Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Renders Laptop a Paperweight


  • This topic is locked This topic is locked
73 replies to this topic

#1 FranklenStein

FranklenStein

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 14 May 2010 - 05:47 PM

(***Accidentally posted this in XP forum originally, so apologies if it's moved and doubled accordingly***)

Hello, have had some luck with these forums before so thought I'd appeal your collective expertise once more.

Was working last night on a dell laptop I have through work, and got one of those pretend "you've been infected messages, click here to run a scan" while online. Immediately clicked it closed, but it simply started back up in the tray. Tried to shut it down via "task list", but the virus wouldn't allow me to open it. So...did a hard shut down in hopes of preventing any major catastrophes. No such luck...

When I try to restart it, I get a message stating "error loading operating system"! Tried restarting again and getting it into safe mode, but no such luck with that. Then ran the Dell diagnostics tool through F12 and after a bunch of tests all seeming to pass, I get a message stating "No Diagnostic Utility Partition Found. To run diagnostics insert your Dell 'Drivers and Utilities' CD and select OK to boot off the CD." However, I don't have any such disc, and will take a week or two at least to get one from the I.T. folks.

So...then loaded the Ubuntu disc that I previously had luck with in hopes of rescueing my un-backed up data. Ubuntu loads fine, but then it doesn't read my drive (shows only "filesystem" when I go to places, compter) so I can't rescue anything.

Have a bad feeling that everything is gone. Even so if possible I'd like to get the thing back up and running if someone cares to hold my hand through it. Any and all help is apprectiated. Thanks for reading.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 15 May 2010 - 05:35 AM

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

Its quite possible OTLPE will not detect your Operating System. If so no panic, just let me know.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 FranklenStein

FranklenStein
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 15 May 2010 - 09:21 PM

Appreciate the help. I should have updated this last night.

Did some poking around when it looked like no one was going to respond, and stumbled accross suggestions to use "fixmbr". Found a my copy of xp home and ran that, and then had to run "fixboot" as well when that did not work.

Voila!!! Sort of. dry.gif

Recognized the operating system, and got it into safe mode at which point I ran full scans using malwarebytes, Spybot, Adaware, and Super AntiSpyware.

Programs cleaned up a bunch of stuff, but when I took it out of safe mode, the little bugger was there again. Something called "Antivirus Suite". Yanked the plug on it as fast as I could, and this time before it disabled the loading of the operating system.

Again put it in safe mode and ran a full scan with AVG which found some MORE goodies. And for good measure, ran all the above scans which seemed to give it a clean bill of health. Put it back in regular mode this morning, and so far so good.

HOWEVER, I can no longer get online which seems to be when it gets triggered. My wireless connection says I have an excellent connection, but can't get online even after repairing the connection. What's the chances it did something squirrely to my internet capabilities? The odd part is that I can update all my virus programs (except SUperAntiSpyware which for some reason states it is firewalled), but the browser won't work.



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 16 May 2010 - 04:00 AM

QUOTE
Did some poking around when it looked like no one was going to respond,
As I see it you only had to wait 12 hours to get a reply, doesn't seem too long to me whistling.gif

Please run OTL and GMER, you can transfer the log using a flash drive.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

GMER
-------
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 FranklenStein

FranklenStein
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 16 May 2010 - 03:59 PM


blush.gif Apologies, you are quite right. No one ever accused me of being patient. Haha. Downloaded ISO burner, and currently downloading OTLPE. Going to take around 3 hours or so. That said, not convinced this old work desktop even has a CD burner. Just got it as a replacement for another one that succumbed to some buggy that even the I.T. folks couldn't figure out. Will post when the download completes. Thanks again.

#6 FranklenStein

FranklenStein
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 17 May 2010 - 12:11 AM

Got the image to download after a couple of failed attempts, but apparently there is no burner on this computer as feared (when I try to pull up a "target" in ISO, there are no options). Other suggestions, or should I try to get someone to burn that disk for me???

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 17 May 2010 - 03:18 AM

Let me give you a new link for OTLPE: this has a burner incorporated.

Just download the file, put a blank CD in your drive and doubleclick on the downloaded file.

Download link: http://oldtimer.geekstogo.com/OTLPENet.exe

This file is also much smaller (120 MB).

Edited by elise025, 17 May 2010 - 03:19 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 FranklenStein

FranklenStein
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 19 May 2010 - 08:23 PM

Thanks for bearing with me. Due to the whole no internet capabilities, I wasn't able to fiddle with this on my two days off. Downloaded the link you gave me, but when I then tried to make the CD, I get the expected "no writers detected message" on the work desktop.

So...Tansferred the file to a USB and put it onto the sickly laptop. Double click it and it extracts fine, but when "ImgBurn" comes up, I get a "Device not ready (unable to recover TOC)" error message so I STILL have no CD.

Pretty sure I have someone who can burn me one if the "unable to recover TOC" thing is impossibel to get around. Would likely take another couple of days before I got it though. Just let me know. Thanks!

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 20 May 2010 - 08:15 AM

We can do it also with a flashdrive smile.gif This is a bit more complicated, if you have any questions, please let me know.

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.
    • Download OTLPEStd.exe from one of the following links and save it to your Desktop: mirror1 or mirror2
    • Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
    • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
  1. Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop



  2. Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:



  3. Please also decompress eeepcfr to your systemroot (usually C:\).
  4. Empty the flash drive you want to install OTLPE on.
  5. Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
  6. Press any key when asked to in the black window that opens.
  7. As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
    For Drive Label: type in OTLPE.
    Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
    Finally check Enable File Copy.




  8. Click on Start, accept the disclaimers and wait for the program to finish.
Your bootable flash drive should now be ready!


Now follow the previous instructions, if you have trouble booting from a Flashdrive, follow the steps in the link I gave in the previous instructions, but change to FD (or whatever designation your Flashdrive has) instead of CD.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 FranklenStein

FranklenStein
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 20 May 2010 - 06:17 PM

Okay, a bit confused.

Got the three downloads completed, and installed the 7-zip program.

Think I got the OTLSPE thing properly decompressed (have a folder on the desktop anyway after following the insructions).

Afraid you'll need to baby-step me through decompressing the "eeepcfr" though. Already seems to a zip folder on my desktop. Do I extract the files? It does open, and I have a folder inside a "eeepcfr" folder containing two more folders (bootsect and usbprep8), and two files called usbprep8 and xp2usb.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 21 May 2010 - 04:03 AM

Follow the steps from #4 smile.gif

This starts with extracting (unzipping) eeepcfr to c:\

Just try to follow the steps starting with #4, if you don't understand the instructions, please post back here (it would be helpful to include the number of the step you have a problem with).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 FranklenStein

FranklenStein
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 21 May 2010 - 09:55 PM

Okay, THINK I got it downloaded to my USB, however the desktop folder I get when I pull up usbprep8 states OTLPEstd/OtLE....instead of just OTLPE..

That said, the program starts and runs to completion.

Stuck into the laptop in question, but now need to know how to open the correct program to do the scan.

There is a main "Reatogo" menu with various options such as disk investigator, agent ransack, etc...

Am I on the right track? Thanks.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 22 May 2010 - 02:00 AM

QUOTE
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

See above smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 FranklenStein

FranklenStein
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 22 May 2010 - 04:50 PM

Sorry. Never occured to me to look that far back. whistling.gif

Not sure if I just have a different version or something, but my "reatogo" menu doesn't have OTLPE on it (has "2-Open Folders", 7-aip File Manager", "Agent Ransack", "Disk Investigator", "DriveImageXML", "HandyRecovery1", ImgBurn", Magical Jelly Bean...", "MSKeyViewerPlus", "Notepad++", "UndeletePlus", and "Windows Registry Recovery".)

HOWEVER, when I click on the "2-Open Folders", I do get an OTLPE folder. When I open that, there is an OTLPE Old Timers logo that opens version 3.1.39.0. There is no "automatically load all users" box to check unless it is extremely well-hidden, but there are "run scan", "run fix", "quick scan", and "none" buttons (along with various other things to check off: Services, Drivers, Standard Registry, Extra Registry, Output, Files Created With, and Files Modified With).

Clicked "run scan" and seems to be working. Will update when completed. icon_bubbles.gif


#15 FranklenStein

FranklenStein
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 22 May 2010 - 05:05 PM

Whoa! That was fast...Copy of log below:

OTL logfile created on: 5/22/2010 2:49:01 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = E:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 311.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 11.77 Gb Free Space | 31.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 3.35 Gb Free Space | 89.89% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 846B0B1
Current User Name: BKALASIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/05/14 21:50:05 | 001,291,544 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/11 19:38:18 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/08/28 08:59:10 | 000,081,920 | ---- | M] (Novell, Inc.) [Auto] -- C:\Program Files\ZENworks\Patch Management Agent\GravitixService.exe -- (PatchLink Update)
SRV - [2008/08/04 22:59:00 | 000,053,339 | ---- | M] (Novell, Inc.) [On_Demand] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2007/01/22 16:30:04 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/01 22:04:48 | 000,049,152 | ---- | M] (Novell, Inc.) [Auto] -- C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe -- (TSCensus Collection Client)
SRV - [2006/06/13 05:57:32 | 000,151,104 | ---- | M] (Novell, Inc.) [Auto] -- C:\Program Files\Novell\ZENworks\WM.EXE -- (ZFDWM)
SRV - [2006/06/13 05:52:18 | 000,113,152 | ---- | M] (Novell, Inc.) [Auto] -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE)
SRV - [2006/05/09 08:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) [Auto] -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -- (Remote Management Agent)
SRV - [2006/05/02 07:17:16 | 000,061,440 | ---- | M] (Novell, Inc.) [Auto] -- C:\WINDOWS\system32\novell\xtagent.exe -- (XTAgent)
SRV - [2004/05/07 13:08:50 | 000,053,248 | ---- | M] (CMHC Systems, Inc.) [Auto] -- C:\WINDOWS\system32\cmhc\CMHCinst.exe -- (CMHCInstMgr)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (vmscsi)
DRV - File not found [Adapter | Unavailable] -- -- (PnSson)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (omci)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/20 10:45:53 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/11 19:38:22 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/11 19:38:12 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008/08/28 22:00:14 | 000,553,216 | ---- | M] (Novell, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2008/08/05 00:17:14 | 000,185,216 | ---- | M] (Novell, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2008/08/05 00:06:32 | 000,058,496 | ---- | M] (Novell, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2008/07/21 21:45:20 | 000,017,664 | ---- | M] (Novell, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2008/07/21 20:47:04 | 000,029,440 | ---- | M] (Novell, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2008/07/21 20:39:20 | 000,045,824 | ---- | M] (Novell, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2008/04/04 22:32:46 | 000,020,208 | ---- | M] (Novell, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2008/01/08 17:27:32 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
DRV - [2007/12/19 16:25:40 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2007/12/19 16:25:40 | 000,089,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2007/09/18 22:05:18 | 000,298,008 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/09/06 23:10:42 | 000,019,200 | ---- | M] (LSI Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\megasas.sys -- (megasas)
DRV - [2007/09/06 22:18:46 | 000,100,096 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2006/10/12 14:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/22 17:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/12 20:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 20:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
DRV - [2005/05/23 12:47:18 | 000,006,899 | ---- | M] (Novell Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\blankscr.sys -- (BlankScr)
DRV - [2005/05/17 17:12:40 | 000,204,800 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aarich.sys -- (aarich)
DRV - [2005/02/17 19:05:16 | 000,218,112 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a320raid.sys -- (a320raid)
DRV - [2004/11/16 09:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 12:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/09/03 11:23:38 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/18 13:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/03 15:59:42 | 000,005,504 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2004/06/17 14:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 14:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 14:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/03 15:26:16 | 000,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2004/04/07 13:14:30 | 000,048,140 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aac.sys -- (aac)
DRV - [2004/02/17 11:38:30 | 000,132,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ADPU320.SYS -- (adpu320)
DRV - [2003/04/28 07:15:38 | 000,140,544 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fasttx2k.sys -- (fasttx2k)
DRV - [2003/02/26 21:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2001/03/20 08:55:42 | 000,009,176 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\WNTHW.SYS -- (WNTHW)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/20 17:42:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/06 21:19:07 | 000,385,900 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13312 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 1
O7 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle =
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1271277089546 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {99FE97A4-4479-11D5-8BA0-00105A8305D4} Reg Error: Key error. (CMHCbuiUpdate.buiUpdate)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - HKU\S-1-5-21-2851496641-564493930-4081232170-1009 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\BKALASIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BKALASIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/05 14:54:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 04:06:42 | 000,000,053 | ---- | M] () - E:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{edab058f-8ae2-11de-975e-001422d8522c}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe -- [2005/07/16 14:36:50 | 000,240,128 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/21 19:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BKALASIN\Desktop\Videos
[2010/05/21 19:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BKALASIN\Desktop\Keepers
[2010/05/19 18:12:23 | 126,850,486 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\BKALASIN\Desktop\OTLPENet.exe
[2010/05/14 22:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/14 20:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
[2010/05/13 22:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BKALASIN\Local Settings\Application Data\ixgtfjviw
[2010/05/05 17:09:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/29 18:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/29 18:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/29 18:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/02/16 18:54:56 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstaller.exe
[2010/02/13 17:01:57 | 006,147,544 | ---- | C] (Gretech Corp.) -- C:\Program Files\GOMPLAYERENSETUP.EXE
[2009/11/19 19:09:38 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe
[2009/11/10 17:08:12 | 004,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/11/03 12:45:33 | 000,889,840 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_8_37_cnet.exe
[2009/10/04 15:28:39 | 007,972,112 | ---- | C] (DVD Video Soft Limited. ) -- C:\Program Files\FreeVideoToiPodConverter.exe
[2009/10/04 15:11:13 | 005,280,599 | ---- | C] (TopvideoSoft, Inc. ) -- C:\Program Files\mp4-video-converter.exe
[2009/10/04 14:44:43 | 005,432,267 | ---- | C] (Aone Software ) -- C:\Program Files\ultra_mp4converter.exe
[2009/10/04 14:08:47 | 016,394,493 | ---- | C] (Any-Video-Converter.com ) -- C:\Program Files\any-video-converter.exe
[2009/06/11 20:06:49 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2009/05/14 17:11:58 | 000,642,540 | ---- | C] (Xvid team ) -- C:\Program Files\XviD-1.1.3-27042008.exe
[2009/04/04 19:03:11 | 037,452,296 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareAE.exe
[2009/04/04 18:26:31 | 063,049,904 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_285a1462.exe
[2 C:\Documents and Settings\BKALASIN\Desktop\*.tmp files -> C:\Documents and Settings\BKALASIN\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/22 14:40:25 | 060,290,511 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/21 19:39:02 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010/05/21 13:16:17 | 000,130,560 | ---- | M] () -- C:\Documents and Settings\BKALASIN\Desktop\Juan Valdez Final.doc
[2010/05/20 21:03:26 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\BKALASIN\Desktop\Microsoft Word.lnk
[2010/05/20 15:26:04 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2851496641-564493930-4081232170-1009.job
[2010/05/20 14:27:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/19 18:12:54 | 010,223,616 | -H-- | M] () -- C:\Documents and Settings\BKALASIN\NTUSER.DAT
[2010/05/19 17:46:56 | 126,850,486 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\BKALASIN\Desktop\OTLPENet.exe
[2010/05/15 20:02:45 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\BKALASIN\Desktop\Cabbage Salsa.doc
[2010/05/15 20:01:26 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\BKALASIN\Desktop\Patricia's Frijoles.doc
[2010/05/15 19:19:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/15 19:01:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2851496641-564493930-4081232170-1009.job
[2010/05/15 19:00:10 | 000,006,470 | RHS- | M] () -- C:\Documents and Settings\BKALASIN\ntuser.pol
[2010/05/15 18:59:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/15 18:59:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/15 18:59:08 | 1064,755,200 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/15 18:58:26 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/15 18:58:26 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/15 18:58:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\BKALASIN\ntuser.ini
[2010/05/15 18:58:13 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\BKALASIN\Local Settings\Application Data\IconCache.db
[2010/05/15 18:49:03 | 000,001,855 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/15 18:49:03 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/14 17:23:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/13 22:12:12 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\BKALASIN\Desktop\~$rri Thank You.doc
[2010/05/05 17:15:31 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/05 17:15:31 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/04 11:19:25 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\BKALASIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 19:43:00 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 20:36:12 | 000,054,844 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2 C:\Documents and Settings\BKALASIN\Desktop\*.tmp files -> C:\Documents and Settings\BKALASIN\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/15 20:02:44 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\BKALASIN\Desktop\Cabbage Salsa.doc
[2010/05/15 20:01:26 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\BKALASIN\Desktop\Patricia's Frijoles.doc
[2010/05/14 21:43:44 | 1064,755,200 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/13 22:12:12 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\BKALASIN\Desktop\~$rri Thank You.doc
[2010/04/25 13:56:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2851496641-564493930-4081232170-1009.job
[2010/04/24 20:36:12 | 000,054,844 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/25 19:51:24 | 001,653,296 | ---- | C] () -- C:\Program Files\guitar_tuner.zip
[2010/01/02 12:50:08 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/01/02 12:48:33 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PS_setup.ini
[2009/11/19 19:15:42 | 007,375,392 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/10/20 10:22:41 | 000,770,347 | ---- | C] () -- C:\Program Files\FSPlayerSetup.exe
[2009/10/20 10:18:33 | 001,969,179 | ---- | C] () -- C:\Program Files\mpc_6490+_2kXP_cze.zip
[2009/10/08 14:27:42 | 000,000,032 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/12 23:20:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2009/08/15 15:56:14 | 004,348,704 | ---- | C] () -- C:\Program Files\SetupWinCalendar262.exe
[2009/04/02 08:14:27 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\BKALASIN\Local Settings\Application Data\fusioncache.dat
[2009/03/05 13:48:18 | 000,003,649 | ---- | C] () -- C:\WINDOWS\hpdj6127.ini
[2009/03/05 13:44:44 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/03/02 17:24:01 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\BKALASIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/02 14:10:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GAMSWrap.dll
[2009/03/02 14:10:03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\NMASWrap.dll
[2009/03/02 14:09:24 | 000,006,470 | RHS- | C] () -- C:\Documents and Settings\BKALASIN\ntuser.pol
[2009/03/02 14:09:04 | 010,223,616 | -H-- | C] () -- C:\Documents and Settings\BKALASIN\NTUSER.DAT
[2009/03/02 14:09:04 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\BKALASIN\ntuser.dat.LOG
[2009/03/02 14:09:04 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\BKALASIN\ntuser.ini
[2009/01/16 13:02:44 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2009/01/16 10:00:29 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/01/16 06:32:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cmhccrypt.dll
[2009/01/16 06:31:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2009/01/16 06:31:30 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2009/01/15 17:06:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/15 16:57:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/01/15 16:54:05 | 000,000,261 | ---- | C] () -- C:\WINDOWS\WMIInfo.ini
[2009/01/15 16:52:13 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ProcessorDetector.ini
[2008/03/28 06:32:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/28 06:17:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2008/03/28 06:17:52 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2008/03/28 06:15:32 | 000,004,032 | ---- | C] () -- C:\WINDOWS\HARDTACK.INI
[2008/03/28 06:15:16 | 000,000,454 | ---- | C] () -- C:\WINDOWS\IB.ini
[2008/02/01 10:09:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2008/02/01 10:09:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2008/02/01 10:09:23 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2008/02/01 10:09:18 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2008/02/01 10:09:10 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2008/02/01 10:09:08 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2008/02/01 10:09:04 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2008/02/01 10:09:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2008/02/01 10:08:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2008/01/18 10:53:29 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\ddes.dll
[2007/06/06 05:51:10 | 000,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2007/06/06 05:49:26 | 000,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2007/06/06 05:20:04 | 000,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2006/12/10 16:27:41 | 000,004,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.SYS
[2004/12/05 15:43:15 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/12/05 14:57:21 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2004/12/05 14:57:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/12/05 14:57:21 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/12/05 14:57:18 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2004/12/05 14:57:17 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2004/12/05 14:57:17 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/12/05 08:49:11 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelide.sys
[2004/07/09 08:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/17 12:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[1999/08/06 23:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL

========== LOP Check ==========

[2009/10/04 21:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BKALASIN\Application Data\Any Video Converter Professional
[2010/05/21 13:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BKALASIN\Application Data\Canon
[2009/06/09 15:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BKALASIN\Application Data\DriverCure
[2010/04/14 13:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BKALASIN\Application Data\ICAClient
[2009/03/05 13:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BKALASIN\Application Data\InterTrust
[2010/01/02 12:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BKALASIN\Application Data\ScanSoft
[2010/05/15 19:19:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========


< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users