\mozilla\Firefox\Profiles\o78rh3v2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/05/11 05:02:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/02 03:36:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/21 20:35:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/02 03:36:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/02 03:36:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305250 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10535 more lines...
O2 - BHO: (no name) - {c2ba40a1-74f3-42bd-f434-12345a2c8953} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [pp] C:\windows\pp06.exe ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [sysldtray] C:\windows\ld08.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-8883663883-4266415340-451257987-3218\service.exe File not found
O4 - HKCU..\Run: [A00F13A1430A.exe] C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\_A00F13A1430A.exe File not found
O4 - HKCU..\Run: [A00F13A7969B.exe] C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\_A00F13A7969B.exe File not found
O4 - HKCU..\Run: [A00F14583EF9.exe] C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\_A00F14583EF9.exe File not found
O4 - HKCU..\Run: [A00F145AF213.exe] C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\_A00F145AF213.exe File not found
O4 - HKCU..\Run: [Diagnostic Manager] C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\921448182.exe ()
O4 - HKCU..\Run: [E-MU USB Audio Control Panel] "C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe" (E-MU Systems)
O4 - HKCU..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images ()
O4 - HKCU..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (Valve Corporation)
O4 - HKCU..\Run: [SYS32DLL] SYS32DLL ()
O4 - Startup: C:\Documents and Settings\John Doe\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{92917716-996F-4F67-91EF-843B3A40CE30}\\NameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c00cd3d6: DllName - C:\WINDOWS\system32\__c00CD3D6.dat - C:\WINDOWS\system32\__c00CD3D6.dat File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O22 - SharedTaskScheduler: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - sdfsefsfdvdubgiungfuyd - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/19 20:16:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/05/26 07:42:00 | 00,000,283 | RH-- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2005/05/26 07:42:00 | 00,385,024 | RH-- | M] (Typhoon Software) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/05/26 07:42:00 | 00,000,045 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/05/26 07:42:00 | 00,806,912 | RH-- | M] () - D:\AutoRunV.dll -- [ CDFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/11 17:21:55 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Doe\Desktop\OTListIt2.exe
[2009/05/11 17:06:51 | 03,020,851 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\ComboFix.exe
[2009/05/11 16:36:38 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\HijackThis.lnk
[2009/05/11 16:36:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/11 16:30:48 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\John Doe\Desktop\HJTInstall.exe
[2009/05/11 14:54:35 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\t55ft2692f44.dat
[2009/05/11 14:54:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\199638
[2009/05/11 11:19:21 | 00,000,188 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/05/11 07:56:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/11 07:56:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/05/11 07:54:54 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\John Doe\Desktop\spybotsd162.exe
[2009/05/11 00:02:05 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fubbabp
[2009/05/11 00:01:56 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c00108C3.dat
[2009/05/11 00:00:38 | 02,686,976 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\install_adobe_flash_player_v10.0.22.89(2).exe
[2009/05/10 23:59:05 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\afdvudi
[2009/05/10 23:58:58 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c00C4E7C.dat
[2009/05/10 20:46:23 | 00,081,920 | ---- | C] () -- C:\vfmf.exe
[2009/05/10 20:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Doe\Desktop\Guitar_Rig_3_Crack
[2009/05/10 20:46:07 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ruldf
[2009/05/10 20:46:04 | 00,113,664 | ---- | C] () -- C:\prylxoqb.exe
[2009/05/10 20:46:02 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c0047652.dat
[2009/05/10 20:46:01 | 00,037,376 | ---- | C] () -- C:\ijvr.exe
[2009/05/10 20:45:59 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\bndmss.exe
[2009/05/10 20:40:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mqcd.dbt
[2009/05/10 20:40:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Adobe Flash Player
[2009/05/10 20:40:16 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Flash Player
[2009/05/10 20:39:40 | 00,084,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\47a6f6bc.sys
[2009/05/10 20:39:28 | 00,011,776 | -H-- | C] () -- C:\WINDOWS\pp06.exe
[2009/05/10 20:39:28 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/05/10 20:39:27 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\SYS32DLL.exe
[2009/05/10 20:39:20 | 00,015,872 | -H-- | C] () -- C:\WINDOWS\ld08.exe
[2009/05/10 20:39:19 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\inqby.sr
[2009/05/10 20:39:18 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\ferryl.cbv
[2009/05/10 20:39:18 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\fairy.an
[2009/05/10 20:39:17 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\ashl.nq
[2009/05/10 20:39:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\dolman.zt
[2009/05/10 20:39:15 | 00,081,920 | ---- | C] () -- C:\jynlvyg.exe
[2009/05/10 20:39:12 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\nvrsk.dll
[2009/05/10 20:39:12 | 00,000,002 | ---- | C] () -- C:\1690363874
[2009/05/10 20:39:10 | 00,113,664 | ---- | C] () -- C:\WINDOWS\System32\azton.mt
[2009/05/10 20:39:09 | 00,113,664 | ---- | C] () -- C:\ubhbfya.exe
[2009/05/10 20:39:08 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\jkshfuiehi.dll
[2009/05/10 20:39:06 | 00,037,376 | ---- | C] () -- C:\wikwqw.exe
[2009/05/10 20:36:17 | 02,686,976 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\install_adobe_flash_player_v10.0.22.89.exe
[2009/05/10 20:33:06 | 23,353,770 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\Guitar_Rig_3_Crack.rar
[2009/05/08 03:18:38 | 00,032,208 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\n21603954_30849355_794.jpg
[2009/05/08 02:37:56 | 00,065,538 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\photo.php
[2009/05/08 02:36:21 | 00,005,498 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\PIC-0117.jpg
[2009/05/07 04:14:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Doe\My Documents\Reaktor 5
[2009/05/07 04:09:46 | 01,870,336 | ---- | C] (Native Instruments Software Synthesis GmbH) -- C:\WINDOWS\System32\bconvert.dll
[2009/05/07 04:08:42 | 00,393,216 | ---- | C] (Native Instruments Software GmbH) -- C:\WINDOWS\System32\NI_IRC_1_2.dll
[2009/05/07 04:08:42 | 00,061,440 | ---- | C] (Native Instruments Software GmbH) -- C:\WINDOWS\System32\NI_DFD_1_5.dll
[2009/05/07 03:30:49 | 01,386,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvbvm60.dll
[2009/05/07 03:30:49 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaaut.dll
[2009/05/07 03:30:49 | 00,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2009/05/07 03:30:49 | 00,102,400 | ---- | C] (DinkIT Limited) -- C:\WINDOWS\System32\DinkITXPUIMenus.ocx
[2009/05/07 03:30:49 | 00,065,536 | ---- | C] (Ethernety) -- C:\WINDOWS\System32\EnhSliderOcx.ocx
[2009/05/07 03:30:49 | 00,064,000 | ---- | C] () -- C:\WINDOWS\System32\wiaaut.oca
[2009/05/04 13:09:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/05/04 13:09:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/05/04 13:08:52 | 00,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2009/05/04 13:08:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/05/03 15:38:08 | 13,757,2496 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\John Doe\Desktop\zunesetuppkg-x86.exe
[2009/05/03 15:37:05 | 00,004,820 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\legitcheck.hta
[2009/05/03 15:36:39 | 00,897,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\John Doe\Desktop\WGAPluginInstall.exe
[2009/05/03 15:36:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/03 15:33:39 | 25,740,144 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\John Doe\Desktop\wmp11-windowsxp-x86-enu.exe
[2009/05/03 01:55:48 | 00,041,026 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\n10911803_33578931_2171.jpg
[2009/05/02 03:55:32 | 16,742,799 | ---- | C] () -- C:\Documents and Settings\John Doe\My Documents\vlc-0.9.9-win32.exe
[2009/05/01 22:39:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Doe\Desktop\Kings of Leon
[2009/05/01 01:01:13 | 02,304,652 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\HeavyLean.mp3
[2009/05/01 01:01:05 | 02,880,600 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\Destructionalone.mp3
[2009/05/01 01:00:56 | 03,328,652 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\BlasterWound.mp3
[2009/04/25 23:05:49 | 06,150,377 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\05 - Wes Montgomery - Up And At It.mp3
[2009/04/25 00:57:51 | 05,539,203 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\02 In The Grit.mp3
[2009/04/25 00:51:08 | 05,256,419 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\03-engineer-greenhorn.mp3
[2009/04/24 14:19:44 | 00,080,896 | ---- | C] () -- C:\Documents and Settings\John Doe\My Documents\DSP matlab project.doc
[2009/04/24 14:16:46 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\John Doe\My Documents\DSP problem 8_43.doc
[2009/04/24 13:28:10 | 00,038,330 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\prob8_43.pdf
[2009/04/23 16:09:48 | 00,069,036 | ---- | C] () -- C:\Documents and Settings\John Doe\My Documents\DSP matlab project.odt
[2009/04/22 22:20:55 | 00,000,299 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\matlabproject.asv
[2009/04/22 17:56:39 | 00,038,220 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\filtered ekg.fig
[2009/04/22 17:54:12 | 00,000,299 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\matlabproject.m
[2009/04/22 16:36:59 | 00,029,000 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\input.mat
[2009/04/15 22:47:23 | 00,096,348 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\mail.google.com
[2009/04/15 22:44:36 | 00,000,000 | ---D | C] -- C:\Program Files\pidgin-otr
[2009/04/15 22:42:46 | 01,327,342 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\pidgin-otr-3.2.0-1.exe
[2009/04/15 18:05:26 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/14 22:05:08 | 00,000,945 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hex Workshop Hex Editor.lnk
[2009/04/14 22:05:07 | 00,000,000 | ---D | C] -- C:\Program Files\BreakPoint Software
[2009/04/14 21:59:56 | 10,648,816 | ---- | C] (BreakPoint Software) -- C:\Documents and Settings\John Doe\Desktop\hw32v601.exe
[2009/04/14 21:40:49 | 00,110,600 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\20 Ghosts _n_ Goblins - Intro.mp3
[2009/04/14 21:38:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Doe\Application Data\JGsoft
[2009/04/14 21:37:55 | 00,000,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EditPad Pro.lnk
[2009/04/14 21:37:54 | 00,067,208 | ---- | C] (JGsoft - Just Great Software) -- C:\WINDOWS\UnDeploy.exe
[2009/04/14 21:37:54 | 00,000,000 | ---D | C] -- C:\Program Files\JGsoft
[2009/04/14 21:31:38 | 00,001,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hex Editor Neo.lnk
[2009/04/14 21:31:37 | 00,000,000 | ---D | C] -- C:\Program Files\HHD Software
[2009/04/14 21:29:03 | 06,275,096 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\SetupEditPadProDemo.exe
[2009/04/14 21:27:13 | 07,918,768 | ---- | C] (HHD Software Ltd.) -- C:\Documents and Settings\John Doe\Desktop\free-hex-editor-neo.exe
[2009/04/14 21:00:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Doe\Desktop\Downloads
[2009/04/14 20:57:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Doe\Application Data\GetRightToGo
[2009/04/14 20:57:11 | 00,366,144 | ---- | C] (Digital River, Inc.) -- C:\Documents and Settings\John Doe\Desktop\Download_3GPVideoConverter.exe
[2009/04/14 00:15:06 | 01,632,596 | ---- | C] () -- C:\Documents and Settings\John Doe\Desktop\Whats best.mp3
[2009/04/13 00:39:23 | 00,479,196 | ---- | C] () -- C:\Documents and Settings\John Doe\My Documents\favories.fpl
[2009/02/28 15:51:51 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/16 13:04:05 | 00,000,080 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/01/28 19:36:18 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC.dll
[2009/01/28 13:05:24 | 00,001,066 | ---- | C] () -- C:\WINDOWS\mcutools.ini
[2009/01/28 12:54:54 | 00,000,018 | -HS- | C] () -- C:\WINDOWS\WINPROD.DLL
[2008/12/19 21:50:49 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/12/19 21:50:49 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/06/01 03:13:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/11/26 16:10:10 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\emcoinst.dll
[2005/03/11 18:36:40 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\tbdml.dll
[2005/03/09 20:50:20 | 00,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2005/02/19 21:56:14 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\tdfileman.dll
[2004/08/06 20:18:16 | 00,000,498 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/06 20:18:03 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 00:56:44 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 11:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/05/12 21:56:36 | 00,634,880 | ---- | C] () -- C:\WINDOWS\System32\pemicro_serialcm2.dll
[2000/08/03 15:25:12 | 00,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\pedrv.sys
[1998/10/02 11:20:46 | 00,005,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\vichw11.sys
[1996/05/29 18:20:04 | 00,035,072 | ---- | C] () -- C:\WINDOWS\System32\SENDKEY.DLL
[1996/04/03 23:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\GIVEIO.SYS

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/11 17:25:03 | 00,084,988 | ---- | M] () -- C:\WINDOWS\System32\drivers\47a6f6bc.sys
[2009/05/11 17:21:55 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Doe\Desktop\OTListIt2.exe
[2009/05/11 17:06:56 | 03,020,851 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\ComboFix.exe
[2009/05/11 16:51:31 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\John Doe\Local Settings\desktop.ini
[2009/05/11 16:51:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/11 16:51:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 16:36:38 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\HijackThis.lnk
[2009/05/11 16:31:11 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\John Doe\Desktop\HJTInstall.exe
[2009/05/11 14:54:35 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\t55ft2692f44.dat
[2009/05/11 14:51:25 | 00,305,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/11 13:39:22 | 00,028,672 | ---- | M] () -- C:\WINDOWS\System32\inqby.sr
[2009/05/11 13:39:21 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\ferryl.cbv
[2009/05/11 13:39:20 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\fairy.an
[2009/05/11 13:39:20 | 00,028,672 | ---- | M] () -- C:\WINDOWS\System32\dolman.zt
[2009/05/11 13:39:19 | 00,079,360 | ---- | M] () -- C:\WINDOWS\System32\ashl.nq
[2009/05/11 13:36:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/11 11:19:22 | 00,000,188 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/11 11:17:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090511-145125.backup
[2009/05/11 07:55:22 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\John Doe\Desktop\spybotsd162.exe
[2009/05/11 00:02:16 | 00,081,920 | ---- | M] () -- C:\jynlvyg.exe
[2009/05/11 00:02:10 | 00,000,002 | ---- | M] () -- C:\1690363874
[2009/05/11 00:01:56 | 00,037,376 | ---- | M] () -- C:\wikwqw.exe
[2009/05/11 00:00:38 | 02,686,976 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\install_adobe_flash_player_v10.0.22.89(2).exe
[2009/05/10 23:59:13 | 00,015,872 | -H-- | M] () -- C:\WINDOWS\ld08.exe
[2009/05/10 23:59:10 | 00,081,920 | ---- | M] () -- C:\vfmf.exe
[2009/05/10 23:59:03 | 00,113,664 | ---- | M] () -- C:\prylxoqb.exe
[2009/05/10 23:58:58 | 00,037,376 | ---- | M] () -- C:\ijvr.exe
[2009/05/10 20:45:59 | 00,030,720 | ---- | M] () -- C:\WINDOWS\System32\bndmss.exe
[2009/05/10 20:45:28 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/05/10 20:45:28 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/05/10 20:40:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\mqcd.dbt
[2009/05/10 20:39:28 | 00,011,776 | -H-- | M] () -- C:\WINDOWS\pp06.exe
[2009/05/10 20:39:28 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/05/10 20:39:27 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\SYS32DLL.exe
[2009/05/10 20:39:12 | 00,577,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.DLL
[2009/05/10 20:39:12 | 00,577,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ruldf
[2009/05/10 20:39:12 | 00,577,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fubbabp
[2009/05/10 20:39:12 | 00,577,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/10 20:39:12 | 00,577,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\afdvudi
[2009/05/10 20:39:12 | 00,262,144 | ---- | M] () -- C:\WINDOWS\System32\nvrsk.dll
[2009/05/10 20:39:10 | 00,113,664 | ---- | M] () -- C:\WINDOWS\System32\azton.mt
[2009/05/10 20:39:10 | 00,113,664 | ---- | M] () -- C:\ubhbfya.exe
[2009/05/10 20:39:08 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\jkshfuiehi.dll
[2009/05/10 20:37:44 | 23,353,770 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\Guitar_Rig_3_Crack.rar
[2009/05/10 20:36:40 | 02,686,976 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\install_adobe_flash_player_v10.0.22.89.exe
[2009/05/10 18:36:11 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2009/05/10 18:36:11 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/05/10 18:36:11 | 00,000,080 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2009/05/08 03:18:39 | 00,032,208 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\n21603954_30849355_794.jpg
[2009/05/08 02:37:56 | 00,065,538 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\photo.php
[2009/05/08 02:36:23 | 00,005,498 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\PIC-0117.jpg
[2009/05/03 15:44:28 | 13,757,2496 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\John Doe\Desktop\zunesetuppkg-x86.exe
[2009/05/03 15:37:06 | 00,004,820 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\legitcheck.hta
[2009/05/03 15:36:40 | 00,897,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\John Doe\Desktop\WGAPluginInstall.exe
[2009/05/03 15:34:52 | 25,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\John Doe\Desktop\wmp11-windowsxp-x86-enu.exe
[2009/05/03 01:55:49 | 00,041,026 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\n10911803_33578931_2171.jpg
[2009/05/02 03:56:23 | 16,742,799 | ---- | M] () -- C:\Documents and Settings\John Doe\My Documents\vlc-0.9.9-win32.exe
[2009/05/01 01:01:22 | 02,304,652 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\HeavyLean.mp3
[2009/05/01 01:01:18 | 02,880,600 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\Destructionalone.mp3
[2009/05/01 01:01:12 | 03,328,652 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\BlasterWound.mp3
[2009/04/27 13:13:36 | 00,000,299 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\matlabproject.asv
[2009/04/25 23:44:57 | 00,000,299 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\matlabproject.m
[2009/04/25 23:06:44 | 06,150,377 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\05 - Wes Montgomery - Up And At It.mp3
[2009/04/25 00:58:30 | 05,539,203 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\02 In The Grit.mp3
[2009/04/25 00:51:47 | 05,256,419 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\03-engineer-greenhorn.mp3
[2009/04/24 14:19:47 | 00,080,896 | ---- | M] () -- C:\Documents and Settings\John Doe\My Documents\DSP matlab project.doc
[2009/04/24 14:16:48 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\John Doe\My Documents\DSP problem 8_43.doc
[2009/04/24 13:28:14 | 00,038,330 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\prob8_43.pdf
[2009/04/23 17:32:02 | 00,069,036 | ---- | M] () -- C:\Documents and Settings\John Doe\My Documents\DSP matlab project.odt
[2009/04/22 17:56:39 | 00,038,220 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\filtered ekg.fig
[2009/04/22 16:36:59 | 00,029,000 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\input.mat
[2009/04/15 22:47:23 | 00,096,348 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\mail.google.com
[2009/04/15 22:43:15 | 01,327,342 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\pidgin-otr-3.2.0-1.exe
[2009/04/15 18:05:26 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/14 22:05:08 | 00,000,945 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hex Workshop Hex Editor.lnk
[2009/04/14 22:04:26 | 10,648,816 | ---- | M] (BreakPoint Software) -- C:\Documents and Settings\John Doe\Desktop\hw32v601.exe
[2009/04/14 21:40:49 | 00,110,600 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\20 Ghosts _n_ Goblins - Intro.mp3
[2009/04/14 21:37:55 | 00,000,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EditPad Pro.lnk
[2009/04/14 21:31:38 | 00,001,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hex Editor Neo.lnk
[2009/04/14 21:31:27 | 06,275,096 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\SetupEditPadProDemo.exe
[2009/04/14 21:30:56 | 07,918,768 | ---- | M] (HHD Software Ltd.) -- C:\Documents and Settings\John Doe\Desktop\free-hex-editor-neo.exe
[2009/04/14 21:20:09 | 01,160,698 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\untitled.mp3
[2009/04/14 20:57:16 | 00,366,144 | ---- | M] (Digital River, Inc.) -- C:\Documents and Settings\John Doe\Desktop\Download_3GPVideoConverter.exe
[2009/04/14 00:15:30 | 01,632,596 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\Whats best.mp3
[2009/04/13 21:13:24 | 03,614,977 | ---- | M] () -- C:\Documents and Settings\John Doe\Desktop\theuntitledsong.mp3
[2009/04/13 00:39:23 | 00,479,196 | ---- | M] () -- C:\Documents and Settings\John Doe\My Documents\favories.fpl

========== Alternate Data Streams ==========

@Alternate Data Stream - 990 bytes -> C:\Documents and Settings\John Doe\Local Settings\Temp:hoDUH7ep5udmCxioeMkD6t
@Alternate Data Stream - 1131 bytes -> C:\Documents and Settings\John Doe\Local Settings\Application Data:BOp2qvpCrlP4uAQGwRULEs9
@Alternate Data Stream - 1129 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:OwmMF9xtW9owrRS8WiigpG16Q
@Alternate Data Stream - 1060 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ieCyeG4HcWwbIt2Sa60PcTd5
@Alternate Data Stream - 1022 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:JTvYLmJohyhACQnWB2RRp0v2fm
< End of report >

#3 EdgeVetto

EdgeVetto
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 11 May 2009 - 10:52 PM

Update:

I decided I didn't want to wait any longer, so I ran ComboFix. I got scared because in the middle of it my computer booted and BSOD'd twice, but then it started up fine and ComboFix finished. Everything works fine now, including my google search results. I don't know who made that software, but they're awesome. I know I'm not supposed to post my logs unless I'm asked to do it, so I won't. I wouldn't necessarily advise anyone to do what I did, but it did work for me.

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:21 PM

Posted 13 May 2009 - 03:40 PM

Thanks for informing us.

Good luck.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users