Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Romanian Woman Admits Involvement in Hacking Attack On Washington Police Computers

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Photo

I'm close to Total Lockout

Started by Domo! , Mar 18 2010 01:14 PM

  • This topic is locked This topic is locked
17 replies to this topic

#1 Domo!

Domo!

  • Members
  • 174 posts
  • OFFLINE
    •  
  • Local time:07:49 AM

Posted 18 March 2010 - 01:14 PM

Hi, I'm ashamed to say that this is my second time I had to post with a question of how to cure my PC. I have no idea how but but after living clean with it after my last clean-up, it still managed contracted a really tricky virus. Anyways...

After my computer showed some signs of being sluggish I ran my Malwarebytes and found nothing, then I moved onto my ATF Cleaner and then my computer froze. I was impatient so after 10 minutes I just restarted it and now a new problem occured: After the Windows XP loading screen everything goes black besides from the cursor.

I've seen such things before so I went ahead and tried "Safe-mode" and I still got blocked. Realizing that I'm really in it ,I tried the windows recovery console on my XP disc and when I got to it, I was asked for an Administrative password but none exist. I own the computer and I made sure that I wouldn't put on a password to ensure I could access these things wqithout the hassle.

I then used an external boot disk I made called UCDB4Win to access a program in it to erase passwords and still no luck. I'm dangling at the end of my rope at this point. Any thoughts? Also I'm sorry to trouble anyone with presenting this headscratcher in the first place. in the mean time I'll still look into the UCDB4Win password tools to see if I missed something (I doubt it though, I checked them all) Thanks again for your help in advence.

BC AdBot (Login to Remove)

 

#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:06:49 PM

Posted 18 March 2010 - 01:20 PM

Hello there,

Lets see if we can find out what happened there. For good order, I am moving this topic to the Malware Removal forum, since the tools we are using are more advanced.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#3 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
    •  
  • Local time:07:49 AM

Posted 19 March 2010 - 08:10 AM

I'm downloading the programs and iso now. thank you for your help so far. I will post the log file as soon as I can.

#4 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
    •  
  • Local time:07:49 AM

Posted 19 March 2010 - 09:08 AM

I have the OTL log file:

OTL logfile created on: 3/19/2010 10:56:24 AM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 775.00 Mb Available Physical Memory | 76.00% Memory free
906.00 Mb Paging File | 837.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 16.24 Gb Free Space | 23.26% Space Free | Partition Type: NTFS
Drive D: | 465.65 Gb Total Space | 296.30 Gb Free Space | 63.63% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 6.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet007

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (NMIndexingService)
SRV - File not found [Auto] -- -- (MaxBackServiceInt)
SRV - File not found [On_Demand] -- -- (Aeapsrd)
SRV - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/12/13 09:04:58 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/11/12 11:03:32 | 000,070,928 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/28 09:06:57 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2008/05/01 15:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\WINDOWS\SYSTEM32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/01/31 21:24:54 | 001,251,720 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/08/23 16:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 16:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/09 10:24:14 | 000,072,704 | ---- | M] (Autodesk) [Auto] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/08/10 04:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 04:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/01/15 20:06:22 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/09/21 15:13:44 | 000,065,536 | ---- | M] () [Auto] -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | System] -- -- (vsdatant)
DRV - File not found [Kernel | On_Demand] -- -- (Trufos)
DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (Profos)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (ovfsthylvdjtublrpxnppjnmefyypqubkyfktk)
DRV - File not found [Kernel | On_Demand] -- -- (neokdss)
DRV - File not found [Kernel | On_Demand] -- -- (nenum13E)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (InCDRm)
DRV - File not found [Kernel | System] -- -- (InCDPass)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2009/11/16 15:46:12 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\tbhsd.sys -- (tbhsd)
DRV - [2009/11/12 11:03:32 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/12 11:03:32 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/12 11:03:32 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTCore.sys -- (PCTCore)
DRV - [2009/10/30 12:11:00 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys -- (pctgntdi)
DRV - [2009/09/18 14:57:00 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys -- (sptd)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/09/03 10:45:12 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys -- (pctplsg)
DRV - [2009/08/28 09:07:39 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/28 09:07:38 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/05/20 10:36:59 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/23 14:07:28 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 14:07:26 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 14:07:26 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/17 13:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/03/17 13:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/01/22 05:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/01/15 12:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/09 04:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 10:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 10:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 10:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 10:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 10:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 10:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 10:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 10:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/04 08:37:28 | 000,099,208 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2006/08/01 21:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 21:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/01 20:46:34 | 000,051,800 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\DRVNDDM.SYS -- (drvnddm)
DRV - [2006/05/20 06:15:25 | 000,030,588 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\scdemu.sys -- (SCDEmu)
DRV - [2006/03/04 08:00:00 | 000,241,664 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\c2scsi.sys -- (c2scsi)
DRV - [2006/01/30 10:43:27 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/04/06 14:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2004/11/11 19:10:00 | 002,738,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde)
DRV - [2001/05/07 06:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)
DRV - [2001/04/09 16:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Anton_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Anton_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.microsoft.com/
IE - HKU\Anton_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Anton_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension


Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {2E581F18-8572-4127-A0A4-93F526D69B3F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\Anton_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe File not found
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [WildTangent CDA] C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe (WildTangent, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [] C:\WINDOWS\TEMP\hpo2gduc4f.exe File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Anton_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Anton_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Anton_ON_C..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Anton_ON_C..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Administrator_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\Anton_ON_C..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = X:\I386\SYSTEM32\WTablet\TabUserW.exe File not found
O4 - Startup: C:\Documents and Settings\Anton\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Anton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Anton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 0
O7 - HKU\Anton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1240082546906 (MUWebControl Class)
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab (Reg Error: Key error.)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.146 68.87.75.194
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\khfETjHB: DllName - khfETjHB.dll - File not found
O20 - Winlogon\Notify\mlJcawUM: DllName - mlJcawUM.dll - File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\linpuph.dll File not found
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\efcaxxWq) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 18:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/09/26 16:03:26 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/05/18 10:37:12 | 000,000,069 | RH-- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\install.EXE id= ver=1.0.0.0 -- File not found
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/17 17:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anton\Desktop\Naruto 487
[2010/03/11 19:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anton\Desktop\Pan
[2010/03/11 19:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anton\Desktop\Uub
[2010/03/10 09:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anton\Desktop\Naruto_486
[2010/03/10 07:29:58 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2006/07/11 14:29:00 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll
[5 C:\Documents and Settings\Anton\My Documents\*.tmp files -> C:\Documents and Settings\Anton\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/18 11:21:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/18 11:21:08 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/18 07:18:30 | 020,709,376 | -H-- | M] () -- C:\Documents and Settings\Anton\NTUSER.DAT
[2010/03/17 20:11:17 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/17 17:44:37 | 057,253,522 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/17 17:34:52 | 003,893,830 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Naruto_487.zip
[2010/03/17 01:39:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/16 18:41:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/16 18:39:59 | 000,168,448 | ---- | M] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 01:24:34 | 000,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/16 01:23:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/15 16:29:57 | 000,036,406 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Picture%208.jpg
[2010/03/15 12:27:34 | 000,038,284 | ---- | M] () -- C:\Documents and Settings\Anton\Application Data\wklnhst.dat
[2010/03/15 11:53:56 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/15 11:53:56 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/15 11:53:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Anton\NTUSER.INI
[2010/03/15 05:10:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/03/15 02:22:29 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 02:22:29 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/15 02:22:29 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/14 11:53:22 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Demo Reel Examples.lnk
[2010/03/14 11:53:22 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Conversion Tools.lnk
[2010/03/14 11:53:22 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\James baxter.lnk
[2010/03/14 11:53:22 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Lemurs.lnk
[2010/03/14 11:53:22 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Eyes.lnk
[2010/03/14 11:53:20 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Milt Kahl-On Animation.lnk
[2010/03/14 11:53:20 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Matt Willems Bear.lnk
[2010/03/14 11:53:20 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Demo Reel AVIs.lnk
[2010/03/14 11:53:20 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Crawford Clown.lnk
[2010/03/14 11:53:20 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Studio Images.lnk
[2010/03/14 11:53:20 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Wong Refence.lnk
[2010/03/14 11:53:20 | 000,000,295 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Shortcut to Mural Ideas.lnk
[2010/03/14 11:53:20 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Glen Keane.lnk
[2010/03/14 11:53:20 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Crystal.lnk
[2010/03/14 11:53:20 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Lines.lnk
[2010/03/14 11:53:20 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Animation PDFs.lnk
[2010/03/13 23:28:35 | 000,061,683 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\dragonball-greatest-arts.jpg
[2010/03/13 07:47:34 | 007,528,060 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Garcia_Reel[1].flv
[2010/03/11 13:21:32 | 002,154,696 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\The Wiz 2.avi
[2010/03/11 12:34:08 | 001,387,328 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\The Wiz 2.flv
[2010/03/10 09:35:40 | 000,103,586 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Designs_for_a_future_project_by_greenestreet.jpg
[2010/03/09 14:36:17 | 000,054,925 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\1.jpg
[2010/03/09 03:25:45 | 004,314,750 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\The Wiz.avi
[2010/03/09 02:50:39 | 002,693,629 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\The Wiz.flv
[2010/03/08 23:16:20 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/07 12:48:36 | 000,005,690 | ---- | M] () -- C:\Documents and Settings\Anton\My Documents\Lee.Theme
[2010/03/07 12:26:18 | 000,005,703 | ---- | M] () -- C:\Documents and Settings\Anton\My Documents\Hulks.Theme
[2010/03/07 00:26:19 | 000,001,234 | -HS- | M] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\d1NJm3Vp784
[2010/03/06 18:14:30 | 000,005,686 | ---- | M] () -- C:\Documents and Settings\Anton\My Documents\Ashtonishing X-Men.Theme
[2010/03/05 06:43:09 | 000,000,730 | -HS- | M] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\04lB
[2010/03/04 10:31:02 | 000,000,702 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/04 10:31:02 | 000,000,237 | RHS- | M] () -- C:\BOOT.INI
[2010/03/04 10:31:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/03/01 14:09:56 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Boards.lnk
[2010/02/27 23:22:31 | 000,001,234 | -HS- | M] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\qadX88Alu
[2010/02/25 21:51:11 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\7EgpN4
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/19 18:14:03 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Anton\Desktop\Microsoft Word.lnk
[5 C:\Documents and Settings\Anton\My Documents\*.tmp files -> C:\Documents and Settings\Anton\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\zojefobe
[2010/03/18 01:57:47 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/17 17:26:58 | 003,893,830 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Naruto_487.zip
[2010/03/15 16:30:07 | 000,036,406 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Picture%208.jpg
[2010/03/15 05:10:57 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/03/15 05:10:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/03/14 11:54:00 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Milt Kahl-On Animation.lnk
[2010/03/14 11:54:00 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Matt Willems Bear.lnk
[2010/03/14 11:54:00 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Conversion Tools.lnk
[2010/03/14 11:54:00 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Studio Images.lnk
[2010/03/14 11:54:00 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Wong Refence.lnk
[2010/03/14 11:54:00 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Shortcut to Mural Ideas.lnk
[2010/03/14 11:54:00 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Lemurs.lnk
[2010/03/14 11:54:00 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Lines.lnk
[2010/03/14 11:54:00 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Animation PDFs.lnk
[2010/03/14 11:53:59 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Demo Reel Examples.lnk
[2010/03/14 11:53:59 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Demo Reel AVIs.lnk
[2010/03/14 11:53:59 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Crawford Clown.lnk
[2010/03/14 11:53:59 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\James baxter.lnk
[2010/03/14 11:53:59 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Glen Keane.lnk
[2010/03/14 11:53:59 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Crystal.lnk
[2010/03/14 11:53:59 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Eyes.lnk
[2010/03/13 23:31:15 | 000,061,683 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\dragonball-greatest-arts.jpg
[2010/03/13 12:06:46 | 007,528,060 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Garcia_Reel[1].flv
[2010/03/11 13:21:24 | 002,154,696 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\The Wiz 2.avi
[2010/03/11 12:52:44 | 001,387,328 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\The Wiz 2.flv
[2010/03/10 09:35:53 | 000,103,586 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Designs_for_a_future_project_by_greenestreet.jpg
[2010/03/09 14:36:48 | 000,054,925 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\1.jpg
[2010/03/09 03:25:31 | 004,314,750 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\The Wiz.avi
[2010/03/09 03:13:18 | 002,693,629 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\The Wiz.flv
[2010/03/07 12:48:36 | 000,005,690 | ---- | C] () -- C:\Documents and Settings\Anton\My Documents\Lee.Theme
[2010/03/07 12:26:17 | 000,005,703 | ---- | C] () -- C:\Documents and Settings\Anton\My Documents\Hulks.Theme
[2010/03/07 00:26:13 | 000,001,234 | -HS- | C] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\d1NJm3Vp784
[2010/03/06 18:14:28 | 000,005,686 | ---- | C] () -- C:\Documents and Settings\Anton\My Documents\Ashtonishing X-Men.Theme
[2010/03/05 06:43:08 | 000,000,730 | -HS- | C] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\04lB
[2010/03/01 14:09:27 | 000,000,250 | ---- | C] () -- C:\Documents and Settings\Anton\Desktop\Boards.lnk
[2010/02/27 23:22:19 | 000,001,234 | -HS- | C] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\qadX88Alu
[2010/02/25 21:51:11 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\7EgpN4
[2010/01/17 11:19:44 | 000,044,268 | ---- | C] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\rx_audio.Cache
[2009/12/28 23:50:01 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/12/28 23:50:01 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/06/15 21:30:05 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/06/15 21:28:25 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2009/04/18 14:46:08 | 000,124,760 | ---- | C] () -- C:\Documents and Settings\Anton\Application Data\JuniperSetup.exe
[2009/03/25 22:17:41 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/01 23:15:44 | 000,001,022 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2008/12/29 14:54:35 | 000,675,820 | -HS- | C] () -- C:\WINDOWS\System32\ghhhkRqr.ini
[2008/12/29 14:54:35 | 000,675,678 | -HS- | C] () -- C:\WINDOWS\System32\ghhhkRqr.ini2
[2008/08/08 16:18:38 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/21 01:47:59 | 001,505,729 | -HS- | C] () -- C:\WINDOWS\System32\drucjvhi.ini
[2008/04/27 22:19:26 | 001,483,247 | -HS- | C] () -- C:\WINDOWS\System32\cxicmneo.ini
[2008/04/25 08:17:22 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/04/25 01:04:21 | 000,000,466 | -HS- | C] () -- C:\WINDOWS\System32\qifhqmka.ini
[2008/04/23 22:36:54 | 001,540,824 | -HS- | C] () -- C:\WINDOWS\System32\yamuklyj.ini
[2008/04/23 10:33:11 | 000,906,442 | -HS- | C] () -- C:\WINDOWS\System32\qWxxacfe.ini2
[2008/04/23 10:33:11 | 000,906,442 | -HS- | C] () -- C:\WINDOWS\System32\qWxxacfe.ini
[2008/04/19 14:03:14 | 000,000,023 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/04/03 13:48:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\rx_image.Cache
[2008/02/06 14:45:46 | 000,000,104 | ---- | C] () -- C:\WINDOWS\BTW.INI
[2008/02/06 14:45:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AUTORUN.INI
[2008/02/02 17:27:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/01/27 10:57:53 | 000,000,580 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/01/15 15:26:06 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/04 22:29:30 | 000,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2007/09/15 10:28:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 23:05:53 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2007/01/08 03:13:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/16 13:47:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/09 04:19:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/08/09 04:19:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/09 01:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/05/16 02:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/02/26 12:57:58 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2005/11/10 01:30:40 | 000,056,792 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2005/10/10 18:39:43 | 000,002,359 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/19 12:00:56 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Anton\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/04/10 16:31:01 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2005/04/09 23:05:44 | 000,168,448 | ---- | C] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/09 19:28:54 | 000,038,284 | ---- | C] () -- C:\Documents and Settings\Anton\Application Data\wklnhst.dat
[2005/04/09 15:42:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Anton\Local Settings\Application Data\fusioncache.dat
[2005/03/31 13:20:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/31 13:18:31 | 000,000,430 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/31 13:12:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/31 12:37:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/19 18:22:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 18:16:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/08/10 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2005/04/09 22:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\.bittorrent
[2007/02/19 14:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\acccore
[2007/02/17 10:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Aim
[2006/04/21 14:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Canon
[2008/08/20 12:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\DAEMON Tools
[2008/04/03 04:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\e frontier
[2005/11/02 03:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\fltk.org
[2009/10/31 19:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\FLV Extract
[2009/09/03 13:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Humanbalance
[2006/04/08 10:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Jasc
[2009/04/18 17:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Juniper Networks
[2006/06/19 07:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Leadertech
[2009/01/09 13:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Opera
[2005/12/24 13:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Otto
[2006/03/16 01:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Publish Providers
[2008/04/23 10:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\River Past G5
[2009/11/13 20:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Sony
[2005/11/23 01:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Third Wish Software and Animation
[2007/03/03 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\VTC Preferences Folder
[2006/09/21 12:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anton\Application Data\Walgreens
[2010/03/17 01:39:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2005/05/15 21:27:15 | 000,036,352 | ---- | M] ()(C:\Documents and Settings\Anton\My Documents\???????????.doc) -- C:\Documents and Settings\Anton\My Documents\俺はとことん止まらない.doc
[2005/05/15 21:27:15 | 000,036,352 | ---- | C] ()(C:\Documents and Settings\Anton\My Documents\???????????.doc) -- C:\Documents and Settings\Anton\My Documents\俺はとことん止まらない.doc
[2005/05/15 21:25:12 | 000,037,376 | ---- | M] ()(C:\Documents and Settings\Anton\My Documents\????heart??????.doc) -- C:\Documents and Settings\Anton\My Documents\くすぶるheartに火をつけろ.doc
[2005/05/15 21:25:12 | 000,037,376 | ---- | C] ()(C:\Documents and Settings\Anton\My Documents\????heart??????.doc) -- C:\Documents and Settings\Anton\My Documents\くすぶるheartに火をつけろ.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Yu Yu Hakusho OST:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Whoa.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\The Mummy & The Mummy Returns Soundtrack 4CD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Tengen_Toppa_Gurren_Lagann_-_Sorairo_Days.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Tenacious D - The Pick Of Destiny:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Star.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Princess Mononoke OST Collection:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\North Star.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\fire.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Eric_Bleach-ch173-p18_special.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\ELSEWHERE_wallpaper_by_Aremke.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\ELEVATED-PARK-SUNRISE.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\dragon-ball-z-budokai-tenkaichi-20050506091427468.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\dragon-ball-z-budokai-tenkaichi-20050505084243107.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Dragonball Z Music Collection Vol. 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\double z 001.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\deadpool.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\dbzs4.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\DBZ%20wp%20016-%20Vegeta%20&%20Goku.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\danwallpaperdan.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Crouching Tiger,Hidden Dragon 1CD 2000 Soundtrack:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\cozy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Close up.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\CITY-TUNNEL-PAN.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\characterc.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\cat.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\castles.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Candleabra.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\bw.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\bugs.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\bug.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\BLAP051_COV.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Batmobile.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Batmobile 3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\batman615.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\b.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\ASBR-Cv8_SolicitC.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\announcer guy.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\andrx78_45.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\Adobe Acrobat 8 Professional:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\aa-wolvie.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\aa-usentinela.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\928096_20050519_screen011.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\928096_20050519_screen006.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\8321_400x600.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\75-2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\490px-Magic_Kingdom_castle.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\3703577_main.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\24.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\1984 - Nausicaa:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\139-2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\105 Alex Ken Stage -JAZZY NYC '99-.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\006.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anton\My Documents\[Ramsus-kun] Chrono Trigger one-shot manga (english!):Roxio EMC Stream
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:E3159A34353DC5D0
@Alternate Data Stream - 142 bytes -> C:\WINDOWS\SYSTEM32:,|öšpctlsp.log
< End of report >

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:06:49 PM

Posted 19 March 2010 - 11:17 AM

Hello again,

Quite some malware showing up there, so lets see if we can get rid of it smile.gif

Please re-run OTLPE and copy/past the text in the codebox below into the "custom scan/fix" field. Click Run fix
CODE
:services
ovfsthylvdjtublrpxnppjnmefyypqubkyfktk

:otl
O20 - Winlogon\Notify\khfETjHB: DllName - khfETjHB.dll - File not found
O20 - Winlogon\Notify\mlJcawUM: DllName - mlJcawUM.dll - File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\linpuph.dll File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\efcaxxWq) - File not found
[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\zojefobe
[2008/05/21 01:47:59 | 001,505,729 | -HS- | C] () -- C:\WINDOWS\System32\drucjvhi.ini
[2008/04/27 22:19:26 | 001,483,247 | -HS- | C] () -- C:\WINDOWS\System32\cxicmneo.ini
[2008/04/25 01:04:21 | 000,000,466 | -HS- | C] () -- C:\WINDOWS\System32\qifhqmka.ini
[2008/04/23 22:36:54 | 001,540,824 | -HS- | C] () -- C:\WINDOWS\System32\yamuklyj.ini

:commands
[emptytemp]
[resethosts]


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#6 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
    •  
  • Local time:07:49 AM

Posted 19 March 2010 - 01:28 PM

Wow, too good. I did as you instructed and I've got windows back. I have the log file after the scan (i won't post it yet because it's pretty big and I'm not sure if you need it).

I can't thank you enough for the help. Is there anything else I need to check for, any "follow-up" proceedures?

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:06:49 PM

Posted 19 March 2010 - 01:33 PM

Glad to hear that smile.gif

For now, lets do a normal scan to catch any leftover stuff.

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#8 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
    •  
  • Local time:07:49 AM

Posted 19 March 2010 - 01:36 PM

Will do!

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:06:49 PM

Posted 19 March 2010 - 04:54 PM

Okay, I'll wait for the results smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#10 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
    •  
  • Local time:07:49 AM

Posted 20 March 2010 - 11:57 AM

Malware Bytes Full Scan shows up clean and i even did a Spyware Doctor full scan and my computer has a clean bill of health. I can't thank you enough for your expert help, seriously.

My computer did do a wierd thing though, when after I closed internet explorer another explorer window opened up and started giving itself tabs like it was going out of style. I don't think it's serious and I'll keep scanning regularly and keeping my eyes on things. Thanks so much for the help.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:06:49 PM

Posted 20 March 2010 - 12:24 PM

Hi, before giving you all clean, I want to do one antivirus scan (until now, we only did an antispyware scan).

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#12 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
    •  
  • Local time:07:49 AM

Posted 21 March 2010 - 09:18 AM

I'm on it. I've run the scan a few times but it freezes after 15% after 5 hours and another time at 26% after another few hours when I tried again. I'm trying it in Safe Mode now. When I'm done, I'll post the results as instructed.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:06:49 PM

Posted 21 March 2010 - 09:45 AM

Okay, if that still does not work, just let me know and I'll give you another scanner to run.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#14 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
    •  
  • Local time:07:49 AM

Posted 21 March 2010 - 12:00 PM

I got the text file from the completed scan in safe mode:

C:\WINDOWS\SYSTEM32\ghhhkRqr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\ghhhkRqr.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\qWxxacfe.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\qWxxacfe.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03192010_150509\C_WINDOWS\SYSTEM32\cxicmneo.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03192010_150509\C_WINDOWS\SYSTEM32\drucjvhi.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03192010_150509\C_WINDOWS\SYSTEM32\qifhqmka.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03192010_150509\C_WINDOWS\SYSTEM32\yamuklyj.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
J:\My Documents backup\audioextractor.exe probably a variant of Win32/Agent trojan deleted - quarantined


Should I do the same scan in regular windows?

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:06:49 PM

Posted 21 March 2010 - 12:22 PM

Do you have any problems left?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·