Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with numerous virses - NT AUTHORITY\SYSTEM (Win32.Trojan.KillAV ??), someethics.exe, google redirect virus, and possibly Cyber security


  • This topic is locked This topic is locked
34 replies to this topic

#1 hoolahoop

hoolahoop

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 30 January 2010 - 05:53 PM

Hi, please help!

A few weeks ago I noticed that every time i clicked on a link in the Google search results, the browser would redirect to a completely different site - and often one that was obviously bogus. They were different sites every time. Every time this happened, I closed down the browser immediately.

Occasionally, a new tab or window would pop up followed by a message box. The message box would be a variation of: Warning!! You should install security software! Cyber Security is a good solution for your security, virus protection and spyware remover." The browser would then show the fake "scan" of my computer telling me how many threats I had and that my computer was infected. I've now done enough searches through help forums such as this to know it is bogus!

Please note, I never actually downloaded anything when this occurred, and after doing multiple checks using other instruction forums, I do not believe I'm infected with the Cyber Security virus - however, I won't rule it out either!

Then my computer started getting the System Shutdown message:

This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM
Time before shutdown: 00:00:59
Message: Windows must now restart because the DCOM Server Process Launcher service terminated expectantly

After the count down from 59 secs, it then shuts down and restarts.

I have Zone Alarm Internet Security - I made sure everything was on high protection, I did an update, ran a scan, then ran an Ultra Deep Scan and a Rootkit Scan - it found a few things but everything was still occurring. A Zone Alarm forum recommended doing an Ultra Deep Scan in Safe Mode with Networking, however when I tried to do this, the computer just kept coming back to the same dos screen with all the 'how to open' options (i.e Safe Mode....)

I then did Google searches for possible solutions (I could right click, select Save Link or Target, and the paste into the browser address bar) and have now downloaded and run the following programs:

MBAM
Superantispyware
A squared
File Anlyzer

Once, out of curiosity, I checked with Zone Alarm how it was categorizing the programs on my computer (i.e. save, no threat, etc). I found a strange program name called SomeEthics.exe - it sounded dodgy to me but a google search could find only this information:

The filename is associated with the malware group: Banking Info Stealer
SOMEETHICS.EXE has been seen to perform the following behavior:
* Uses rootkit techniques to conceal its presence, interrogation or removal
* Found on infected systems and resists interrogation by security products
* Uses low level functions to hide itself from the user and from system/security processes
The filename SOMEETHICS.EXE was first seen on Jan 12 2010 in the following geographical regions of the Prevx community:
* Australia on Jan 12 2010
* The United States on Jan 12 2010
SOMEETHICS.EXE can also use the following file names:
* LOAD[1].EXE
* JBKJ.EXE
* 160.TMP
* SDRA64.EXE
* 62.TMP
This file has been seen with the following file size: 135,168 bytes
The filename SOMEETHICS.EXE refers to an executable program.

After finding this info, I think I did a silly thing - in Zone Alarm, I right clicked over the program name and selected remove - not actually sure if that did anything except it remove from the list of programs displayed in Zone Alarm.


So now I need your help! A forum on Zone Alarm suggested that if all of the above failed (MBAM, Superantispyware and A squared), that I should post a Hijackthis log to Bleeping Computer.

So here I am, throwing myself at your mercy!!!

Here is the DDS.txt file (and I have uploaded the Attach.txt and Ark.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by Black Bunny at 8:42:14.48 on Sun 31/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.228 [GMT 11:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\twain_32\L3U16\WATCH.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Black Bunny\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://security.symantec.com/default.asp?productid=NIS2006&langid=en-us&venid=sym
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\watch.lnk - c:\windows\twain_32\l3u16\WATCH.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
TCP: {8A2D8341-95AE-4CE2-9DDC-604A559934C2} = 61.8.0.113,210.23.129.34
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\blackb~1\applic~1\mozilla\firefox\profiles\27e0q8w2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\black bunny\application data\mozilla\firefox\profiles\27e0q8w2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-1-10 128016]
R1 SASDIFSV;SASDIFSV;c:\docume~1\blackb~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-1-21 9968]
R1 SASKUTIL;SASKUTIL;c:\docume~1\blackb~1\locals~1\temp\sas_selfextract\SASKUTIL.sys [2010-1-21 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-4-22 486280]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-1-22 1858144]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-15 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-15 476528]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-10-26 1174152]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-7 61952]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-4-10 106808]
S3 GT681x;%GrandTechICNameNT%;c:\windows\system32\drivers\gt681x.sys [2007-7-13 18120]
S3 SASENUM;SASENUM;\??\c:\docume~1\blackb~1\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\blackb~1\locals~1\temp\sas_selfextract\SASENUM.SYS [?]

=============== Created Last 30 ================

2010-01-27 03:19:34 0 d-----w- c:\windows\system32\NtmsData
2010-01-26 04:14:21 4956 ----a-w- c:\windows\system32\tmp.reg
2010-01-26 03:48:10 0 d-----w- c:\program files\Registry Easy
2010-01-22 11:24:18 0 d-----w- c:\program files\a-squared Free
2010-01-22 10:45:15 12800 ------w- c:\documents and settings\black bunny\test
2010-01-21 12:40:41 0 d-----w- c:\docume~1\blackb~1\applic~1\SUPERAntiSpyware.com
2010-01-21 12:40:41 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-21 11:58:30 0 d-----w- c:\docume~1\blackb~1\applic~1\Malwarebytes
2010-01-21 11:58:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-21 11:58:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-21 11:58:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-21 11:56:41 0 d-----w- c:\program files\MBAM
2010-01-21 09:21:03 0 d-----w- c:\program files\KB824146Scan
2010-01-17 04:11:00 0 d-----w- c:\program files\Safer Networking
2010-01-16 06:54:20 764868 ------w- c:\windows\system32\dllcache\apph_sp.sdb
2010-01-16 06:54:20 217118 ------w- c:\windows\system32\dllcache\apphelp.sdb
2010-01-13 06:15:11 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 20:42:13 0 d-sh--w- c:\documents and settings\black bunny\PrivacIE
2010-01-11 09:10:05 0 d-sh--w- c:\documents and settings\black bunny\IECompatCache
2010-01-10 05:47:09 0 d-sh--w- c:\documents and settings\black bunny\IETldCache
2010-01-10 05:16:26 0 d-----w- c:\documents and settings\black bunny\Downloads
2010-01-10 04:57:05 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-10 04:57:02 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-10 04:56:10 0 d-----w- c:\windows\ie8updates
2010-01-10 04:49:54 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-10 04:47:39 0 dc-h--w- c:\windows\ie8
2010-01-10 04:25:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky SDK
2010-01-10 04:15:22 0 d-----w- c:\docume~1\blackb~1\applic~1\CheckPoint
2010-01-10 04:14:49 0 d-----w- c:\program files\CheckPoint
2010-01-10 04:14:44 128016 ----a-w- c:\windows\system32\drivers\kl1.sys

==================== Find3M ====================

2010-01-30 21:25:47 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-10 04:02:58 139775 ----a-w- c:\windows\hpoins15.dat
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 19:14:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2004-01-19 03:31:00 153600 ----a-w- c:\program files\ltfil13n.DLL
2004-01-19 02:31:06 27648 ----a-w- c:\program files\lfiff13n.dll
2004-01-19 02:31:06 20480 ----a-w- c:\program files\lfCUT13n.dll
2004-01-19 01:33:08 206848 ----a-w- c:\program files\ltefx13n.dll
2004-01-19 01:31:50 453120 ----a-w- c:\program files\ltkrn13n.dll
2004-01-19 01:12:00 89600 ----a-w- c:\program files\Lfcgm13n.dll
2004-01-19 00:49:52 278016 ----a-w- c:\program files\LFJ2K13n.dll
2004-01-19 00:49:08 180736 ----a-w- c:\program files\Lfpng13n.dll
2004-01-19 00:47:36 76800 ----a-w- c:\program files\Lfwmf13n.dll
2004-01-19 00:47:04 509440 ----a-w- c:\program files\LFCMW13n.dll
2004-01-19 00:45:38 420352 ----a-w- c:\program files\LFCMP13n.DLL
2004-01-19 00:44:52 143872 ----a-w- c:\program files\lftif13n.dll
2004-01-19 00:36:48 56832 ----a-w- c:\program files\lfpsd13n.dll
2004-01-19 00:36:36 19968 ----a-w- c:\program files\lfpcd13n.dll
2004-01-19 00:36:32 26624 ----a-w- c:\program files\lfpcx13n.dll
2004-01-19 00:36:24 65536 ----a-w- c:\program files\Lfpct13n.dll
2004-01-19 00:36:18 18944 ----a-w- c:\program files\lfmsp13n.dll
2004-01-19 00:35:56 18944 ----a-w- c:\program files\lfmac13n.dll
2004-01-19 00:35:34 20992 ----a-w- c:\program files\lfimg13n.dll
2004-01-19 00:34:50 31744 ----a-w- c:\program files\lfclp13n.dll
2004-01-19 00:34:42 30208 ----a-w- c:\program files\lfbmp13n.dll
2004-01-19 00:33:48 444928 ----a-w- c:\program files\ltimg13n.dll
2004-01-19 00:32:18 265216 ----a-w- c:\program files\LTDIS13n.dll
2000-05-01 17:17:00 212480 ----a-w- c:\program files\PCDLIB32.DLL
1999-11-18 12:00:00 284032 ----a-w- c:\program files\XceedZip.dll
2007-03-27 11:32:32 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 8:45:55.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:48 PM

Posted 07 February 2010 - 11:02 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 hoolahoop

hoolahoop
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 08 February 2010 - 06:18 AM

Thank you thumbup2.gif

I've attached the DDS.txt and Attach.zip.

When I tried to copy and paste the GMER log, I got a Bleeping Computer error message saying my post was too long.

I've attached the GMER.log file, but is the right one? After GMER had run through the scan (V long time!) my computer just went extremely slow and I couldn't open anything. I could right click on a document name, but it would take a long time for the right click options to show. And then it wouldn't let me do anything. So I wasn't able to copy the contents from the GMER Copy button into a notepad or similar file.
In the end, I did a manual shutdown, and have now attached the GMER log file.

I hope this is helpful. If not, please let me know what to do next!

With thanks,
HH

Attached Files



#4 hoolahoop

hoolahoop
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 08 February 2010 - 06:19 AM

Sorry...I've just seen the last note on your post.

I'll try running GMER in Safe Mode and see what happens...

Thanks again,
HH

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:48 PM

Posted 09 February 2010 - 01:19 PM

Let me know if it worked smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 hoolahoop

hoolahoop
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 09 February 2010 - 10:13 PM

sad.gif

My computer will not open in Safe Mode or in Safe Mode with Networking. When I select one of these options, I get a blue screen and then a message saying unfortunately Windows did not open correctly, etc etc. I've tried these two safe modes before selecting Start Windows Normally.

sad.gif

Let me know if I need to run DDS and GMER again.

With thanks,
HH

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:48 PM

Posted 10 February 2010 - 03:05 PM

Hello, hoolahoop
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 hoolahoop

hoolahoop
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 11 February 2010 - 11:25 PM

excl.gif

OH NO!

I cannot get into my computer - when I switch it on, it asks me how I would like to start (safe mode, with networking, normally, etc). I doean't matter which option I select, it just keeps coming back to this screen.

I tried hitting F8 repeatedly and I did get a different screen with the following options:

Windows Advanced Options Menu

Safe Mode
Safe mode with networking
Safe mode with command prompt
Enable boot ogging
Enable VGA mode
Last known good configuration
Directory services restore mode (windows doman controllers only)
Debugging mode
Disable automatic restart on system failure
Start windows normally
Reboot
Return to OS choices menu


I tried some of the obvious ones (safe mode, last good configuration, start windows normally) but these did not work.

Please advise next steps!

With many thanks (and hope in my heart)
HH

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:48 PM

Posted 13 February 2010 - 12:50 PM

What did you do last before getting this issue?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 hoolahoop

hoolahoop
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 13 February 2010 - 09:52 PM

The only things I've done are described in my last few posts.

After GMER had run through the scan my computer just went extremely slow and I couldn't open anything. I could right click on a document name, but it would take a long time for the right click options to show. And then it wouldn't let me do anything. So I wasn't able to copy the contents from the GMER Copy button into a notepad or similar file.
In the end, I did a manual shutdown.

After that I tried to open in safe mode or safe mode with networking, but it kept looping back (to the screen you get when hit F8 at turning on). It would only let me open in Start Windows Normally.

I did that, posted to bleeping computer - and I think opened Outlook and downloaded email, but there was nothing out of the ordinary or from an unknown source.

I shut down the computer and when I next tried to open it, nothing, just as per my last post.

Help!
HH

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:48 PM

Posted 14 February 2010 - 06:48 AM

Hi,


OK this file is big Print these instruction out so that you know what you are doing

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 hoolahoop

hoolahoop
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 14 February 2010 - 11:18 PM

Thanks for this advice.

It might take me a few days to get the program downloaded to a CD and do the reboot...just in case you wonder where I am smile.gif

Thanks again,
HH

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:48 PM

Posted 15 February 2010 - 11:12 AM

Ok smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 hoolahoop

hoolahoop
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 17 February 2010 - 08:26 PM

Hi again,

Sorry, its taking me a bit longer than anticipated, but I'm still working on getting the progam onto a CD. Will update you again soon.

Thanks for your patience!

Cheers,
HH

#15 hoolahoop

hoolahoop
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 18 February 2010 - 05:40 AM

OK! Finally, some action from HH...

Just a note...Part of your instructions said to "change Drivers to Non-Microsoft" however this was not an option. The only options were "None", "Safe List" (whcih was selected by default) and "All".

I kept it on the default setting - "Safe List". Let me know if it needs to be run with a different option.

With thanks,
HH


Here is the OTL.txt file:

-------------------------------------------

OTL logfile created on: 2/18/2010 8:31:04 PM - Run
OTLPE by OldTimer - Version 3.1.29.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,022.00 Mb Total Physical Memory | 803.00 Mb Available Physical Memory | 79.00% Memory free
906.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.54 Gb Total Space | 22.99 Gb Free Space | 22.65% Space Free | Partition Type: NTFS
Drive D: | 9.22 Gb Total Space | 1.18 Gb Free Space | 12.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (winvnc)
SRV - [2009/12/17 00:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/11/12 00:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/16 09:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 08:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/10/01 00:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/08/26 06:41:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/22 06:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2009/06/22 06:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2009/06/04 20:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/30 22:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/04/23 08:00:06 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/11 20:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/12/13 03:10:56 | 000,447,784 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/12/02 22:21:24 | 000,869,672 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007/03/29 08:35:41 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/11 06:02:52 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/11 05:24:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/01/18 21:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/11/08 00:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 00:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 04:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/25 23:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/07/25 03:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 03:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/20 00:58:00 | 000,143,426 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/06/12 00:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 03:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/11 22:27:16 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/05/02 02:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2006/04/13 19:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/11/13 09:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/04/30 01:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Kernel | Boot] -- -- (srescan)
DRV - File not found [Kernel | On_Demand] -- -- (SASENUM)
DRV - File not found [Kernel | On_Demand] -- -- (rootrepeal)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/01/20 13:39:46 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Documents and Settings\Black Bunny\Local Settings\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/20 13:39:46 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Documents and Settings\Black Bunny\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/16 09:39:42 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/14 08:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/10/12 02:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/28 04:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2009/05/17 23:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/04/09 03:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl)
DRV - [2007/04/09 03:00:00 | 000,106,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007/03/07 23:20:50 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/07 23:20:49 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/07 23:20:48 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/10/26 01:21:19 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/09/28 14:23:34 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/09/27 16:53:22 | 000,036,560 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2006/07/20 00:58:00 | 003,685,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/05 19:28:58 | 000,047,744 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/06/16 23:40:56 | 000,193,120 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/06/06 15:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/02 10:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 15:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/11 22:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/04/20 11:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 11:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 11:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/11 06:07:48 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/02/15 06:57:46 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/22 12:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 15:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 13:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 04:07:12 | 000,874,240 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/09/19 01:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 01:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 01:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/01/07 04:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 16:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 16:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 16:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 09:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 09:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 08:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/09/22 23:49:44 | 000,068,672 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP)
DRV - [2001/08/26 19:09:14 | 000,018,120 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gt681x.sys -- (GT681x)
DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Black_Bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Black_Bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/


FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/01/14 02:07:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/25 20:54:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/25 22:08:43 | 000,000,000 | ---D | M]

[2010/02/08 04:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/26 05:40:14 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKU\Black_Bunny_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Black_Bunny_ON_C\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKU\Black_Bunny_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\Black_Bunny_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Black_Bunny_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Black_Bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/Facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/29 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 20:28:44 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/02/18 20:26:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/02/18 20:26:53 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/02/18 20:26:53 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/02/18 20:26:53 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/02/18 20:26:53 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/02/18 20:26:53 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/02/18 20:26:53 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/02/18 20:26:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/02/18 20:26:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/02/18 20:26:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/02/18 20:26:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/02/18 20:26:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/02/18 20:26:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/02/18 20:26:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/02/18 20:26:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/02/18 20:26:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/02/18 20:26:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/12 15:36:22 | 000,000,000 | R--D | C] -- \I386
[2010/02/12 15:35:30 | 000,000,000 | R--D | C] -- \SFX
[2010/02/12 15:30:47 | 000,000,000 | R--D | C] -- \PROGRAMS
[2010/02/09 22:19:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/01/30 16:49:20 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Black Bunny\Desktop\RootRepeal.exe
[2010/01/26 22:19:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/01/26 21:51:25 | 003,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Black Bunny\Desktop\iexplore.exe
[2010/01/25 22:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2010/01/25 22:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Black Bunny\My Documents\Downloads
[2010/01/25 22:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/01/25 21:00:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010/01/25 20:46:17 | 008,327,264 | ---- | C] (Mozilla) -- C:\Documents and Settings\Black Bunny\Desktop\Firefox Setup 3.6.exe
[2010/01/22 06:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/01/22 06:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Black Bunny\My Documents\a-squared Free
[2010/01/22 05:37:17 | 000,222,720 | ---- | C] (Borland International) -- C:\WINDOWS\System\Bc453rtl.dll
[2010/01/22 05:37:17 | 000,176,128 | ---- | C] (Borland International) -- C:\WINDOWS\System\Cw3215.dll
[2010/01/22 05:37:17 | 000,063,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\Odbcinst.dll
[2010/01/22 05:37:17 | 000,059,856 | ---- | C] (Borland International) -- C:\WINDOWS\System\Bids47.dll
[2010/01/22 05:37:17 | 000,049,152 | ---- | C] (Borland International) -- C:\WINDOWS\System\Bids47f.dll
[2010/01/22 05:37:17 | 000,026,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\Ctl3d.dll
[2010/01/22 05:37:17 | 000,021,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\Ctl3dv2.dll
[2010/01/22 05:37:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\spool
[2010/01/22 05:37:11 | 000,000,000 | ---D | C] -- C:\eti
[2010/01/21 07:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Black Bunny\Application Data\SUPERAntiSpyware.com
[2010/01/21 06:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Black Bunny\Application Data\Malwarebytes
[2010/01/21 06:58:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/21 06:58:18 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/21 06:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\MBAM
[2010/01/21 04:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\KB824146Scan
[2007/07/12 20:00:42 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt681x.sys
[2007/03/27 07:08:27 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnp2uvc.dll
[2005/09/24 10:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2004/01/18 22:31:00 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/01/18 21:31:06 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfiff13n.dll
[2004/01/18 21:31:06 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfCUT13n.dll
[2004/01/18 20:33:08 | 000,206,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/01/18 20:31:50 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/01/18 20:12:00 | 000,089,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfcgm13n.dll
[2004/01/18 19:49:52 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFJ2K13n.dll
[2004/01/18 19:49:08 | 000,180,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/01/18 19:47:36 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwmf13n.dll
[2004/01/18 19:47:04 | 000,509,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMW13n.dll
[2004/01/18 19:45:38 | 000,420,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/01/18 19:44:52 | 000,143,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/01/18 19:36:48 | 000,056,832 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/01/18 19:36:36 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/01/18 19:36:32 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/01/18 19:36:24 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/01/18 19:36:18 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmsp13n.dll
[2004/01/18 19:35:56 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmac13n.dll
[2004/01/18 19:35:34 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfimg13n.dll
[2004/01/18 19:34:50 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfclp13n.dll
[2004/01/18 19:34:42 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll
[2004/01/18 19:33:48 | 000,444,928 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/01/18 19:32:18 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2000/05/01 12:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[1999/11/18 07:00:00 | 000,284,032 | ---- | C] (Xceed Software Inc (450) 442-2626 zip@xceedsoft.com www.xceedsoft.com) -- C:\Program Files\XceedZip.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/18 20:29:16 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/12 15:35:17 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/12 15:35:17 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/12 15:35:16 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/12 15:35:16 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/12 15:35:16 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/12 15:35:16 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/12 15:35:16 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/12 15:35:16 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/12 15:35:16 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/12 15:35:16 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/12 15:35:16 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/12 15:35:16 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/12 15:35:16 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/12 15:35:16 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/12 15:35:16 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/12 15:35:16 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/09 22:24:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 22:24:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 22:23:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 22:19:11 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Black Bunny\NTUSER.DAT
[2010/02/09 22:19:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Black Bunny\ntuser.ini
[2010/02/09 22:17:43 | 000,001,436 | ---- | M] () -- C:\hpqp.ini
[2010/02/09 22:17:40 | 000,000,040 | ---- | M] () -- C:\XP_TV.ini
[2010/02/09 22:17:34 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/09 22:17:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/09 22:16:07 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 22:01:31 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/02/08 04:09:31 | 001,240,310 | ---- | M] () -- C:\Documents and Settings\Black Bunny\My Documents\Virus messages.docx
[2010/02/08 04:05:41 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Black Bunny\Desktop\gyy7oq4s.exe
[2010/02/08 04:04:56 | 000,004,790 | ---- | M] () -- C:\Documents and Settings\Black Bunny\Desktop\Attach.zip
[2010/02/08 03:58:17 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Black Bunny\Desktop\dds(2).scr
[2010/02/08 03:42:15 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Black Bunny\Desktop\Microsoft Office Outlook 2007.lnk
[2010/02/06 20:49:45 | 000,014,370 | ---- | M] () -- C:\Documents and Settings\Black Bunny\My Documents\Greeting card occasions.docx
[2010/01/31 21:51:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/31 21:39:55 | 000,187,878 | ---- | M] () -- C:\Documents and Settings\Black Bunny\My Documents\MULifeguardBaby.pdf
[2010/01/30 18:01:57 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Black Bunny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 16:50:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Black Bunny\Desktop\settings.dat
[2010/01/30 16:49:20 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Black Bunny\Desktop\RootRepeal.exe
[2010/01/30 16:39:58 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Black Bunny\Desktop\dds.scr
[2010/01/26 23:57:08 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Black Bunny\My Documents\2010 Budget.xls
[2010/01/26 22:40:46 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Black Bunny\Desktop\Microsoft Office Excel 2007.lnk
[2010/01/26 21:51:47 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Black Bunny\Desktop\iexplore.exe
[2010/01/26 06:06:24 | 000,382,534 | ---- | M] () -- C:\Documents and Settings\Black Bunny\My Documents\Removal Instructions for Cyber Security .docx
[2010/01/26 05:40:20 | 000,004,956 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/01/25 20:47:03 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\Black Bunny\Desktop\Firefox Setup 3.6.exe
[2010/01/25 19:24:18 | 000,002,525 | ---- | M] () -- C:\WINDOWS\eti.ini
[2010/01/25 15:53:50 | 000,369,664 | ---- | M] () -- C:\Documents and Settings\Black Bunny\My Documents\Nutrition Labels - blank.doc
[2010/01/25 07:06:23 | 003,459,072 | ---- | M] () -- C:\Documents and Settings\Black Bunny\My Documents\Nutrition lables - not needed.doc
[2010/01/25 07:05:55 | 005,211,136 | ---- | M] () -- C:\Documents and Settings\Black Bunny\My Documents\Nutrition Labels.doc
[2010/01/22 08:03:12 | 007,639,432 | ---- | M] () -- C:\Documents and Settings\Black Bunny\My Documents\Nutrition Labels.docx
[2010/01/22 06:44:36 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Black Bunny\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/22 05:45:16 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Black Bunny\test
[2010/01/21 07:40:16 | 009,817,093 | ---- | M] () -- C:\Documents and Settings\Black Bunny\Desktop\SAS_20805.COM
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 20:26:54 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/18 20:26:54 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/18 20:26:54 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/18 20:26:54 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/18 20:26:54 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/18 20:26:54 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/18 20:26:54 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/18 20:26:54 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/18 20:26:54 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/18 20:26:54 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/18 20:26:54 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/18 20:26:54 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/18 20:26:54 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/18 20:26:54 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/18 20:26:54 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/18 20:26:54 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/18 20:26:54 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/12 15:34:57 | 000,001,177 | R--- | C] () -- \reatogoMenu.ini
[2010/02/12 15:30:41 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2010/02/12 15:30:41 | 000,000,000 | R--- | C] () -- \WIN51IP
[2010/02/08 04:05:41 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Desktop\gyy7oq4s.exe
[2010/02/08 04:04:56 | 000,004,790 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Desktop\Attach.zip
[2010/02/08 03:58:17 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Desktop\dds(2).scr
[2010/01/31 21:39:55 | 000,187,878 | ---- | C] () -- C:\Documents and Settings\Black Bunny\My Documents\MULifeguardBaby.pdf
[2010/01/30 16:50:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Desktop\settings.dat
[2010/01/30 16:39:57 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Desktop\dds.scr
[2010/01/26 22:42:00 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Black Bunny\My Documents\2010 Budget.xls
[2010/01/26 06:06:24 | 000,382,534 | ---- | C] () -- C:\Documents and Settings\Black Bunny\My Documents\Removal Instructions for Cyber Security .docx
[2010/01/25 23:14:21 | 000,004,956 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/01/25 20:53:32 | 001,240,310 | ---- | C] () -- C:\Documents and Settings\Black Bunny\My Documents\Virus messages.docx
[2010/01/25 15:53:50 | 000,369,664 | ---- | C] () -- C:\Documents and Settings\Black Bunny\My Documents\Nutrition Labels - blank.doc
[2010/01/25 04:13:54 | 003,459,072 | ---- | C] () -- C:\Documents and Settings\Black Bunny\My Documents\Nutrition lables - not needed.doc
[2010/01/22 08:03:38 | 005,211,136 | ---- | C] () -- C:\Documents and Settings\Black Bunny\My Documents\Nutrition Labels.doc
[2010/01/22 06:44:36 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/22 06:19:10 | 007,639,432 | ---- | C] () -- C:\Documents and Settings\Black Bunny\My Documents\Nutrition Labels.docx
[2010/01/22 05:45:15 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Black Bunny\test
[2010/01/22 05:37:17 | 000,506,560 | ---- | C] () -- C:\WINDOWS\System\Owl253.dll
[2010/01/22 05:37:17 | 000,463,904 | ---- | C] () -- C:\WINDOWS\System\Owl253f.dll
[2010/01/22 05:37:17 | 000,448,642 | ---- | C] () -- C:\WINDOWS\System\Accugld5.dll
[2010/01/22 05:37:17 | 000,044,736 | ---- | C] () -- C:\WINDOWS\System\Odbc.dll
[2010/01/22 05:37:17 | 000,022,651 | ---- | C] () -- C:\WINDOWS\System\Accuifgl.dll
[2010/01/22 05:37:17 | 000,006,496 | ---- | C] () -- C:\WINDOWS\System\Odbcadm.exe
[2010/01/22 05:37:11 | 000,002,525 | ---- | C] () -- C:\WINDOWS\eti.ini
[2010/01/21 07:37:21 | 009,817,093 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Desktop\SAS_20805.COM
[2009/05/05 21:49:01 | 000,038,481 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Application Data\Microsoft Access 97-2003.ADR
[2009/05/04 21:55:10 | 000,025,922 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Application Data\Microsoft Excel 97-2003.ADR
[2009/05/02 02:51:40 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/22 06:48:26 | 000,036,436 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Application Data\Comma Separated Values (Windows).ADR
[2008/01/23 19:20:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/12 17:54:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Local Settings\Application Data\FnF4.txt
[2007/11/04 03:21:07 | 000,152,624 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFS.DLL
[2007/11/04 03:21:07 | 000,021,552 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFM.DLL
[2007/11/04 03:21:06 | 000,002,248 | ---- | C] () -- C:\WINDOWS\1way.ini
[2007/09/26 19:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/26 19:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/26 19:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/12 20:14:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2007/04/22 01:28:01 | 000,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/03/30 08:46:58 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/27 07:11:28 | 000,000,080 | ---- | C] () -- C:\WINDOWS\Umahjong.ini
[2007/03/27 07:05:28 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Local Settings\Application Data\fusioncache.dat
[2007/03/27 07:05:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Local Settings\Application Data\DSwitch.txt
[2007/03/27 07:05:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Local Settings\Application Data\AtStart.txt
[2007/03/27 07:05:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Black Bunny\Local Settings\Application Data\QSwitch.txt
[2006/10/26 02:16:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\QSwitch.txt
[2006/10/26 02:16:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DSwitch.txt
[2006/10/26 02:16:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AtStart.txt
[2006/10/26 01:29:18 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/10/26 01:12:41 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/07/20 00:58:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 00:58:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 00:58:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 00:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/20 00:58:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/06 05:28:58 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2006/05/11 22:23:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/05/10 16:51:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 16:01:12 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/10 15:57:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/24 06:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/01/05 17:27:58 | 004,358,144 | ---- | C] () -- C:\WINDOWS\System32\I2E_CINT.dll
[2005/12/02 13:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/12 20:07:12 | 000,874,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2005/07/16 16:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
[2005/05/06 13:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2005/01/06 15:55:50 | 001,384,448 | ---- | C] () -- C:\WINDOWS\System32\I2E_CIIO.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2002/05/15 08:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 03:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/13 22:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2007/07/22 19:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Black Bunny\Application Data\7Wonders
[2010/01/09 23:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Black Bunny\Application Data\CheckPoint
[2008/03/28 00:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Black Bunny\Application Data\FUJIFILM
[2009/02/09 17:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Black Bunny\Application Data\ICAClient
[2007/04/25 04:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Black Bunny\Application Data\Leadertech
[2008/12/23 00:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Black Bunny\Application Data\MailFrontier
[2007/05/29 03:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Black Bunny\Application Data\muvee Technologies
[2010/01/20 05:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Black Bunny\Application Data\uTorrent
[2009/08/08 00:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Black Bunny\Application Data\Windows Desktop Search
[2009/08/09 06:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Black Bunny\Application Data\Windows Search
[2010/02/12 15:36:22 | 000,000,000 | R--D | M] -- \I386
[2010/02/12 15:30:47 | 000,000,000 | R--D | M] -- \PROGRAMS
[2010/02/12 15:35:30 | 000,000,000 | R--D | M] -- \SFX

========== Purity Check ==========


< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users