Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Keylogger!


  • This topic is locked This topic is locked
10 replies to this topic

#1 Chris25

Chris25

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 23 November 2009 - 09:28 PM

Hello all,
I'm currently infected with a Keylogger which is tracking everything I type and posting it to a log file (logdll.txt) located in Temp folder inside Documents & Settings folder. This is of huge concern to me as I'm worried about getting various accounts hacked into.

I have tried everything in my (limited) knowledge to find out what's creating this log and to remove the cause but I have failed. I've tried 3 (on my 4th) anti-virus. Ran NOD32 scans, AVG scans, Avast scans and currently working on running Kaspersky scans and none (so far) have detected/fixed my main problem.
When I opened the log file to browse its content I got a message from the Microsoft.net Framework that was accessing the file, so I removed Frameworks 1, 2 and 3 from my computer via add/remove programs. This stopped the log from being created (although likely caused some other problems for my PC), but I had to reinstall them as I need programs for my University work.

My PC has some major problems aside from this Keylogger which I am sure you will be able to detect from the log files I will post. I am also new to these programs and how to use them, so advice is welcome. Below is the log from Hijackthis and attached are the results from RootRepeal (I tried to install/run dds.scr but got an error 'Access Denied' every time, and yes I tried disabling anti-virus and I am administrator... but I guess I am also a noob):


HIJACKTHIS LOG:::
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:06 AM, on 24/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21115)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Colonel Sanders\My Documents\System\msascui.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Colonel Sanders\Desktop\RootRepeal.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FG2CatchUrl - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [?.?] C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ARC] C:\Documents and Settings\Colonel Sanders\My Documents\System\msascui.exe
O4 - HKCU\..\Run: [?.?] C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - D:\Games\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: pcaplsp.dll
O10 - Unknown file in Winsock LSP: pcaplsp.dll
O10 - Unknown file in Winsock LSP: pcaplsp.dll
O10 - Unknown file in Winsock LSP: pcaplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: pcaplsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8915 bytes

Attached Files

  • Attached File  ark.txt   54.87KB   12 downloads

Edited by Chris25, 23 November 2009 - 10:02 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:12 PM

Posted 24 November 2009 - 08:19 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Chris25

Chris25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 24 November 2009 - 06:05 PM

Hi Sam! Thanks a lot for the reply! This is the earliest I had managed to run the scans due to my university, but I should be able to reply earlier tomorrow.

Anyways, here are the results:

MBAM LOG:::

Malwarebytes' Anti-Malware 1.41
Database version: 3223
Windows 5.1.2600 Service Pack 3

24/11/2009 10:34:32 PM
mbam-log-2009-11-24 (22-34-32).txt

Scan type: Quick Scan
Objects scanned: 110490
Time elapsed: 12 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Colonel Sanders\Desktop\SpywareCease_Setup.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully.



---

OTL REPORT:::
(attached)

---

I would also like to add that I have been getting extremely slow load times at startup (ie. takes sometimes ~5 minutes before my desktop responds to anything I try and do). Also, my Kasper scan completed and found nothing of interest. And also the logdll.txt file is still there after being deleted. It was recreated upon reboot.


OTL logfile created on: 24/11/2009 10:55:51 PM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Colonel Sanders\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.32% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.07 Gb Total Space | 3.04 Gb Free Space | 15.93% Space Free | Partition Type: NTFS
Drive D: | 148.81 Gb Total Space | 20.33 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 204.54 Gb Free Space | 87.83% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KFC
Current User Name: Colonel Sanders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/24 22:45:34 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\OTL.exe
PRC - [2009/11/24 13:02:07 | 01,659,392 | ---- | M] (Curse) -- C:\Documents and Settings\Colonel Sanders\Local Settings\Apps\2.0\7QLB1NM8.3BJ\RYKAW6RL.L1L\curs..tion_eee711038731a406_0004.0000_10385b9745e33e88\CurseClient.exe
PRC - [2009/11/08 01:30:33 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/24 15:36:26 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/10/12 23:35:30 | 00,094,720 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\My Documents\System\msascui.exe
PRC - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/09/30 09:12:14 | 00,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/09/30 09:12:10 | 00,273,664 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/09/02 14:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:27:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/07/10 01:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 00:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/11/24 22:45:34 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\OTL.exe
MOD - [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 00:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (StarWindServiceAE)
SRV - File not found -- -- (mi-raysat_3dsMax2009_32)
SRV - File not found -- -- (IPClampService)
SRV - File not found -- -- (ekrn)
SRV - File not found -- -- (EhttpSrv)
SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/30 09:12:14 | 00,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/16 03:15:52 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/05/15 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/03/31 08:44:48 | 00,047,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2009/03/30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 02:23:32 | 00,254,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 02:23:24 | 00,366,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/10 01:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/07/02 07:08:24 | 00,354,560 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/04/26 16:50:12 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 00:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/04/04 13:51:32 | 00,028,416 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/03/10 18:47:10 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/12 15:10:26 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/01/04 14:46:25 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/11/07 07:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- E:\Apps\Microsoft Visual Studio 2008\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/08/04 09:10:15 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/07/27 09:41:38 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\S-1-5-21-789336058-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\S-1-5-21-789336058-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50ie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/|http://www.guildportal.com/Guild.aspx?GuildID=108397&TabID=926557"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.7.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07061050
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/02 18:15:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/23 03:00:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 01:30:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/08 01:30:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2008/07/02 07:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Extensions
[2008/07/02 07:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/24 15:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions
[2009/09/27 13:18:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/17 15:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/07/20 20:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/11/19 17:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2007/10/20 20:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\moveplayer@movenetworks.com
[2009/11/17 16:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\yyginstantplay@yoyogames.com
[2008/04/29 19:23:17 | 00,001,010 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\aimsearch.gif
[2008/04/29 19:23:17 | 00,000,301 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\aimsearch.src
[2008/04/26 15:36:23 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\aimsearch.xml
[2009/10/09 10:28:44 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\daemon-search.xml
[2009/11/24 15:23:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/08 01:30:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/25 14:36:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/25 15:33:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/10/02 18:15:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/10/03 14:49:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/24 01:01:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/11/08 01:30:32 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/08 01:30:32 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/09/18 18:02:38 | 00,028,672 | ---- | M] (flashget) -- C:\Program Files\Mozilla Firefox\components\FlashgetXpi.dll
[2004/07/02 13:51:00 | 00,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
[2009/09/25 16:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2004/07/02 13:51:00 | 00,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
[2008/06/17 15:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/07/31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 16:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 16:41:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/11 20:14:46 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2007/08/15 19:15:12 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2009/11/08 01:30:35 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/10/14 20:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/01/03 12:58:53 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/04/04 13:15:23 | 01,212,416 | ---- | M] (cedelia) -- C:\Program Files\Mozilla Firefox\plugins\NPStreamPlug.dll
[2009/09/25 16:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/19 08:32:58 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/19 08:32:58 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/19 08:32:58 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/19 08:32:58 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/19 08:32:59 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/19 08:32:59 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/19 08:32:59 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/19 08:32:59 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (357700 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 12271 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-789336058-1220945662-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O4 - HKLM..\Run: [™.˜] C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-789336058-1220945662-725345543-1003..\Run: [™.˜] C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-789336058-1220945662-725345543-1003..\Run: [ARC] C:\Documents and Settings\Colonel Sanders\My Documents\System\msascui.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\Colonel Sanders\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\PartyPoker\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\PartyPoker\PartyPoker\RunApp.exe File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - D:\Games\Bodog Poker\BPGame.exe (Bodog)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O15 - HKLM\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-789336058-1220945662-725345543-1003\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.150.102.4 10.150.102.5
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/25 19:54:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0d8e071c-a5ed-11de-8ac0-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{0d8e071c-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d8e071c-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{0d8e071e-a5ed-11de-8ac0-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{0d8e071e-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d8e071e-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{41110d4f-ab95-11de-8acd-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{41110d4f-ab95-11de-8acd-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41110d4f-ab95-11de-8acd-00196622d7dd}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{884fb3dc-a575-11de-8abf-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{884fb3dc-a575-11de-8abf-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{884fb3dc-a575-11de-8abf-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{884fb3de-a575-11de-8abf-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{884fb3de-a575-11de-8abf-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{884fb3de-a575-11de-8abf-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (oodbs) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/09/19 23:19:49 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2009/11/24 22:45:30 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\OTL.exe
[2009/11/24 18:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Application Data\Malwarebytes
[2009/11/24 18:25:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/24 18:25:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/24 18:25:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/24 18:25:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/24 01:49:44 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Colonel Sanders\Desktop\mbam-setup.exe
[2009/11/24 01:40:04 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Colonel Sanders\Desktop\RootRepeal.exe
[2009/11/24 01:07:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/24 01:04:09 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Colonel Sanders\Desktop\HJTInstall.exe
[2009/11/24 00:59:34 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/11/24 00:59:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/11/24 00:59:03 | 00,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/11/24 00:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/11/24 00:52:49 | 69,672,872 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Colonel Sanders\Desktop\kav9.0.0.736en-uk.exe
[2009/11/24 00:41:14 | 02,600,960 | ---- | C] (Widestep Security Software) -- C:\Documents and Settings\Colonel Sanders\Desktop\wseak_setup.exe
[2009/11/20 13:20:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\UDO
[2009/11/19 22:37:59 | 00,000,000 | ---D | C] -- C:\Program Files\Your Freedom
[2009/11/19 17:21:25 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/11/19 17:21:25 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/11/19 17:21:25 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/11/19 17:20:17 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/11/19 17:20:08 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/11/19 17:20:08 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/11/19 17:19:56 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/11/19 17:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/11/19 17:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/11/19 17:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Application Data\PC Tools
[2009/11/19 17:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/11/19 17:17:37 | 33,828,016 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Colonel Sanders\Desktop\spyware-doctor.exe
[2009/11/19 17:08:33 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 17:08:28 | 01,839,984 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Colonel Sanders\Desktop\HousecallLauncher.exe
[2009/11/19 17:04:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Application Data\QuickScan
[2009/11/19 15:03:48 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/19 14:18:43 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Colonel Sanders\Desktop\spybotsd162.exe
[2009/11/18 15:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\tankexample
[2009/11/17 16:48:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\My Documents\YoYoGames
[2009/11/17 16:48:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/11/17 14:24:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\GameLearn
[2009/11/17 02:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\lode_runner_2
[2009/11/17 02:44:27 | 01,333,968 | ---- | C] (ZX Games ) -- C:\Documents and Settings\Colonel Sanders\Desktop\Lode_Runner_Episode_I_en.exe
[2009/11/17 02:39:14 | 03,687,879 | ---- | C] ( ) -- C:\Documents and Settings\Colonel Sanders\Desktop\snatch_setup.exe
[2009/11/15 23:25:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\Cache
[2009/11/15 23:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\WTF
[2009/11/15 14:43:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\Rawr v2.2.27
[2009/11/11 23:54:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\ActionBarSaver-r20090923
[2009/09/03 16:10:04 | 00,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\sbcrreag.dll
[2007/04/09 11:32:58 | 00,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/24 22:45:34 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\OTL.exe
[2009/11/24 22:38:30 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/24 22:37:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/24 22:37:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/24 22:36:02 | 22,806,528 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\ntuser.dat
[2009/11/24 22:36:02 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Colonel Sanders\ntuser.ini
[2009/11/24 18:25:59 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 18:17:31 | 00,072,201 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\.ems.cfg
[2009/11/24 16:21:51 | 00,002,351 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProxyCap.lnk
[2009/11/24 15:50:05 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/11/24 13:03:05 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2009/11/24 13:02:19 | 00,000,312 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Curse Client.appref-ms
[2009/11/24 12:52:51 | 00,401,728 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\setup.exe
[2009/11/24 02:28:55 | 00,000,081 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Infected with Keylogger!.URL
[2009/11/24 01:57:07 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\dds(2).scr
[2009/11/24 01:54:04 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\settings.dat
[2009/11/24 01:49:44 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Colonel Sanders\Desktop\mbam-setup.exe
[2009/11/24 01:40:04 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Colonel Sanders\Desktop\RootRepeal.exe
[2009/11/24 01:39:10 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\dds.scr
[2009/11/24 01:07:31 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\HijackThis.lnk
[2009/11/24 01:05:48 | 00,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/11/24 01:04:10 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Colonel Sanders\Desktop\HJTInstall.exe
[2009/11/24 01:01:22 | 00,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/11/24 01:01:22 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/11/24 00:57:09 | 00,002,621 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/24 00:53:46 | 69,672,872 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Colonel Sanders\Desktop\kav9.0.0.736en-uk.exe
[2009/11/24 00:41:15 | 02,600,960 | ---- | M] (Widestep Security Software) -- C:\Documents and Settings\Colonel Sanders\Desktop\wseak_setup.exe
[2009/11/23 20:36:55 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/23 14:58:58 | 00,082,584 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/23 03:28:30 | 01,583,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/23 03:28:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/23 03:10:49 | 00,585,572 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/23 03:10:49 | 00,501,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/23 03:10:49 | 00,093,456 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/20 13:58:30 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/11/20 13:26:57 | 00,003,616 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week6_Exercises(2).ZIP
[2009/11/20 13:26:55 | 00,000,433 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week6_Examples.ZIP
[2009/11/20 13:26:37 | 00,002,212 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week7_Examples.ZIP
[2009/11/20 13:26:18 | 00,002,342 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week8_Examples.ZIP
[2009/11/19 22:38:06 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Your Freedom.lnk
[2009/11/19 22:34:09 | 13,280,021 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\freedom-20091118-01.exe
[2009/11/19 17:20:05 | 00,001,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/19 17:19:12 | 33,828,016 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Colonel Sanders\Desktop\spyware-doctor.exe
[2009/11/19 17:08:33 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 17:08:28 | 01,839,984 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Colonel Sanders\Desktop\HousecallLauncher.exe
[2009/11/19 14:56:46 | 39,658,008 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\setupeng.exe
[2009/11/19 14:27:12 | 00,357,700 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/19 14:21:15 | 00,000,943 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Spybot - Search & Destroy.lnk
[2009/11/19 14:19:27 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Colonel Sanders\Desktop\spybotsd162.exe
[2009/11/18 15:55:46 | 00,323,205 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\tankexample.zip
[2009/11/17 15:02:32 | 00,011,084 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\enemy_follow_hori.gm6
[2009/11/17 02:47:37 | 03,487,966 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\lode_runner_2.zip
[2009/11/17 02:44:36 | 01,333,968 | ---- | M] (ZX Games ) -- C:\Documents and Settings\Colonel Sanders\Desktop\Lode_Runner_Episode_I_en.exe
[2009/11/17 02:39:22 | 03,687,879 | ---- | M] ( ) -- C:\Documents and Settings\Colonel Sanders\Desktop\snatch_setup.exe
[2009/11/17 02:38:35 | 00,005,248 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Lode Runner.nsf
[2009/11/15 14:53:09 | 00,007,568 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Blockrating.xml
[2009/11/14 14:13:25 | 00,000,060 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\cache.md5
[2009/11/11 23:53:43 | 00,011,531 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\ActionBarSaver-r20090923.zip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 18:25:59 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 13:03:05 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2009/11/24 13:02:19 | 00,000,312 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Curse Client.appref-ms
[2009/11/24 12:52:48 | 00,401,728 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\setup.exe
[2009/11/24 02:28:55 | 00,000,081 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Infected with Keylogger!.URL
[2009/11/24 01:57:07 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\dds(2).scr
[2009/11/24 01:54:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\settings.dat
[2009/11/24 01:39:09 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\dds.scr
[2009/11/24 01:07:31 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\HijackThis.lnk
[2009/11/24 01:01:22 | 00,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/11/24 01:01:22 | 00,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/11/20 13:58:30 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/11/20 13:26:57 | 00,003,616 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week6_Exercises(2).ZIP
[2009/11/20 13:26:53 | 00,000,433 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week6_Examples.ZIP
[2009/11/20 13:26:36 | 00,002,212 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week7_Examples.ZIP
[2009/11/20 13:26:17 | 00,002,342 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week8_Examples.ZIP
[2009/11/19 22:38:06 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Your Freedom.lnk
[2009/11/19 22:33:57 | 13,280,021 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\freedom-20091118-01.exe
[2009/11/19 17:21:26 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/19 17:21:25 | 01,152,470 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/11/19 17:21:25 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/11/19 17:21:25 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/11/19 17:21:25 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/11/19 17:20:17 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/11/19 17:20:08 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/11/19 17:20:08 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/11/19 17:20:05 | 00,001,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/19 17:19:57 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/11/19 17:08:33 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 14:54:37 | 39,658,008 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\setupeng.exe
[2009/11/19 14:21:15 | 00,000,943 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Spybot - Search & Destroy.lnk
[2009/11/18 15:55:43 | 00,323,205 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\tankexample.zip
[2009/11/17 15:02:32 | 00,011,084 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\enemy_follow_hori.gm6
[2009/11/17 02:47:35 | 03,487,966 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\lode_runner_2.zip
[2009/11/17 02:38:33 | 00,005,248 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Lode Runner.nsf
[2009/11/14 14:14:11 | 00,000,060 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\cache.md5
[2009/11/11 23:53:23 | 00,011,531 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\ActionBarSaver-r20090923.zip
[2009/10/27 15:28:17 | 00,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2009/10/10 13:59:52 | 00,000,339 | ---- | C] () -- C:\WINDOWS\GLIDER.INI
[2009/10/09 12:05:23 | 00,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/28 23:45:00 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\PUTTY.RND
[2009/09/28 23:39:44 | 00,000,350 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Current.prx
[2009/09/20 16:36:19 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/20 15:58:10 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2008/06/13 15:27:52 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7BED8F12-695F-48DF-B705-15878BE1FDED}_WiseFW.ini
[2008/06/13 14:38:23 | 00,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2008/06/13 14:38:23 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2008/06/10 10:14:23 | 00,000,110 | ---- | C] () -- C:\WINDOWS\plugin.ini
[2008/06/10 10:01:59 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{1A7EC1C1-CF8D-42DF-86B3-FC3A87FC8F85}_WiseFW.ini
[2008/06/06 13:15:06 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/06/06 13:14:32 | 00,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2008/04/29 19:26:22 | 00,000,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/03/19 21:00:47 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/03/11 16:47:04 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\ibfs32.dll
[2008/02/03 21:31:11 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\00104run.ini
[2008/01/09 13:23:00 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/09 13:22:58 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\PnkBstrK.sys
[2008/01/09 13:22:13 | 00,000,283 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/01/04 14:48:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/12/28 14:00:00 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\fusioncache.dat
[2007/12/26 16:20:58 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2007/12/21 09:21:36 | 00,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys
[2007/12/04 19:12:54 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2007/12/02 14:38:42 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2007/12/02 14:18:06 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2007/11/25 20:42:42 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/10/22 18:47:45 | 00,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/10/22 18:47:45 | 00,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/10 09:35:02 | 00,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2007/10/10 09:35:02 | 00,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2007/09/23 16:15:26 | 00,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2007/09/21 11:44:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/08/25 14:03:51 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/22 01:02:55 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2007/08/22 01:02:55 | 00,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2007/08/22 01:02:55 | 00,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2007/08/22 01:02:55 | 00,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2007/08/22 01:02:55 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2007/08/22 01:02:55 | 00,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2007/08/22 01:02:55 | 00,002,941 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2007/08/22 01:02:55 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2007/08/22 01:02:55 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2007/08/22 01:02:55 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2007/08/22 01:02:55 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2007/08/22 01:01:31 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/08/21 23:32:52 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/21 23:32:52 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/21 20:46:34 | 00,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/08/17 15:41:35 | 00,003,304 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\glide_wrapper.zbag.ini
[2007/08/08 01:36:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2007/08/07 14:16:12 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/07/29 09:52:17 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/07/29 09:51:42 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/29 09:51:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/29 09:51:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/07/25 20:40:02 | 00,157,696 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/25 20:39:03 | 00,585,572 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2007/07/25 20:39:01 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/25 20:38:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/07/25 20:11:58 | 00,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/25 20:06:05 | 03,340,338 | -H-- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\IconCache.db
[2007/07/25 20:03:56 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/07/25 20:02:28 | 00,082,584 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/07/25 20:02:13 | 00,004,711 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/07/25 20:02:12 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/07/25 20:00:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\desktop.ini
[2007/07/25 19:54:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2007/07/25 19:50:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2007/07/25 19:50:16 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2007/07/25 19:49:12 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2007/07/25 19:49:11 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2007/07/25 16:15:38 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/05/21 10:26:46 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2007/05/21 10:26:45 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2007/05/21 10:26:45 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2007/05/21 10:26:44 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\ea2mt06.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/05/21 10:25:47 | 00,000,337 | ---- | C] () -- C:\WINDOWS\System32\enviwhi.dll
[2007/05/21 10:25:47 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2007/05/21 10:25:47 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/05/21 10:25:47 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\wazzoc8.dll
[2007/05/21 10:25:33 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2007/04/12 07:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2006/08/11 13:57:18 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/05/23 11:40:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/06/16 17:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/08/03 23:56:46 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/03 23:56:46 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/03 23:56:44 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/03 23:56:44 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/03 23:56:44 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/03 23:56:44 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/03 23:56:42 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/03 23:56:42 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/03 23:56:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/03 23:56:14 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/03 21:46:56 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/03 21:45:16 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/03 21:45:16 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/03 21:45:14 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/03 21:45:12 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/03 21:45:10 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/07/17 10:46:14 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/07/17 10:34:48 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/01/31 23:00:00 | 00,092,660 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2001/08/23 12:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001/08/23 12:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001/08/23 12:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001/08/23 12:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001/08/23 12:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001/08/23 12:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001/08/23 12:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001/08/23 12:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001/08/23 12:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001/08/23 12:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001/08/23 12:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001/08/23 12:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2001/08/23 12:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001/08/23 12:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2001/08/23 12:00:00 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2001/08/23 12:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001/08/23 12:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001/08/23 12:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001/08/23 12:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001/08/23 12:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2001/08/23 12:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2001/08/23 12:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2001/08/23 12:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2001/08/23 12:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2001/08/23 12:00:00 | 00,000,694 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 12:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001/08/23 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/17 22:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1996/04/03 19:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/09 13:16:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/04/26 15:34:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/04/13 22:12:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/07/25 20:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/07/25 20:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/06/27 13:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/07/02 08:38:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/10/29 22:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/08/21 23:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/09/20 14:13:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2008/10/15 09:37:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/20 07:04:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2008/01/20 20:13:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2009/10/09 10:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/09 10:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/05/17 16:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2007/07/25 20:38:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/07/23 12:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2008/05/27 20:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eset
[2007/10/09 17:36:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/05/18 17:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training
[2008/04/29 19:35:27 | 00,000,386 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/21 23:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2007/12/26 16:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/11/24 22:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/11/24 00:57:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/11/24 18:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/09 11:54:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/12 03:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2007/09/23 16:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/07/29 09:20:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2009/11/19 17:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/09 11:49:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2007/11/04 13:04:58 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/10/13 12:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2009/10/03 14:59:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007/12/10 16:44:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidWorks
[2009/11/19 14:21:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/24 22:38:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/28 12:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2007/08/22 18:26:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/07/02 07:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/07/25 21:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/17 16:49:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/01/03 13:02:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/07/15 17:42:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Adobe
[2007/12/13 21:12:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\AdobeUM
[2008/03/10 19:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Ansys
[2007/08/05 16:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Apple Computer
[2007/11/25 20:53:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\ATI
[2007/11/25 16:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\atitray
[2008/03/10 19:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Autodesk
[2007/08/21 23:36:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\AVS4YOU
[2009/09/20 16:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Birdstep Technology
[2007/10/01 14:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\BITS
[2009/10/27 11:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\bmttut1
[2009/10/27 14:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\bmttut2
[2009/10/27 14:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\bmttut3
[2007/08/26 14:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Canon
[2007/07/26 15:27:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Command & Conquer 3 Tiberium Wars
[2007/10/22 18:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Creative
[2009/10/08 16:11:19 | 00,000,350 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Current.prx
[2009/10/09 10:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DAEMON Tools
[2009/10/09 10:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DAEMON Tools Lite
[2009/10/09 10:14:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DAEMON Tools Pro
[2007/12/10 17:30:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DassaultSystemes
[2007/07/25 20:38:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\desktop.ini
[2009/10/28 11:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DivX
[2008/07/17 11:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\dvdcss
[2008/01/04 14:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DWGeditor
[2008/02/03 21:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\EDrawings
[2008/06/14 16:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\ESET
[2007/10/20 20:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Firefox
[2009/09/27 18:47:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\GetRightToGo
[2007/08/18 22:53:41 | 00,003,304 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\glide_wrapper.zbag.ini
[2008/02/04 17:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\GSC
[2007/07/25 20:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Identities
[2008/09/16 17:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\IM
[2007/08/05 15:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Imagenomic
[2007/07/26 21:40:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\IMVU
[2009/09/26 18:11:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\InstallShield
[2007/12/26 16:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\iolo
[2008/11/15 23:07:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\LimeWire
[2009/10/08 22:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Macromedia
[2009/11/24 18:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Malwarebytes
[2009/10/09 11:54:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Microsoft
[2007/12/28 13:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\mIRC
[2007/10/20 20:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Move Networks
[2008/07/02 07:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla
[2009/10/09 13:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Notepad++
[2009/11/19 17:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\PC Tools
[2008/01/09 13:22:58 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\PnkBstrK.sys
[2009/10/02 17:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\ProxyCap
[2009/11/19 17:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\QuickScan
[2008/07/02 07:39:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Real
[2007/07/25 14:49:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SecuROM
[2009/11/24 23:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Skype
[2009/11/24 16:09:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\skypePM
[2008/07/09 19:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SolidWorks
[2007/12/10 16:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SolidWorks 2008
[2008/06/30 17:23:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SolidWorksNewsReader
[2009/06/27 13:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Spybot - Search & Destroy
[2007/07/25 17:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Sun
[2007/12/02 14:49:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\teamspeak2
[2007/08/22 18:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\TuneUp Software
[2009/11/19 22:34:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\uTorrent
[2009/01/28 19:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Ventrilo
[2007/07/25 21:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\vlc
[2007/08/20 17:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\WinRAR
[2007/07/25 20:38:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Application Data\desktop.ini
[2007/12/28 22:46:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2009/10/29 22:31:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/29 22:31:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/28 16:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2001/08/23 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/24 22:37:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

========== Files - Unicode (All) ==========
[2008/03/02 21:19:38 | 00,011,394 | ---- | M] ()(C:\Documents and Settings\Colonel Sanders\My Documents\Th?r?s a Point In Your Lif?.docx) -- C:\Documents and Settings\Colonel Sanders\My Documents\ThΡ”rΡ”s a Point In Your LifΡ”.docx
[2008/03/02 21:19:38 | 00,011,394 | ---- | C] ()(C:\Documents and Settings\Colonel Sanders\My Documents\Th?r?s a Point In Your Lif?.docx) -- C:\Documents and Settings\Colonel Sanders\My Documents\ThΡ”rΡ”s a Point In Your LifΡ”.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9418F3
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DACEB9F
< End of report >

Attached Files

  • Attached File  OTL.Txt   172.67KB   8 downloads

Edited by Buckeye_Sam, 25 November 2009 - 08:23 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:12 PM

Posted 25 November 2009 - 08:40 AM

Please do not attach log files unless specifically requested to do. Just copy the text in the log and then paste it directly into your reply.
It makes it much easier for me to review the information if I can see it all in one place.



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll File not found
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
    O3 - HKU\S-1-5-21-789336058-1220945662-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
    O4 - HKLM..\Run: [™.˜] C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-789336058-1220945662-725345543-1003..\Run: [™.˜] C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-789336058-1220945662-725345543-1003..\Run: [ARC] C:\Documents and Settings\Colonel Sanders\My Documents\System\msascui.exe ()
    O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
    @Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9418F3
    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DACEB9F
    
    :Files
    C:\Program Files\AVG
    C:\Program Files\BigSeekPro Toolbar
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Chris25

Chris25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 25 November 2009 - 09:21 AM

Hi again,
Appologies for attaching the file. It seemed so large I didn't want to paste all the text and have it clutter up the reply. Will paste logs from now on though, sorry!


Results from OTL Fix:::

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-789336058-1220945662-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\™.˜ not found.
C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-789336058-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\™.˜ not found.
File C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe not found.
Registry value HKEY_USERS\S-1-5-21-789336058-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ARC deleted successfully.
C:\Documents and Settings\Colonel Sanders\My Documents\System\msascui.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AF9418F3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4DACEB9F deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\AVG not found.
File\Folder C:\Program Files\BigSeekPro Toolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Colonel Sanders
->Temp folder emptied: 669805 bytes
->Temporary Internet Files folder emptied: 25379353 bytes
->Java cache emptied: 161001 bytes
->FireFox cache emptied: 214728427 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33396 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2586403 bytes
->FireFox cache emptied: 1701622 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 8914585 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 42014108 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 282.61 mb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.1.8.0 log created on 11252009_134941

Files\Folders moved on Reboot...
C:\WINDOWS\temp\hlktmp moved successfully.

Registry entries deleted on Reboot...

-----


NEW OTL REPORT:::

OTL logfile created on: 25/11/2009 2:13:59 PM - Run 2
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Colonel Sanders\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.62% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.07 Gb Total Space | 3.08 Gb Free Space | 16.13% Space Free | Partition Type: NTFS
Drive D: | 148.81 Gb Total Space | 20.32 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 204.54 Gb Free Space | 87.83% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KFC
Current User Name: Colonel Sanders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/24 22:45:34 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\OTL.exe
PRC - [2009/11/24 22:45:34 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\OTL.exe
PRC - [2009/11/24 13:02:07 | 01,659,392 | ---- | M] (Curse) -- C:\Documents and Settings\Colonel Sanders\Local Settings\Apps\2.0\7QLB1NM8.3BJ\RYKAW6RL.L1L\curs..tion_eee711038731a406_0004.0000_10385b9745e33e88\CurseClient.exe
PRC - [2009/11/08 01:30:33 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/09/30 09:12:14 | 00,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/09/30 09:12:10 | 00,273,664 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/07/10 01:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/11/24 22:45:34 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\OTL.exe
MOD - [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 00:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (StarWindServiceAE)
SRV - File not found -- -- (mi-raysat_3dsMax2009_32)
SRV - File not found -- -- (IPClampService)
SRV - File not found -- -- (ekrn)
SRV - File not found -- -- (EhttpSrv)
SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/30 09:12:14 | 00,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/16 03:15:52 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/05/15 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/03/31 08:44:48 | 00,047,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2009/03/30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 02:23:32 | 00,254,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 02:23:24 | 00,366,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/10 01:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/07/02 07:08:24 | 00,354,560 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/04/26 16:50:12 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 00:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/04/04 13:51:32 | 00,028,416 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/03/10 18:47:10 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/12 15:10:26 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/01/04 14:46:25 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/11/07 07:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- E:\Apps\Microsoft Visual Studio 2008\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/08/04 09:10:15 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/07/27 09:41:38 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\S-1-5-21-789336058-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\S-1-5-21-789336058-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50ie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/|http://www.guildportal.com/Guild.aspx?GuildID=108397&TabID=926557"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.7.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07061050
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/02 18:15:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/23 03:00:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 01:30:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/08 01:30:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2008/07/02 07:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Extensions
[2008/07/02 07:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/24 15:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions
[2009/09/27 13:18:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/17 15:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/07/20 20:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/11/19 17:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2007/10/20 20:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\moveplayer@movenetworks.com
[2009/11/17 16:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\yyginstantplay@yoyogames.com
[2008/04/29 19:23:17 | 00,001,010 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\aimsearch.gif
[2008/04/29 19:23:17 | 00,000,301 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\aimsearch.src
[2008/04/26 15:36:23 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\aimsearch.xml
[2009/10/09 10:28:44 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\daemon-search.xml
[2009/11/24 15:23:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/08 01:30:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/25 14:36:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/25 15:33:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/10/02 18:15:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/10/03 14:49:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/24 01:01:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/11/08 01:30:32 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/08 01:30:32 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/09/18 18:02:38 | 00,028,672 | ---- | M] (flashget) -- C:\Program Files\Mozilla Firefox\components\FlashgetXpi.dll
[2004/07/02 13:51:00 | 00,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
[2009/09/25 16:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2004/07/02 13:51:00 | 00,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
[2008/06/17 15:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/07/31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 16:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 16:41:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/11 20:14:46 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2007/08/15 19:15:12 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2009/11/08 01:30:35 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/10/14 20:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/01/03 12:58:53 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/04/04 13:15:23 | 01,212,416 | ---- | M] (cedelia) -- C:\Program Files\Mozilla Firefox\plugins\NPStreamPlug.dll
[2009/09/25 16:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/19 08:32:58 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/19 08:32:58 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/19 08:32:58 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/19 08:32:58 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/19 08:32:59 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/19 08:32:59 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/19 08:32:59 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/19 08:32:59 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (357700 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 12271 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [™.˜] C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-789336058-1220945662-725345543-1003..\Run: [™.˜] C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe File not found
O4 - Startup: C:\Documents and Settings\Colonel Sanders\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\PartyPoker\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\PartyPoker\PartyPoker\RunApp.exe File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - D:\Games\Bodog Poker\BPGame.exe (Bodog)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O15 - HKLM\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-789336058-1220945662-725345543-1003\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.150.102.4 10.150.102.5
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/25 19:54:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0d8e071c-a5ed-11de-8ac0-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{0d8e071c-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d8e071c-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{0d8e071e-a5ed-11de-8ac0-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{0d8e071e-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d8e071e-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{41110d4f-ab95-11de-8acd-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{41110d4f-ab95-11de-8acd-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41110d4f-ab95-11de-8acd-00196622d7dd}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{884fb3dc-a575-11de-8abf-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{884fb3dc-a575-11de-8abf-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{884fb3dc-a575-11de-8abf-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{884fb3de-a575-11de-8abf-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{884fb3de-a575-11de-8abf-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{884fb3de-a575-11de-8abf-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (oodbs) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/09/19 23:19:49 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2009/11/25 14:05:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/25 13:49:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/25 13:43:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/11/24 22:45:30 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\OTL.exe
[2009/11/24 18:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Application Data\Malwarebytes
[2009/11/24 18:25:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/24 18:25:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/24 18:25:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/24 18:25:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/24 01:49:44 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Colonel Sanders\Desktop\mbam-setup.exe
[2009/11/24 01:40:04 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Colonel Sanders\Desktop\RootRepeal.exe
[2009/11/24 01:07:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/24 01:04:09 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Colonel Sanders\Desktop\HJTInstall.exe
[2009/11/24 00:59:34 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/11/24 00:59:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/11/24 00:59:03 | 00,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/11/24 00:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/11/24 00:52:49 | 69,672,872 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Colonel Sanders\Desktop\kav9.0.0.736en-uk.exe
[2009/11/24 00:41:14 | 02,600,960 | ---- | C] (Widestep Security Software) -- C:\Documents and Settings\Colonel Sanders\Desktop\wseak_setup.exe
[2009/11/20 13:20:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\UDO
[2009/11/19 22:37:59 | 00,000,000 | ---D | C] -- C:\Program Files\Your Freedom
[2009/11/19 17:21:25 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/11/19 17:21:25 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/11/19 17:21:25 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/11/19 17:20:17 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/11/19 17:20:08 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/11/19 17:20:08 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/11/19 17:19:56 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/11/19 17:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/11/19 17:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/11/19 17:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Application Data\PC Tools
[2009/11/19 17:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/11/19 17:17:37 | 33,828,016 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Colonel Sanders\Desktop\spyware-doctor.exe
[2009/11/19 17:08:33 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 17:08:28 | 01,839,984 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Colonel Sanders\Desktop\HousecallLauncher.exe
[2009/11/19 17:04:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Application Data\QuickScan
[2009/11/19 15:03:48 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/19 14:18:43 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Colonel Sanders\Desktop\spybotsd162.exe
[2009/11/18 15:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\tankexample
[2009/11/17 16:48:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\My Documents\YoYoGames
[2009/11/17 16:48:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/11/17 14:24:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\GameLearn
[2009/11/17 02:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\lode_runner_2
[2009/11/17 02:44:27 | 01,333,968 | ---- | C] (ZX Games ) -- C:\Documents and Settings\Colonel Sanders\Desktop\Lode_Runner_Episode_I_en.exe
[2009/11/17 02:39:14 | 03,687,879 | ---- | C] ( ) -- C:\Documents and Settings\Colonel Sanders\Desktop\snatch_setup.exe
[2009/11/15 23:25:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\Cache
[2009/11/15 23:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\WTF
[2009/11/15 14:43:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\Rawr v2.2.27
[2009/11/11 23:54:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\ActionBarSaver-r20090923
[2009/09/03 16:10:04 | 00,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\sbcrreag.dll
[2007/04/09 11:32:58 | 00,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/25 14:12:53 | 22,806,528 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\ntuser.dat
[2009/11/25 14:06:59 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/25 13:58:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/25 13:58:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/25 13:57:13 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Colonel Sanders\ntuser.ini
[2009/11/25 13:44:31 | 00,607,322 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/25 13:44:31 | 00,509,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/25 13:44:31 | 00,097,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/24 23:34:39 | 01,601,574 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\I m a Hunter - World of Warcraft Hunter Song.mp3
[2009/11/24 23:14:39 | 00,071,621 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\.ems.cfg
[2009/11/24 23:13:49 | 00,002,351 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProxyCap.lnk
[2009/11/24 23:10:37 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/11/24 22:45:34 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\OTL.exe
[2009/11/24 22:38:30 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/24 18:25:59 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 13:03:05 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2009/11/24 13:02:19 | 00,000,312 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Curse Client.appref-ms
[2009/11/24 12:52:51 | 00,401,728 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\setup.exe
[2009/11/24 02:28:55 | 00,000,081 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Infected with Keylogger!.URL
[2009/11/24 01:57:07 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\dds(2).scr
[2009/11/24 01:54:04 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\settings.dat
[2009/11/24 01:49:44 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Colonel Sanders\Desktop\mbam-setup.exe
[2009/11/24 01:40:04 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Colonel Sanders\Desktop\RootRepeal.exe
[2009/11/24 01:39:10 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\dds.scr
[2009/11/24 01:07:31 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\HijackThis.lnk
[2009/11/24 01:05:48 | 00,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/11/24 01:04:10 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Colonel Sanders\Desktop\HJTInstall.exe
[2009/11/24 01:01:22 | 00,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/11/24 01:01:22 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/11/24 00:57:09 | 00,002,621 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/24 00:53:46 | 69,672,872 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Colonel Sanders\Desktop\kav9.0.0.736en-uk.exe
[2009/11/24 00:41:15 | 02,600,960 | ---- | M] (Widestep Security Software) -- C:\Documents and Settings\Colonel Sanders\Desktop\wseak_setup.exe
[2009/11/23 20:36:55 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/23 14:58:58 | 00,082,584 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/23 03:28:30 | 01,583,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/23 03:28:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/20 13:58:30 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/11/20 13:26:57 | 00,003,616 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week6_Exercises(2).ZIP
[2009/11/20 13:26:55 | 00,000,433 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week6_Examples.ZIP
[2009/11/20 13:26:37 | 00,002,212 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week7_Examples.ZIP
[2009/11/20 13:26:18 | 00,002,342 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week8_Examples.ZIP
[2009/11/19 22:38:06 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Your Freedom.lnk
[2009/11/19 22:34:09 | 13,280,021 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\freedom-20091118-01.exe
[2009/11/19 17:20:05 | 00,001,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/19 17:19:12 | 33,828,016 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Colonel Sanders\Desktop\spyware-doctor.exe
[2009/11/19 17:08:33 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 17:08:28 | 01,839,984 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Colonel Sanders\Desktop\HousecallLauncher.exe
[2009/11/19 14:56:46 | 39,658,008 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\setupeng.exe
[2009/11/19 14:27:12 | 00,357,700 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/19 14:21:15 | 00,000,943 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Spybot - Search & Destroy.lnk
[2009/11/19 14:19:27 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Colonel Sanders\Desktop\spybotsd162.exe
[2009/11/18 15:55:46 | 00,323,205 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\tankexample.zip
[2009/11/17 15:02:32 | 00,011,084 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\enemy_follow_hori.gm6
[2009/11/17 02:47:37 | 03,487,966 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\lode_runner_2.zip
[2009/11/17 02:44:36 | 01,333,968 | ---- | M] (ZX Games ) -- C:\Documents and Settings\Colonel Sanders\Desktop\Lode_Runner_Episode_I_en.exe
[2009/11/17 02:39:22 | 03,687,879 | ---- | M] ( ) -- C:\Documents and Settings\Colonel Sanders\Desktop\snatch_setup.exe
[2009/11/17 02:38:35 | 00,005,248 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Lode Runner.nsf
[2009/11/15 14:53:09 | 00,007,568 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Blockrating.xml
[2009/11/14 14:13:25 | 00,000,060 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\cache.md5
[2009/11/11 23:53:43 | 00,011,531 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\ActionBarSaver-r20090923.zip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 23:34:38 | 01,601,574 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\I m a Hunter - World of Warcraft Hunter Song.mp3
[2009/11/24 18:25:59 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 13:03:05 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2009/11/24 13:02:19 | 00,000,312 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Curse Client.appref-ms
[2009/11/24 12:52:48 | 00,401,728 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\setup.exe
[2009/11/24 02:28:55 | 00,000,081 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Infected with Keylogger!.URL
[2009/11/24 01:57:07 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\dds(2).scr
[2009/11/24 01:54:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\settings.dat
[2009/11/24 01:39:09 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\dds.scr
[2009/11/24 01:07:31 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\HijackThis.lnk
[2009/11/24 01:01:22 | 00,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/11/24 01:01:22 | 00,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/11/20 13:58:30 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/11/20 13:26:57 | 00,003,616 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week6_Exercises(2).ZIP
[2009/11/20 13:26:53 | 00,000,433 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week6_Examples.ZIP
[2009/11/20 13:26:36 | 00,002,212 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week7_Examples.ZIP
[2009/11/20 13:26:17 | 00,002,342 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Week8_Examples.ZIP
[2009/11/19 22:38:06 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Your Freedom.lnk
[2009/11/19 22:33:57 | 13,280,021 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\freedom-20091118-01.exe
[2009/11/19 17:21:26 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/19 17:21:25 | 01,152,470 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/11/19 17:21:25 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/11/19 17:21:25 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/11/19 17:21:25 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/11/19 17:20:17 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/11/19 17:20:08 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/11/19 17:20:08 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/11/19 17:20:05 | 00,001,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/19 17:19:57 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/11/19 17:08:33 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 14:54:37 | 39,658,008 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\setupeng.exe
[2009/11/19 14:21:15 | 00,000,943 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Spybot - Search & Destroy.lnk
[2009/11/18 15:55:43 | 00,323,205 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\tankexample.zip
[2009/11/17 15:02:32 | 00,011,084 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\enemy_follow_hori.gm6
[2009/11/17 02:47:35 | 03,487,966 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\lode_runner_2.zip
[2009/11/17 02:38:33 | 00,005,248 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Lode Runner.nsf
[2009/11/14 14:14:11 | 00,000,060 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\cache.md5
[2009/11/11 23:53:23 | 00,011,531 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\ActionBarSaver-r20090923.zip
[2009/10/27 15:28:17 | 00,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2009/10/10 13:59:52 | 00,000,339 | ---- | C] () -- C:\WINDOWS\GLIDER.INI
[2009/10/09 12:05:23 | 00,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/28 23:45:00 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\PUTTY.RND
[2009/09/28 23:39:44 | 00,000,350 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Current.prx
[2009/09/20 16:36:19 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/20 15:58:10 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2008/06/13 15:27:52 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7BED8F12-695F-48DF-B705-15878BE1FDED}_WiseFW.ini
[2008/06/13 14:38:23 | 00,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2008/06/13 14:38:23 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2008/06/10 10:14:23 | 00,000,110 | ---- | C] () -- C:\WINDOWS\plugin.ini
[2008/06/10 10:01:59 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{1A7EC1C1-CF8D-42DF-86B3-FC3A87FC8F85}_WiseFW.ini
[2008/06/06 13:15:06 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/06/06 13:14:32 | 00,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2008/04/29 19:26:22 | 00,000,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/03/19 21:00:47 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/03/11 16:47:04 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\ibfs32.dll
[2008/02/03 21:31:11 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\00104run.ini
[2008/01/09 13:23:00 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/09 13:22:58 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\PnkBstrK.sys
[2008/01/09 13:22:13 | 00,000,283 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/01/04 14:48:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/12/28 14:00:00 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\fusioncache.dat
[2007/12/26 16:20:58 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2007/12/21 09:21:36 | 00,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys
[2007/12/04 19:12:54 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2007/12/02 14:38:42 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2007/12/02 14:18:06 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2007/11/25 20:42:42 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/10/22 18:47:45 | 00,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/10/22 18:47:45 | 00,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/10 09:35:02 | 00,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2007/10/10 09:35:02 | 00,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2007/09/23 16:15:26 | 00,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2007/09/21 11:44:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/08/25 14:03:51 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/22 01:02:55 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2007/08/22 01:02:55 | 00,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2007/08/22 01:02:55 | 00,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2007/08/22 01:02:55 | 00,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2007/08/22 01:02:55 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2007/08/22 01:02:55 | 00,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2007/08/22 01:02:55 | 00,002,941 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2007/08/22 01:02:55 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2007/08/22 01:02:55 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2007/08/22 01:02:55 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2007/08/22 01:02:55 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2007/08/22 01:01:31 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/08/21 23:32:52 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/21 23:32:52 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/21 20:46:34 | 00,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/08/17 15:41:35 | 00,003,304 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\glide_wrapper.zbag.ini
[2007/08/08 01:36:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2007/08/07 14:16:12 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/07/29 09:52:17 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/07/29 09:51:42 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/29 09:51:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/29 09:51:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/07/25 20:40:02 | 00,157,696 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/25 20:39:03 | 00,607,322 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2007/07/25 20:39:01 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/25 20:38:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/07/25 20:11:58 | 00,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/25 20:06:05 | 03,340,338 | -H-- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\IconCache.db
[2007/07/25 20:03:56 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/07/25 20:02:28 | 00,082,584 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/07/25 20:02:13 | 00,004,711 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/07/25 20:02:12 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/07/25 20:00:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\desktop.ini
[2007/07/25 19:54:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2007/07/25 19:50:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2007/07/25 19:50:16 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2007/07/25 19:49:12 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2007/07/25 19:49:11 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2007/07/25 16:15:38 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/05/21 10:26:46 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2007/05/21 10:26:45 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2007/05/21 10:26:45 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2007/05/21 10:26:44 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\ea2mt06.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/05/21 10:25:47 | 00,000,337 | ---- | C] () -- C:\WINDOWS\System32\enviwhi.dll
[2007/05/21 10:25:47 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2007/05/21 10:25:47 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/05/21 10:25:47 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\wazzoc8.dll
[2007/05/21 10:25:33 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2007/04/12 07:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2006/08/11 13:57:18 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/05/23 11:40:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/06/16 17:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/08/03 23:56:46 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/03 23:56:46 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/03 23:56:44 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/03 23:56:44 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/03 23:56:44 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/03 23:56:44 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/03 23:56:42 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/03 23:56:42 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/03 23:56:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/03 23:56:14 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/03 21:46:56 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/03 21:45:16 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/03 21:45:16 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/03 21:45:14 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/03 21:45:12 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/03 21:45:10 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/07/17 10:46:14 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/07/17 10:34:48 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/01/31 23:00:00 | 00,092,660 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2001/08/23 12:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001/08/23 12:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001/08/23 12:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001/08/23 12:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001/08/23 12:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001/08/23 12:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001/08/23 12:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001/08/23 12:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001/08/23 12:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001/08/23 12:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001/08/23 12:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001/08/23 12:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2001/08/23 12:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001/08/23 12:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2001/08/23 12:00:00 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2001/08/23 12:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001/08/23 12:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001/08/23 12:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001/08/23 12:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001/08/23 12:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2001/08/23 12:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2001/08/23 12:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2001/08/23 12:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2001/08/23 12:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2001/08/23 12:00:00 | 00,000,694 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 12:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001/08/23 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/17 22:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1996/04/03 19:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/09 13:16:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/04/26 15:34:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/04/13 22:12:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/07/25 20:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/07/25 20:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/06/27 13:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/07/02 08:38:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/10/29 22:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/08/21 23:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/09/20 14:13:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2008/10/15 09:37:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/20 07:04:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2008/01/20 20:13:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2009/10/09 10:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/09 10:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/05/17 16:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2007/07/25 20:38:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/07/23 12:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2008/05/27 20:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eset
[2007/10/09 17:36:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/05/18 17:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training
[2008/04/29 19:35:27 | 00,000,386 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/21 23:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2007/12/26 16:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/11/25 14:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/11/24 00:57:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/11/24 18:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/09 11:54:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/12 03:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2007/09/23 16:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/07/29 09:20:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2009/11/19 17:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/09 11:49:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2007/11/04 13:04:58 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/10/13 12:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2009/10/03 14:59:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007/12/10 16:44:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidWorks
[2009/11/19 14:21:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/25 13:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/28 12:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2007/08/22 18:26:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/07/02 07:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/07/25 21:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/17 16:49:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/01/03 13:02:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/07/15 17:42:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Adobe
[2007/12/13 21:12:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\AdobeUM
[2008/03/10 19:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Ansys
[2007/08/05 16:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Apple Computer
[2007/11/25 20:53:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\ATI
[2007/11/25 16:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\atitray
[2008/03/10 19:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Autodesk
[2007/08/21 23:36:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\AVS4YOU
[2009/09/20 16:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Birdstep Technology
[2007/10/01 14:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\BITS
[2009/10/27 11:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\bmttut1
[2009/10/27 14:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\bmttut2
[2009/10/27 14:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\bmttut3
[2007/08/26 14:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Canon
[2007/07/26 15:27:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Command & Conquer 3 Tiberium Wars
[2007/10/22 18:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Creative
[2009/10/08 16:11:19 | 00,000,350 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Current.prx
[2009/10/09 10:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DAEMON Tools
[2009/10/09 10:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DAEMON Tools Lite
[2009/10/09 10:14:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DAEMON Tools Pro
[2007/12/10 17:30:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DassaultSystemes
[2007/07/25 20:38:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\desktop.ini
[2009/10/28 11:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DivX
[2008/07/17 11:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\dvdcss
[2008/01/04 14:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DWGeditor
[2008/02/03 21:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\EDrawings
[2008/06/14 16:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\ESET
[2007/10/20 20:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Firefox
[2009/09/27 18:47:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\GetRightToGo
[2007/08/18 22:53:41 | 00,003,304 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\glide_wrapper.zbag.ini
[2008/02/04 17:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\GSC
[2007/07/25 20:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Identities
[2008/09/16 17:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\IM
[2007/08/05 15:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Imagenomic
[2007/07/26 21:40:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\IMVU
[2009/09/26 18:11:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\InstallShield
[2007/12/26 16:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\iolo
[2008/11/15 23:07:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\LimeWire
[2009/10/08 22:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Macromedia
[2009/11/24 18:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Malwarebytes
[2009/10/09 11:54:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Microsoft
[2007/12/28 13:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\mIRC
[2007/10/20 20:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Move Networks
[2008/07/02 07:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla
[2009/10/09 13:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Notepad++
[2009/11/19 17:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\PC Tools
[2008/01/09 13:22:58 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\PnkBstrK.sys
[2009/10/02 17:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\ProxyCap
[2009/11/19 17:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\QuickScan
[2008/07/02 07:39:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Real
[2007/07/25 14:49:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SecuROM
[2009/11/25 02:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Skype
[2009/11/25 00:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\skypePM
[2008/07/09 19:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SolidWorks
[2007/12/10 16:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SolidWorks 2008
[2008/06/30 17:23:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SolidWorksNewsReader
[2009/06/27 13:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Spybot - Search & Destroy
[2007/07/25 17:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Sun
[2007/12/02 14:49:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\teamspeak2
[2007/08/22 18:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\TuneUp Software
[2009/11/19 22:34:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\uTorrent
[2009/01/28 19:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Ventrilo
[2007/07/25 21:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\vlc
[2007/08/20 17:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\WinRAR
[2007/07/25 20:38:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Application Data\desktop.ini
[2007/12/28 22:46:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2009/10/29 22:31:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/29 22:31:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/28 16:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2001/08/23 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/25 13:58:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

========== Files - Unicode (All) ==========
[2008/03/02 21:19:38 | 00,011,394 | ---- | M] ()(C:\Documents and Settings\Colonel Sanders\My Documents\Th?r?s a Point In Your Lif?.docx) -- C:\Documents and Settings\Colonel Sanders\My Documents\Thєrєs a Point In Your Lifє.docx
[2008/03/02 21:19:38 | 00,011,394 | ---- | C] ()(C:\Documents and Settings\Colonel Sanders\My Documents\Th?r?s a Point In Your Lif?.docx) -- C:\Documents and Settings\Colonel Sanders\My Documents\Thєrєs a Point In Your Lifє.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

-----

Note: I have just reinstalled Microsoft .NET Framework 1.0 + service pack and Windows Update is bugging me to install some more updates. Not sure if this has effect on files you will see (I'm clueless here).

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:12 PM

Posted 25 November 2009 - 09:28 AM

It's best if you hold off on installing updates while we're trying to fix this. It will just clutter up the log and make it more difficult to analyze.

Please update me on your issue.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Chris25

Chris25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 25 November 2009 - 10:15 AM

As of now there is no logdll.txt file being created in the Temp folder of my Local settings. However I still experienced very slow startup time, like there was a lot being loaded before I was able to do anything from my desktop (3-5minute stall with no response). I'm going to do a restart and see if the file is recreated.

Also, Kasper just detected a potential keylogger, supposedly: \DRIVER\PCTCORE
I've tried to look up what this could mean but I can't find any info on it, and there is no such directory that I can find (probably looking in the wrong place).

Here's the info from Kasper report though:

THREATS DETECTED:::
24/11/2009 1:10:23 AM Unable to start tasks Proactive Defense Unexpected error Kaspersky Anti-Virus
24/11/2009 1:09:35 AM Unable to start tasks Proactive Defense Unexpected error Kaspersky Anti-Virus
24/11/2009 1:04:18 AM Unable to start tasks Proactive Defense Unexpected error Kaspersky Anti-Virus
24/11/2009 6:25:44 PM Task stopped Proactive Defense Kaspersky Anti-Virus
24/11/2009 1:45:52 AM Task stopped Proactive Defense Kaspersky Anti-Virus
24/11/2009 1:09:25 AM Task stopped Proactive Defense Kaspersky Anti-Virus
25/11/2009 2:28:19 PM Task started Proactive Defense Kaspersky Anti-Virus
25/11/2009 1:59:42 PM Task started Proactive Defense Kaspersky Anti-Virus
24/11/2009 11:06:53 PM Task started Proactive Defense Kaspersky Anti-Virus
24/11/2009 1:50:59 AM Task started Proactive Defense Kaspersky Anti-Virus
24/11/2009 1:12:50 AM Task started Proactive Defense Kaspersky Anti-Virus
24/11/2009 1:09:35 AM Task started Proactive Defense Kaspersky Anti-Virus
24/11/2009 1:04:17 AM Task started Proactive Defense Kaspersky Anti-Virus
24/11/2009 2:00:01 AM Detected: PDM.Suspicious driver installation C:\DOCUMENTS AND SETTINGS\COLONEL SANDERS\DESKTOP\ROOTREPEAL.EXE RootRepeal
24/11/2009 1:53:49 AM Detected: PDM.Suspicious driver installation C:\DOCUMENTS AND SETTINGS\COLONEL SANDERS\DESKTOP\ROOTREPEAL.EXE RootRepeal
25/11/2009 3:02:14 PM Detected: PDM.Keylogger \DRIVER\PCTCORE Absent
24/11/2009 1:17:41 AM Detected: PDM.Invader (loader) C:\DOCUMENTS AND SETTINGS\COLONEL SANDERS\MY DOCUMENTS\SYSTEM\WINUPDATE.EXE Windows Help Engine application file
25/11/2009 2:30:47 PM Detected: PDM.DNS Query C:\DOCUMENTS AND SETTINGS\COLONEL SANDERS\LOCAL SETTINGS\APPS\2.0\7QLB1NM8.3BJ\RYKAW6RL.L1L\CURS..TION_EEE711038731A406_0004.0000_10385B9745E33E88\CURSECLIENT.EXE Curse Client
25/11/2009 2:02:17 PM Detected: PDM.DNS Query C:\DOCUMENTS AND SETTINGS\COLONEL SANDERS\LOCAL SETTINGS\APPS\2.0\7QLB1NM8.3BJ\RYKAW6RL.L1L\CURS..TION_EEE711038731A406_0004.0000_10385B9745E33E88\CURSECLIENT.EXE Curse Client
25/11/2009 2:13:35 AM Detected: PDM.DNS Query C:\PROGRAM FILES\UNLOCKER\UNLOCKER.EXE Unlocker.exe
24/11/2009 11:45:15 PM Detected: PDM.DNS Query C:\DOCUMENTS AND SETTINGS\COLONEL SANDERS\LOCAL SETTINGS\APPS\2.0\7QLB1NM8.3BJ\RYKAW6RL.L1L\CURS..TION_EEE711038731A406_0004.0000_10385B9745E33E88\CURSECLIENT.EXE Curse Client
24/11/2009 11:14:34 PM Detected: PDM.DNS Query C:\PROGRAM FILES\YOUR FREEDOM\FREEDOM.EXE Your Freedom client software
24/11/2009 11:07:57 PM Detected: PDM.DNS Query C:\DOCUMENTS AND SETTINGS\COLONEL SANDERS\MY DOCUMENTS\SYSTEM\MSASCUI.EXE Microsoft Library Component
24/11/2009 4:22:26 PM Detected: PDM.DNS Query C:\PROGRAM FILES\YOUR FREEDOM\FREEDOM.EXE Your Freedom client software
24/11/2009 1:56:13 PM Detected: PDM.DNS Query C:\PROGRAM FILES\UNLOCKER\UNLOCKER.EXE Unlocker.exe
24/11/2009 1:02:58 PM Detected: PDM.DNS Query C:\DOCUMENTS AND SETTINGS\COLONEL SANDERS\LOCAL SETTINGS\APPS\2.0\7QLB1NM8.3BJ\RYKAW6RL.L1L\CURS..TION_EEE711038731A406_0004.0000_10385B9745E33E88\CURSECLIENT.EXE Curse Client
24/11/2009 1:51:29 AM Detected: PDM.DNS Query C:\DOCUMENTS AND SETTINGS\COLONEL SANDERS\MY DOCUMENTS\SYSTEM\MSASCUI.EXE Microsoft Library Component
24/11/2009 1:17:41 AM Detected: PDM.DNS Query C:\DOCUMENTS AND SETTINGS\COLONEL SANDERS\MY DOCUMENTS\SYSTEM\MSASCUI.EXE Microsoft Library Component
24/11/2009 1:17:26 AM Detected: PDM.DNS Query C:\PROGRAM FILES\CURSE\CURSECLIENT.EXE CURSECLIENT.EXE

-----

Edit:
Still no logdll.txt file being created :(
Now I just have to fix what I screwed up myself while trying to fix this issue (reinstalling Visual Studio as .NET Frameworks have been messed up, kind of manditory as I have an assignment in tomorrow).

Is there anything you have noted that may be causing the stalling at startup? To my knowledge I don't have many programs being launched then, just my Anti-virus and Curse profiler. Anyways, I can't thank you enough for fixing this for me, you have been very helpful :(. No idea of half of what you have done but you definitely know your stuff!

Edited by Chris25, 25 November 2009 - 10:38 AM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:12 PM

Posted 25 November 2009 - 07:37 PM

Also, Kasper just detected a potential keylogger, supposedly: \DRIVER\PCTCORE

This is part of SpywareDoctor.


Both SpywareDoctor and Kaspersky are known to be rather resource intensive, but my guess for what's causing your slowdown is this:

O4 - Startup: C:\Documents and Settings\Colonel Sanders\Start Menu\Programs\Startup\CurseClientStartup.ccip ()


I'm not familiar with this program, but does it really need to run at startup? It appears to be game related so couldn't you just start it as needed?
If it is what's causing your slow boot up, you might want to check to see if there's an updated version that has a smaller footprint.



We still have a little bit more to clean up.

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [™.˜] C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe File not found
    O4 - HKU\S-1-5-21-789336058-1220945662-725345543-1003..\Run: [™.˜] C:\Documents and Settings\Colonel Sanders\My Documents\System\winupdate.exe File not found
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Chris25

Chris25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 25 November 2009 - 10:03 PM

Okay, I've run the new fix and scan. Not much to show here from the fix log:

OTL Fix Log:::

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\™.˜ not found.
Registry value HKEY_USERS\S-1-5-21-789336058-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\™.˜ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.8.0 log created on 11262009_023406

-----


New OTL Report:::

OTL logfile created on: 26/11/2009 2:48:31 AM - Run 4
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Colonel Sanders\Desktop\AV
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.37% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.07 Gb Total Space | 4.99 Gb Free Space | 26.14% Space Free | Partition Type: NTFS
Drive D: | 148.81 Gb Total Space | 19.58 Gb Free Space | 13.16% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 205.77 Gb Free Space | 88.36% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KFC
Current User Name: Colonel Sanders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/24 22:45:34 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\AV\OTL.exe
PRC - [2009/11/08 01:30:33 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/20 20:34:38 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/07/10 01:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 02:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe


========== Modules (SafeList) ==========

MOD - [2009/11/24 22:45:34 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\AV\OTL.exe
MOD - [2009/11/24 01:05:49 | 00,109,072 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll
MOD - [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 00:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (StarWindServiceAE)
SRV - File not found -- -- (mi-raysat_3dsMax2009_32)
SRV - File not found -- -- (IPClampService)
SRV - File not found -- -- (ekrn)
SRV - File not found -- -- (EhttpSrv)
SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/16 03:15:52 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/05/15 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/03/31 08:44:48 | 00,047,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2009/03/30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 02:23:32 | 00,254,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 02:23:24 | 00,366,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/10 01:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/04/26 16:50:12 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 00:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/03/10 18:47:10 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/12 15:10:26 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/01/04 14:46:25 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/08/04 09:10:15 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/07/27 09:41:38 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\S-1-5-21-789336058-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1220945662-725345543-1003\S-1-5-21-789336058-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50ie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/|http://www.guildportal.com/Guild.aspx?GuildID=108397&TabID=926557"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.7.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07061050
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/02 18:15:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/23 03:00:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 01:30:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/08 01:30:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2008/07/02 07:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Extensions
[2008/07/02 07:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/25 15:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions
[2009/09/27 13:18:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/17 15:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/07/20 20:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/11/19 17:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2007/10/20 20:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\moveplayer@movenetworks.com
[2009/11/17 16:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\extensions\yyginstantplay@yoyogames.com
[2008/04/29 19:23:17 | 00,001,010 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\aimsearch.gif
[2008/04/29 19:23:17 | 00,000,301 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\aimsearch.src
[2008/04/26 15:36:23 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\aimsearch.xml
[2009/10/09 10:28:44 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla\Firefox\Profiles\63007lew.default\searchplugins\daemon-search.xml
[2009/11/25 15:36:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/08 01:30:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/25 14:36:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/25 15:33:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/10/02 18:15:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/10/03 14:49:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/24 01:01:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/11/08 01:30:32 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/08 01:30:32 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/09/18 18:02:38 | 00,028,672 | ---- | M] (flashget) -- C:\Program Files\Mozilla Firefox\components\FlashgetXpi.dll
[2004/07/02 13:51:00 | 00,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
[2009/09/25 16:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2004/07/02 13:51:00 | 00,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
[2008/06/17 15:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/07/31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 16:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 16:41:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/11 20:14:46 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2007/08/15 19:15:12 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2009/11/08 01:30:35 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/10/14 20:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/01/03 12:58:53 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/01/03 12:58:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/04/04 13:15:23 | 01,212,416 | ---- | M] (cedelia) -- C:\Program Files\Mozilla Firefox\plugins\NPStreamPlug.dll
[2009/09/25 16:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/19 08:32:58 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/19 08:32:58 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/19 08:32:58 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/19 08:32:58 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/19 08:32:59 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/19 08:32:59 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/19 08:32:59 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/19 08:32:59 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (357700 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 12271 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\PartyPoker\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\PartyPoker\PartyPoker\RunApp.exe File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - D:\Games\Bodog Poker\BPGame.exe (Bodog)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O15 - HKLM\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-789336058-1220945662-725345543-1003\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.150.102.4 10.150.102.5
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/25 19:54:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0d8e071c-a5ed-11de-8ac0-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{0d8e071c-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d8e071c-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{0d8e071e-a5ed-11de-8ac0-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{0d8e071e-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d8e071e-a5ed-11de-8ac0-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{41110d4f-ab95-11de-8acd-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{41110d4f-ab95-11de-8acd-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41110d4f-ab95-11de-8acd-00196622d7dd}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{884fb3dc-a575-11de-8abf-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{884fb3dc-a575-11de-8abf-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{884fb3dc-a575-11de-8abf-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{884fb3de-a575-11de-8abf-00196622d7dd}\Shell - "" = AutoRun
O33 - MountPoints2\{884fb3de-a575-11de-8abf-00196622d7dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{884fb3de-a575-11de-8abf-00196622d7dd}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (oodbs) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/09/19 23:19:49 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2009/11/26 02:49:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\Temporary Projects
[2009/11/26 00:32:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\Progs
[2009/11/25 22:59:16 | 00,421,888 | ---- | C] (e-academy Inc.) -- C:\Documents and Settings\Colonel Sanders\Desktop\Downloader_for_VS_2008_Express_with_SP1.exe
[2009/11/25 22:29:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\My Documents\My Device Emulators
[2009/11/25 22:29:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\All Device Emulators
[2009/11/25 16:21:46 | 00,421,888 | ---- | C] (e-academy Inc.) -- C:\Documents and Settings\Colonel Sanders\Desktop\Downloader_for_MSDN_Lib_for_VS2008.exe
[2009/11/25 16:11:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\AV
[2009/11/25 15:34:00 | 00,421,888 | ---- | C] (e-academy Inc.) -- C:\Documents and Settings\Colonel Sanders\Desktop\downloader_for_visual_studio_2008_pro.exe
[2009/11/25 13:49:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/25 13:43:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/11/24 18:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Application Data\Malwarebytes
[2009/11/24 18:25:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/24 18:25:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/24 18:25:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/24 18:25:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/24 01:07:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/24 00:59:34 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/11/24 00:59:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/11/24 00:59:03 | 00,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/11/24 00:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/11/20 13:20:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\UDO
[2009/11/19 22:37:59 | 00,000,000 | ---D | C] -- C:\Program Files\Your Freedom
[2009/11/19 17:08:33 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 17:04:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Application Data\QuickScan
[2009/11/19 15:03:48 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/17 16:48:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\My Documents\YoYoGames
[2009/11/17 16:48:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/11/17 14:24:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\GameLearn
[2009/11/15 23:25:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\Cache
[2009/11/15 14:43:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colonel Sanders\Desktop\Rawr v2.2.27
[2009/09/03 16:10:04 | 00,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\sbcrreag.dll
[2007/04/09 11:32:58 | 00,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 14 Days ==========

[2009/11/26 02:36:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/26 02:36:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/26 02:34:18 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Colonel Sanders\ntuser.ini
[2009/11/26 02:34:17 | 22,806,528 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\ntuser.dat
[2009/11/25 23:51:16 | 00,082,144 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/25 23:42:12 | 00,000,685 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Microsoft Visual C# 2008 Express Edition.lnk
[2009/11/25 23:37:30 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/25 23:33:09 | 01,583,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/25 22:59:22 | 00,421,888 | ---- | M] (e-academy Inc.) -- C:\Documents and Settings\Colonel Sanders\Desktop\Downloader_for_VS_2008_Express_with_SP1.exe
[2009/11/25 22:16:28 | 00,073,226 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\.ems.cfg
[2009/11/25 21:58:00 | 00,002,351 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProxyCap.lnk
[2009/11/25 17:26:51 | 00,000,687 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Shortcut to Temp.lnk
[2009/11/25 17:24:22 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/11/25 16:50:24 | 00,005,430 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\My Documents\cc_20091125_165020.reg
[2009/11/25 16:50:02 | 00,226,188 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\My Documents\cc_20091125_164957.reg
[2009/11/25 16:49:25 | 01,680,870 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\My Documents\cc_20091125_164835.reg
[2009/11/25 16:46:20 | 00,991,384 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\My Documents\cc_20091125_164536.reg
[2009/11/25 16:21:47 | 00,421,888 | ---- | M] (e-academy Inc.) -- C:\Documents and Settings\Colonel Sanders\Desktop\Downloader_for_MSDN_Lib_for_VS2008.exe
[2009/11/25 16:10:16 | 00,000,172 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/11/25 15:59:25 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Microsoft Visual Studio 2008.lnk
[2009/11/25 15:42:40 | 00,607,322 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/25 15:42:40 | 00,509,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/25 15:42:40 | 00,097,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/25 15:34:02 | 00,421,888 | ---- | M] (e-academy Inc.) -- C:\Documents and Settings\Colonel Sanders\Desktop\downloader_for_visual_studio_2008_pro.exe
[2009/11/24 23:34:39 | 01,601,574 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\I m a Hunter - World of Warcraft Hunter Song.mp3
[2009/11/24 13:02:19 | 00,000,312 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Curse Client.appref-ms
[2009/11/24 02:28:55 | 00,000,081 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Infected with Keylogger!.URL
[2009/11/24 01:54:04 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Desktop\settings.dat
[2009/11/24 01:05:48 | 00,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/11/24 01:01:22 | 00,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/11/24 01:01:22 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/11/24 00:57:09 | 00,002,621 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/23 20:36:55 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/23 03:28:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/19 22:38:06 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Your Freedom.lnk
[2009/11/19 17:08:33 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 14:27:12 | 00,357,700 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2009/11/26 00:01:55 | 00,000,685 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Microsoft Visual C# 2008 Express Edition.lnk
[2009/11/25 17:26:51 | 00,000,687 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Shortcut to Temp.lnk
[2009/11/25 17:15:33 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Microsoft Visual Studio 2008.lnk
[2009/11/25 16:50:21 | 00,005,430 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\My Documents\cc_20091125_165020.reg
[2009/11/25 16:49:58 | 00,226,188 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\My Documents\cc_20091125_164957.reg
[2009/11/25 16:48:36 | 01,680,870 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\My Documents\cc_20091125_164835.reg
[2009/11/25 16:45:37 | 00,991,384 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\My Documents\cc_20091125_164536.reg
[2009/11/24 23:34:38 | 01,601,574 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\I m a Hunter - World of Warcraft Hunter Song.mp3
[2009/11/24 13:02:19 | 00,000,312 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Curse Client.appref-ms
[2009/11/24 02:28:55 | 00,000,081 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\Infected with Keylogger!.URL
[2009/11/24 01:54:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Desktop\settings.dat
[2009/11/24 01:01:22 | 00,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/11/24 01:01:22 | 00,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/11/19 22:38:06 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Your Freedom.lnk
[2009/11/19 17:08:33 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\housecall.guid.cache
[2009/10/27 15:28:17 | 00,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2009/10/10 13:59:52 | 00,000,339 | ---- | C] () -- C:\WINDOWS\GLIDER.INI
[2009/10/09 12:05:23 | 00,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/28 23:45:00 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\PUTTY.RND
[2009/09/28 23:39:44 | 00,000,350 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Current.prx
[2009/09/20 16:36:19 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/06/13 15:27:52 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7BED8F12-695F-48DF-B705-15878BE1FDED}_WiseFW.ini
[2008/06/13 14:38:23 | 00,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2008/06/13 14:38:23 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2008/06/10 10:14:23 | 00,000,110 | ---- | C] () -- C:\WINDOWS\plugin.ini
[2008/06/10 10:01:59 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{1A7EC1C1-CF8D-42DF-86B3-FC3A87FC8F85}_WiseFW.ini
[2008/06/06 13:15:06 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/06/06 13:14:32 | 00,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2008/04/29 19:26:22 | 00,000,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/03/19 21:00:47 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/03/11 16:47:04 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\ibfs32.dll
[2008/02/03 21:31:11 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\00104run.ini
[2008/01/09 13:23:00 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/09 13:22:58 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\PnkBstrK.sys
[2008/01/09 13:22:13 | 00,000,283 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/01/04 14:48:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/12/28 14:00:00 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\fusioncache.dat
[2007/12/26 16:20:58 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2007/12/21 09:21:36 | 00,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys
[2007/12/04 19:12:54 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2007/12/02 14:38:42 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2007/12/02 14:18:06 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2007/11/25 20:42:42 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/10/22 18:47:45 | 00,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/10/22 18:47:45 | 00,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/10 09:35:02 | 00,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2007/10/10 09:35:02 | 00,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2007/09/23 16:15:26 | 00,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2007/09/21 11:44:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/08/25 14:03:51 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/22 01:02:55 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2007/08/22 01:02:55 | 00,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2007/08/22 01:02:55 | 00,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2007/08/22 01:02:55 | 00,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2007/08/22 01:02:55 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2007/08/22 01:02:55 | 00,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2007/08/22 01:02:55 | 00,002,941 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2007/08/22 01:02:55 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2007/08/22 01:02:55 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2007/08/22 01:02:55 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2007/08/22 01:02:55 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2007/08/22 01:02:55 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2007/08/22 01:01:31 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/08/21 23:32:52 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/21 23:32:52 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/21 20:46:34 | 00,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/08/17 15:41:35 | 00,003,304 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\glide_wrapper.zbag.ini
[2007/08/08 01:36:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2007/08/07 14:16:12 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/07/29 09:52:17 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/07/29 09:51:42 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/29 09:51:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/29 09:51:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/07/25 20:40:02 | 00,157,696 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/25 20:39:03 | 00,607,322 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2007/07/25 20:39:01 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/25 20:38:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/07/25 20:11:58 | 00,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/25 20:06:05 | 03,340,338 | -H-- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\IconCache.db
[2007/07/25 20:03:56 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/07/25 20:02:28 | 00,082,144 | ---- | C] () -- C:\Documents and Settings\Colonel Sanders\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/07/25 20:02:13 | 00,004,711 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/07/25 20:02:12 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/07/25 20:00:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Colonel Sanders\Application Data\desktop.ini
[2007/07/25 19:54:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2007/07/25 19:50:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2007/07/25 19:50:16 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2007/07/25 19:49:12 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2007/07/25 19:49:11 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2007/07/25 16:15:38 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/05/21 10:26:46 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2007/05/21 10:26:45 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2007/05/21 10:26:45 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2007/05/21 10:26:44 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\ea2mt06.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/05/21 10:25:47 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/05/21 10:25:47 | 00,000,337 | ---- | C] () -- C:\WINDOWS\System32\enviwhi.dll
[2007/05/21 10:25:47 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2007/05/21 10:25:47 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/05/21 10:25:47 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\wazzoc8.dll
[2007/05/21 10:25:33 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2007/04/12 07:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2006/08/11 13:57:18 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/05/23 11:40:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/06/16 17:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/08/03 23:56:46 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/03 23:56:46 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/03 23:56:44 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/03 23:56:44 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/03 23:56:44 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/03 23:56:44 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/03 23:56:42 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/03 23:56:42 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/03 23:56:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/03 23:56:14 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/03 21:46:56 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/03 21:45:16 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/03 21:45:16 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/03 21:45:14 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/03 21:45:12 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/03 21:45:10 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/07/17 10:46:14 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/07/17 10:34:48 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/01/31 23:00:00 | 00,092,660 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2001/08/23 12:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001/08/23 12:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001/08/23 12:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001/08/23 12:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001/08/23 12:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001/08/23 12:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001/08/23 12:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001/08/23 12:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001/08/23 12:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001/08/23 12:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001/08/23 12:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001/08/23 12:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2001/08/23 12:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001/08/23 12:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2001/08/23 12:00:00 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2001/08/23 12:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001/08/23 12:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001/08/23 12:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001/08/23 12:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001/08/23 12:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2001/08/23 12:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2001/08/23 12:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2001/08/23 12:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2001/08/23 12:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2001/08/23 12:00:00 | 00,000,694 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 12:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001/08/23 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/17 22:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1996/04/03 19:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/09 13:16:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/04/26 15:34:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/04/13 22:12:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/07/25 20:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/07/25 20:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/06/27 13:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/07/02 08:38:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/10/29 22:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/08/21 23:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/11/25 14:32:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2008/10/15 09:37:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/20 07:04:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2008/01/20 20:13:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2009/10/09 10:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/09 10:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/05/17 16:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2007/07/25 20:38:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/07/23 12:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2008/05/27 20:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eset
[2007/10/09 17:36:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/05/18 17:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training
[2008/04/29 19:35:27 | 00,000,386 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/21 23:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2007/12/26 16:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/11/26 02:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/11/24 00:57:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/11/24 18:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/09 11:54:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/25 23:42:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2007/09/23 16:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/07/29 09:20:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2007/11/04 13:04:58 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/10/13 12:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2009/10/03 14:59:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007/12/10 16:44:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidWorks
[2009/11/25 16:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/25 15:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/28 12:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2007/08/22 18:26:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/07/02 07:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/07/25 21:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/17 16:49:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/01/03 13:02:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/07/15 17:42:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Adobe
[2007/12/13 21:12:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\AdobeUM
[2008/03/10 19:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Ansys
[2007/08/05 16:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Apple Computer
[2007/11/25 20:53:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\ATI
[2007/11/25 16:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\atitray
[2008/03/10 19:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Autodesk
[2007/08/21 23:36:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\AVS4YOU
[2007/10/01 14:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\BITS
[2009/10/27 11:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\bmttut1
[2009/10/27 14:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\bmttut2
[2009/10/27 14:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\bmttut3
[2007/08/26 14:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Canon
[2007/07/26 15:27:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Command & Conquer 3 Tiberium Wars
[2007/10/22 18:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Creative
[2009/10/08 16:11:19 | 00,000,350 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\Current.prx
[2009/10/09 10:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DAEMON Tools
[2009/10/09 10:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DAEMON Tools Lite
[2009/11/25 15:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DAEMON Tools Pro
[2007/12/10 17:30:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DassaultSystemes
[2007/07/25 20:38:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\desktop.ini
[2009/10/28 11:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DivX
[2008/07/17 11:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\dvdcss
[2008/01/04 14:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\DWGeditor
[2008/02/03 21:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\EDrawings
[2008/06/14 16:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\ESET
[2007/10/20 20:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Firefox
[2009/09/27 18:47:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\GetRightToGo
[2007/08/18 22:53:41 | 00,003,304 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\glide_wrapper.zbag.ini
[2008/02/04 17:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\GSC
[2007/07/25 20:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Identities
[2008/09/16 17:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\IM
[2007/08/05 15:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Imagenomic
[2007/07/26 21:40:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\IMVU
[2009/09/26 18:11:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\InstallShield
[2007/12/26 16:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\iolo
[2008/11/15 23:07:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\LimeWire
[2009/10/08 22:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Macromedia
[2009/11/24 18:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Malwarebytes
[2009/10/09 11:54:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Microsoft
[2007/12/28 13:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\mIRC
[2007/10/20 20:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Move Networks
[2008/07/02 07:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Mozilla
[2009/10/09 13:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Notepad++
[2008/01/09 13:22:58 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\Colonel Sanders\Application Data\PnkBstrK.sys
[2009/10/02 17:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\ProxyCap
[2009/11/19 17:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\QuickScan
[2008/07/02 07:39:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Real
[2007/07/25 14:49:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SecuROM
[2009/11/26 02:22:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Skype
[2009/11/25 22:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\skypePM
[2008/07/09 19:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SolidWorks
[2007/12/10 16:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SolidWorks 2008
[2008/06/30 17:23:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\SolidWorksNewsReader
[2009/06/27 13:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Spybot - Search & Destroy
[2007/07/25 17:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Sun
[2007/12/02 14:49:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\teamspeak2
[2007/08/22 18:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\TuneUp Software
[2009/11/19 22:34:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\uTorrent
[2009/01/28 19:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\Ventrilo
[2007/07/25 21:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\vlc
[2007/08/20 17:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colonel Sanders\Application Data\WinRAR
[2007/07/25 20:38:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Application Data\desktop.ini
[2007/12/28 22:46:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2009/10/29 22:31:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/29 22:31:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/28 16:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2001/08/23 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/26 02:36:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

========== Files - Unicode (All) ==========
[2008/03/02 21:19:38 | 00,011,394 | ---- | M] ()(C:\Documents and Settings\Colonel Sanders\My Documents\Th?r?s a Point In Your Lif?.docx) -- C:\Documents and Settings\Colonel Sanders\My Documents\Thєrєs a Point In Your Lifє.docx
[2008/03/02 21:19:38 | 00,011,394 | ---- | C] ()(C:\Documents and Settings\Colonel Sanders\My Documents\Th?r?s a Point In Your Lif?.docx) -- C:\Documents and Settings\Colonel Sanders\My Documents\Thєrєs a Point In Your Lifє.docx
< End of report >

-----

Note: I had to reinstall Visual Studio for my University work as I mentioned. I also took liberty to uninstall SpywareDoctor, along with disabling Curse from running at startup. Seems to have made a bit of difference but still getting the large stall, with Services.exe and Svchost.exe eating half my processor in the task manager.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:12 PM

Posted 27 November 2009 - 11:30 AM

Here's your culprit.

========== Processes (SafeList) ==========

PRC - [2009/11/24 22:45:34 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colonel Sanders\Desktop\AV\OTL.exe
PRC - [2009/11/08 01:30:33 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/20 20:34:38 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/07/10 01:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 02:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

SRV - [2009/03/30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:12 PM

Posted 13 December 2009 - 11:36 AM

As there has been no response, this topic will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users