VIRTUMONDE PRX HELP!!!!!

Hi, Ive been having a few problems with my laptop with a virus called virtumonde prx when i ran spybot search and destroy a couple of weeks ago it said i had a trojan virus called virtumonde prx so i clicked fix selected problems however its said fixed but it wasn't. Since this my laptop has been running realy slow i had various pop ups, ones i can't see to you can just hear them and its even got to the point to when i run spybot for some reason my laptop shuts dow straight away with a blue screen appearing stating a problem has occured, you barely have time to read it but i caught a bit of it saying note pad fault (someothing like that). I've also tried to use malwarebytes to try and get rid of the problem but no luck. Also when ever i switch on the laptop at the start a window always apears RUNDLL saying error.

I hope someone can help????

Here's a log of my proccesors if it helps?

DDS (Ver_10-03-17.01) - NTFSx86
Run by Any Authorised User at 20:59:40.21 on 26/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1164 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\WINDOWS\system32\TPSMain .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView .exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TOSHIBA\Controls\VolumeIndicator .exe
"C:\WINDOWS\System32\svchost.exe"
C:\Program Files\Apoint2K\Apoint .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Any Authorised User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM .exe" -scheduler
uRun: [MobileConnect.EXE] c:\program files\vodafone\vodafone mobile connect\bin\MobileConnect.EXE
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr .exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [Toshiba Controls Utility] "c:\program files\toshiba\controls\VolumeIndicator.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Xveqozeraz] rundll32.exe "c:\windows\ofagocelozu.dll",Startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-1-11 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-5-28 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-5-28 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-5-28 144704]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-4-2 732160]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-5-28 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-5-28 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-5-28 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-5-28 40488]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-2 48600]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-5-29 6912]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-4-2 288000]
S0 eawjckip;eawjckip;c:\windows\system32\drivers\wpoixagw.sys --> c:\windows\system32\drivers\wpoixagw.sys [?]
S0 qjhobnw;qjhobnw;\SystemRoot\sysysysysysysysysysysysys --> \SystemRoot\sysysysysysysysysysysysys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-22 135664]
S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;c:\windows\system32\svchost.exe -k netsvcs [2008-4-2 14336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-8-12 10976]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-5-28 33832]

=============== Created Last 30 ================

2010-08-26 16:21:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 16:21:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 15:12:07 54016 ----a-w- c:\windows\system32\drivers\dgcw.sys
2010-08-25 14:11:42 0 d-----w- C:\VundoFix Backups
2010-08-21 19:28:09 0 ----a-w- c:\documents and settings\any authorised user\Ÿ=Ÿ=
2010-08-20 22:32:05 72706 ----a-w- c:\docume~1\alluse~1\applic~1\S1EH2PX7.exe
2010-08-20 22:32:01 112 ----a-w- c:\docume~1\alluse~1\applic~1\nN2B8M6.dat
2010-08-20 20:03:34 0 d-----w- c:\windows\system32\scripting
2010-08-20 20:03:33 0 d-----w- c:\windows\system32\en
2010-08-20 20:03:33 0 d-----w- c:\windows\system32\bits
2010-08-20 20:03:33 0 d-----w- c:\windows\l2schemas
2010-08-20 19:58:49 0 d-----w- c:\windows\network diagnostic
2010-08-19 18:43:12 0 d-----w- c:\docume~1\anyaut~1\applic~1\Malwarebytes
2010-08-19 18:42:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-19 18:42:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-19 18:26:27 2838 ----a-w- c:\windows\iwiticuha.dll
2010-08-19 18:04:24 2838 ----a-w- c:\windows\iditagacut.dll
2010-08-19 17:59:12 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-19 15:06:09 0 d-----w- c:\windows\pss
2010-08-19 14:49:24 783360 ----a-w- c:\windows\system32\drivers\obgiou.sys
2010-08-17 17:55:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-15 23:33:51 0 d-----w- c:\docume~1\anyaut~1\applic~1\Office Genuine Advantage
2010-08-12 22:10:48 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-08-12 22:10:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-08-12 22:10:42 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-08-12 22:09:41 22368 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-08-12 22:09:41 1107296 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-08-12 22:09:41 10976 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-08-12 22:03:03 0 d-----w- c:\program files\Sony Ericsson
2010-08-11 22:26:28 0 d-----w- c:\docume~1\anyaut~1\applic~1\aerix
2010-08-10 20:14:42 174 ----a-w- c:\windows\system32\MRT.INI
2010-08-09 22:27:27 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-09 22:27:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-09 22:20:47 19456 ----a-w- c:\windows\system32\msippsth.dll
2010-08-09 22:20:38 0 d-----w- c:\docume~1\anyaut~1\applic~1\D5E7702ABFBF2BCA5B7A719B20C7C03E

==================== Find3M ====================

2010-08-26 19:44:55 44544 ----a-w- c:\windows\system32\agremove.exe
2010-08-20 22:28:13 37892 ----a-w- c:\windows\system32\TPSMain.exe

============= FINISH: 21:03:52.87 ===============

Edited by boopme, 28 September 2010 - 08:52 PM.

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,

• Please download OTL from this link.
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Under the Custom Scan box paste this in:
  
  netsvcs
  msconfig
  drivers32 /all
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.sys /90
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\*. /mp /s
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32
  ahcix86s.sys
  nvrd32.sys
  user32.dll
  ws2_32.dll
  /md5stop
  %systemroot%\*. /mp /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  CREATERESTOREPOINT
  
  
• Click the Quick Scan button.
• The scan should take a few minutes.
• Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

In your reply, please post both OTL logs and the GMER log.

Hi thanks for the help. Im still having the same issues but from last time i posted i have ran microsoft security essentials which found alureon H i removes it but each time i do another scan its there again. I had trouble trying to do a a scan with the gmer.zip each time i ran it my laptop closes saying an error has occured with a blue screen i followed all the instructuion with diasabling the CD emulation and i tryed several times but the same thin kept happening. i manged to get a log from OTL which is attached. Thanka again with helping me with this its so annoying the malware is not going.

OTL logfile created on: 03/10/2010 14:18:29 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Any Authorised User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 91.54 Gb Free Space | 81.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-88457C3610
Current User Name: Any Authorised User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/03 14:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any Authorised User\Desktop\OTL.exe
PRC - [2010/09/16 16:49:44 | 000,391,544 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/16 22:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr .exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/22 11:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/18 14:17:38 | 000,558,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/10/25 17:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/09/28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/03 22:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/07/10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/03/16 13:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/01/17 16:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/10/03 14:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any Authorised User\Desktop\OTL.exe
MOD - [2008/04/14 01:12:08 | 000,206,336 | ---- | M] () -- C:\WINDOWS\evokecikot.dll
MOD - [2008/04/14 01:12:02 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\opengl32.dll
MOD - [2008/04/14 01:11:54 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\glu32.dll
MOD - [2008/04/14 01:11:51 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2008/04/14 01:11:51 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/18 14:17:38 | 000,558,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/11/07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/09/28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2005/01/17 16:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\wpoixagw.sys -- (eawjckip)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/09/24 12:45:54 | 000,022,368 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008/09/24 12:45:54 | 000,010,976 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/04 09:12:06 | 000,048,600 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/02/01 13:18:56 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (CnxtHdAudAddService)
DRV - [2008/01/11 22:58:10 | 000,021,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/12/28 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/12/26 10:20:18 | 000,288,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/12/19 11:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/12/17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/11/06 15:25:36 | 000,101,888 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/05 11:56:58 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/11/01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/09/04 10:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/07/13 09:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/05/29 10:01:50 | 000,006,912 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/01/12 16:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/06/10 21:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/05/05 14:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...nt&ie=UTF-8
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...nt&ie=UTF-8
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092



IE - HKU\S-1-5-21-2132524980-2487215980-2308407570-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2132524980-2487215980-2308407570-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2132524980-2487215980-2308407570-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2132524980-2487215980-2308407570-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2132524980-2487215980-2308407570-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/05/22 11:33:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{163956D5-4A1B-4115-BE19-D4E52DCBD425}: C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\{163956D5-4A1B-4115-BE19-D4E52DCBD425} [2010/10/01 21:51:12 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/08/09 23:48:52 | 000,415,879 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14357 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2132524980-2487215980-2308407570-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Xveqozeraz] C:\WINDOWS\evokecikot.DLL ()
O4 - HKU\S-1-5-21-2132524980-2487215980-2308407570-1005..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr .exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2132524980-2487215980-2308407570-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2132524980-2487215980-2308407570-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\WINDOWS\system32\config\systemprofile\Application Data\hotfix.exe) - C:\WINDOWS\System32\config\systemprofile\Application Data\hotfix.exe File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\WINDOWS\system32\config\systemprofile\Application Data\hotfix.exe) - C:\WINDOWS\System32\config\systemprofile\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/02 16:44:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{115c9310-4994-11dd-be42-001644ab3a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{115c9310-4994-11dd-be42-001644ab3a7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{115c9311-4994-11dd-be42-001644ab3a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{115c9311-4994-11dd-be42-001644ab3a7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{453826ea-5f10-11dd-be4f-001644ab3a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{453826ea-5f10-11dd-be4f-001644ab3a7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{453826eb-5f10-11dd-be4f-001644ab3a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{453826eb-5f10-11dd-be4f-001644ab3a7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4631dde-4f19-11dd-be48-001644ab3a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{a4631dde-4f19-11dd-be48-001644ab3a7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4631ddf-4f19-11dd-be48-001644ab3a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{a4631ddf-4f19-11dd-be48-001644ab3a7b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/03 14:11:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Any Authorised User\Desktop\OTL.exe
[2010/10/02 20:00:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Any Authorised User\Recent
[2010/10/01 21:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\{163956D5-4A1B-4115-BE19-D4E52DCBD425}
[2010/10/01 21:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\Unity
[2010/10/01 20:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Electronic Arts
[2010/09/16 16:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/09/05 14:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/04 19:54:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/04 19:54:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/04 17:47:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/09/04 17:45:32 | 000,000,000 | ---D | C] -- C:\9fe1584a4a0974ddc3892e55a842aabd
[2010/09/04 00:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/04 00:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/04 00:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/09/01 16:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/01 16:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/01 15:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/01 15:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\hktgaupno
[2010/09/01 13:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/09/01 13:47:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/08/30 15:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\Help
[2010/08/30 15:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Help
[2010/08/30 15:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/08/30 15:29:19 | 000,390,520 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\PsInfo.exe
[2010/08/30 15:29:19 | 000,381,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\PsExec.exe
[2010/08/30 15:29:19 | 000,333,176 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\PsGetsid.exe
[2010/08/30 15:29:19 | 000,231,288 | ---- | C] (Sysinternals) -- C:\WINDOWS\System32\PsList.exe
[2010/08/30 15:29:19 | 000,183,160 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\PsLoggedon.exe
[2010/08/30 15:29:19 | 000,178,040 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\psloglist.exe
[2010/08/30 15:29:19 | 000,169,848 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\PsService.exe
[2010/08/30 15:29:13 | 000,621,944 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pskill.exe
[2010/08/30 15:29:13 | 000,207,664 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\psshutdown.exe
[2010/08/30 15:29:13 | 000,187,184 | ---- | C] (Sysinternals) -- C:\WINDOWS\System32\pssuspend.exe
[2010/08/30 15:29:13 | 000,105,264 | ---- | C] (Sysinternals) -- C:\WINDOWS\System32\psfile.exe
[2010/08/30 15:29:13 | 000,105,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pspasswd.exe
[2010/08/29 15:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/28 13:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\iyulahnkc
[2010/08/26 00:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/08/25 16:03:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/25 15:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\sobpxjoko
[2010/08/21 01:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/08/20 22:04:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/20 21:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/08/20 21:03:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/08/20 21:03:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/08/20 21:03:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/08/20 20:58:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/08/20 20:54:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/08/19 22:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/19 19:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Malwarebytes
[2010/08/19 19:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/19 19:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/19 19:17:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/19 16:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/19 15:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\xmxkrtudn
[2010/08/19 15:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\gxtmqpfyo
[2010/08/19 15:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\lxdmqgfpn
[2010/08/19 15:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\Windows Server
[2010/08/16 14:59:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/16 00:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/08/16 00:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Office Genuine Advantage
[2010/08/15 15:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/08/13 15:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Mozilla
[2010/08/13 15:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/08/12 23:09:41 | 000,022,368 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010/08/12 23:09:41 | 000,010,976 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010/08/12 23:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/08/11 23:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\aerix
[2010/08/10 21:11:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/08/09 23:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/09 23:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/09 23:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/09 23:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/09 23:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\D5E7702ABFBF2BCA5B7A719B20C7C03E
[2010/07/28 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\WinRAR
[2010/07/28 17:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/20 16:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/19 02:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/07/19 02:21:46 | 000,000,000 | ---D | C] -- C:\56bf8287fbae544d611f9b2344e53a
[2010/07/19 02:20:41 | 000,000,000 | ---D | C] -- C:\6c4cbb249e3470ab92c469cef6
[2010/07/19 02:20:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/07/09 14:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Real
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/03 14:20:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\defogger_reenable
[2010/10/03 14:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/03 14:19:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\Defogger.exe
[2010/10/03 14:13:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Ÿ=Ÿ=
[2010/10/03 14:11:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/03 14:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any Authorised User\Desktop\OTL.exe
[2010/10/03 13:57:57 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0392ED5-749D-4A87-B0AB-F107940030A1}.job
[2010/10/03 13:55:16 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/03 13:54:17 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2010/10/03 13:52:32 | 000,031,133 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/10/03 13:50:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Osagit.bin
[2010/10/03 13:50:31 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/10/03 13:50:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/10/03 13:50:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/03 13:50:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/03 13:49:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/03 13:49:46 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/02 19:57:36 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\ntuser.dat
[2010/10/02 19:57:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\ntuser.ini
[2010/10/02 19:52:51 | 004,306,988 | -H-- | M] () -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\IconCache.db
[2010/10/02 19:27:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/02 19:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/02 18:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/02 13:30:23 | 000,012,967 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Michael Wain.docx
[2010/10/02 02:35:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Agetev.dat
[2010/10/02 02:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/02 01:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/02 00:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/01 23:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/01 22:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/01 21:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/01 20:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/28 17:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/09/28 16:39:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/25 16:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/24 18:25:03 | 000,000,696 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/18 17:44:26 | 000,449,024 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\STUDENT DESIGN TEMPLATE 2.ppt
[2010/09/16 17:20:09 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 16:49:46 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/09/12 15:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/11 13:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/11 12:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/07 18:28:02 | 000,025,096 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Science - Enzymes.docx
[2010/09/05 14:33:00 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/05 13:45:48 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\nN2B8M6.dat
[2010/09/04 19:54:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 22:18:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vmm32dll.ex_
[2010/09/01 19:15:43 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/08/29 16:07:50 | 000,005,772 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\sharedaccess.reg
[2010/08/29 11:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/08/29 10:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/08/26 21:12:15 | 000,004,809 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Attach.zip
[2010/08/26 16:12:07 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\dgcw.sys
[2010/08/25 17:32:31 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\rkill.com
[2010/08/21 18:52:56 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/21 18:52:55 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/21 18:52:52 | 000,525,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/08/20 22:04:27 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/20 20:58:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/20 01:07:20 | 004,754,038 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Nelly -Ride With ME.mp3
[2010/08/20 01:06:21 | 000,009,486 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Folder.jpg
[2010/08/20 01:06:21 | 000,009,486 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{2BEBFD54-AFCB-4016-A917-E8997183485A}_Large.jpg
[2010/08/20 01:06:19 | 000,002,568 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArtSmall.jpg
[2010/08/20 01:06:19 | 000,002,568 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{2BEBFD54-AFCB-4016-A917-E8997183485A}_Small.jpg
[2010/08/19 19:26:27 | 000,002,838 | ---- | M] () -- C:\WINDOWS\iwiticuha.dll
[2010/08/19 19:04:25 | 000,002,838 | ---- | M] () -- C:\WINDOWS\iditagacut.dll
[2010/08/18 20:18:30 | 004,410,337 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Wu-Tang Clan - Protect Ya Neck.mp3
[2010/08/18 20:14:39 | 003,701,060 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\bow wow rock da mic.mp3
[2010/08/18 20:10:15 | 003,962,703 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Busta Rhymes - In The Ghetto ft. Rick James.mp3
[2010/08/16 15:19:26 | 021,272,038 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\ibizadownload_20100803-1347.mp3
[2010/08/13 15:16:50 | 050,974,376 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Omnius_for_SE_v0.08.2498.zip
[2010/08/12 23:10:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/08/12 23:10:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/08/12 21:15:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/08/10 21:14:42 | 000,000,174 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/09 23:48:52 | 000,415,879 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/28 21:28:16 | 000,002,493 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{3D819CE4-E9AC-4E11-BD5F-D206BA5BC6DA}_Small.jpg
[2010/07/28 18:36:26 | 030,587,522 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Da CoD MoD.rar
[2010/07/28 00:11:20 | 005,040,619 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Delerium - Silence ft. Sarah McLachlan (Tiesto Mix).mp3
[2010/07/20 16:13:53 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/20 16:13:52 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\Windows Media Player.lnk
[2010/07/19 22:00:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/19 22:00:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/19 02:21:39 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/19 02:20:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/03 14:20:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\defogger_reenable
[2010/10/03 14:19:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Desktop\Defogger.exe
[2010/10/01 21:51:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Agetev.dat
[2010/10/01 21:51:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Osagit.bin
[2010/10/01 18:42:45 | 000,012,967 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Michael Wain.docx
[2010/09/26 17:52:24 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/18 17:44:23 | 000,449,024 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\STUDENT DESIGN TEMPLATE 2.ppt
[2010/09/16 16:49:46 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/09/07 18:28:02 | 000,025,096 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Science - Enzymes.docx
[2010/09/05 14:38:32 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/05 14:33:00 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 19:54:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 19:15:43 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/01 13:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vmm32dll.ex_
[2010/08/30 15:29:13 | 000,064,126 | ---- | C] () -- C:\WINDOWS\System32\Pstools.chm
[2010/08/29 16:07:54 | 000,005,772 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Desktop\sharedaccess.reg
[2010/08/26 21:12:15 | 000,004,809 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Attach.zip
[2010/08/26 16:12:07 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\dgcw.sys
[2010/08/26 00:31:41 | 000,000,450 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0392ED5-749D-4A87-B0AB-F107940030A1}.job
[2010/08/25 17:32:29 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Desktop\rkill.com
[2010/08/21 20:28:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Ÿ=Ÿ=
[2010/08/20 23:32:01 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nN2B8M6.dat
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/08/20 23:28:21 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/08/20 01:06:22 | 000,009,486 | -HS- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{2BEBFD54-AFCB-4016-A917-E8997183485A}_Large.jpg
[2010/08/20 01:06:22 | 000,002,568 | -HS- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{2BEBFD54-AFCB-4016-A917-E8997183485A}_Small.jpg
[2010/08/19 19:26:27 | 000,002,838 | ---- | C] () -- C:\WINDOWS\iwiticuha.dll
[2010/08/19 19:04:24 | 000,002,838 | ---- | C] () -- C:\WINDOWS\iditagacut.dll
[2010/08/19 15:53:37 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\ntuser.dat
[2010/08/18 20:18:30 | 004,410,337 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Wu-Tang Clan - Protect Ya Neck.mp3
[2010/08/18 20:15:21 | 004,754,038 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Nelly -Ride With ME.mp3
[2010/08/18 20:14:39 | 003,701,060 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\bow wow rock da mic.mp3
[2010/08/18 20:10:15 | 003,962,703 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Busta Rhymes - In The Ghetto ft. Rick James.mp3
[2010/08/17 18:55:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/16 15:19:51 | 000,009,486 | -HS- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Folder.jpg
[2010/08/16 15:18:32 | 021,272,038 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\ibizadownload_20100803-1347.mp3
[2010/08/13 15:16:44 | 050,974,376 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Omnius_for_SE_v0.08.2498.zip
[2010/08/12 23:10:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/08/12 23:10:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/08/12 21:15:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/08/10 21:14:42 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/10 21:11:51 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/28 21:28:18 | 000,002,568 | -HS- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArtSmall.jpg
[2010/07/28 21:28:18 | 000,002,493 | -HS- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{3D819CE4-E9AC-4E11-BD5F-D206BA5BC6DA}_Small.jpg
[2010/07/28 18:36:03 | 030,587,522 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Da CoD MoD.rar
[2010/07/28 00:11:05 | 005,040,619 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Delerium - Silence ft. Sarah McLachlan (Tiesto Mix).mp3
[2010/07/19 02:20:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/02 19:35:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/02 19:35:14 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/02 19:35:14 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/02 19:35:13 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/02 19:35:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/06/01 17:17:19 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/22 11:25:47 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/09/02 08:13:34 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/22 13:45:07 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/05/22 13:45:06 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/05/22 13:45:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/05/22 13:45:06 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/04/02 18:05:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/02 17:59:13 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2008/04/02 17:41:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/04/02 17:41:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/04/02 17:41:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/04/02 17:41:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/04/02 17:41:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/04/02 17:41:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/04/02 17:37:29 | 000,012,524 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2008/04/02 17:37:29 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2008/04/02 17:28:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2008/04/02 17:26:45 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/04/02 17:26:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/04/02 17:26:45 | 000,009,484 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/04/02 17:26:45 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/04/02 16:59:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2008/04/02 16:57:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008/04/02 16:57:01 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/02 15:36:06 | 000,206,336 | ---- | C] () -- C:\WINDOWS\evokecikot.dll
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2007/12/18 13:47:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2007/12/14 16:01:30 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/05/22 20:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TMP
[2008/05/22 20:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2010/08/01 22:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/30 15:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/05/08 21:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/09/25 16:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Adyxo
[2010/08/11 23:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\aerix
[2010/09/01 16:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Buur
[2008/07/10 09:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Bytemobile
[2010/08/19 20:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\D5E7702ABFBF2BCA5B7A719B20C7C03E
[2010/10/01 20:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Electronic Arts
[2010/08/19 18:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Imhim
[2010/08/26 14:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Piepr
[2008/05/22 20:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\TMP
[2008/05/30 08:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\toshiba
[2010/10/03 14:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\uTorrent
[2010/09/26 17:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Uvid
[2008/07/10 09:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Vodafone
[2010/08/26 16:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Yglyc
[2008/05/22 20:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TMP
[2008/05/22 20:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2008/07/10 09:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2010/10/02 00:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/08/29 10:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/08/29 11:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/09/11 12:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/09/11 13:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/03 14:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/09/12 15:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/09/25 16:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/09/28 17:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/02 18:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/02 01:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/02 19:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/01 20:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/01 21:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/01 22:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/01 23:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/02 02:20:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/08/20 23:28:22 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2008/05/28 14:30:35 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2008/05/28 14:30:34 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/10/03 13:55:16 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/10/03 13:50:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2008/05/22 13:45:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2010/10/03 13:57:57 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0392ED5-749D-4A87-B0AB-F107940030A1}.job
[2010/10/03 13:50:31 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/02 17:39:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/02 17:39:42 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/02 17:39:42 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2008/04/02 16:44:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/22 13:45:02 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/04/02 16:44:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/03 13:49:46 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/09 23:30:21 | 000,000,160 | ---- | M] () -- C:\immudebug.log
[2008/04/02 16:44:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/02 16:44:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/01/15 08:52:28 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/20 20:58:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/03 13:49:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/10/02 19:54:26 | 000,000,397 | ---- | M] () -- C:\rkill.log
[2008/10/07 08:13:45 | 000,452,322 | ---- | M] () -- C:\Role of Acas -October 2008.pptx
[2008/04/03 02:13:28 | 000,000,070 | -H-- | M] () -- C:\SWSTAMP.TXT
[2010/08/23 15:20:12 | 000,000,318 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/12/17 18:05:32 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/01/15 08:59:13 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2008/01/15 08:59:13 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/08/20 20:54:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/08/20 20:54:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/08/20 20:54:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/01/15 08:59:13 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2008/01/15 08:59:13 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/08/20 20:54:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/08/20 20:54:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/08/20 20:54:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/01/15 08:59:13 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2008/01/15 08:36:38 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/09/29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2008/01/15 16:48:32 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\OemDir\iaStor.sys
[2008/01/15 16:48:32 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\iaStor.sys
[2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll
[2008/01/15 08:50:53 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/01/15 08:56:51 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 19:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 16:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2007/03/08 16:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/01/15 09:02:55 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2005/03/02 19:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2008/01/15 09:06:26 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 22528 bytes -> C:\WINDOWS\System32\autochk(6).exe:BAK
@Alternate Data Stream - 22528 bytes -> C:\WINDOWS\System32\autochk(5).exe:BAK
@Alternate Data Stream - 22528 bytes -> C:\WINDOWS\System32\autochk(4).exe:BAK
@Alternate Data Stream - 22528 bytes -> C:\WINDOWS\System32\autochk(3).exe:BAK
< End of report >


EDIT: paste log

Edited by etavares, 03 October 2010 - 09:31 AM.

Hello, RC7.

You are definitely infected. Alureon is a backdoor rootkit so I need to provide this warning. We'll also need to use a couple of other scans since you had issues with GMER.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent/uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.








Two Antiviruses Warning


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Mcafee or Microsoft Security Essentials.





Step 1

Scan With RKUnHooker

• Please Rootkit Unhooker and save it to your desktop.
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
• Wait till the scanner has finished and then click File, Save Report.
• Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore





Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares

hi the rootkit unhooker had got a wrong link when i clicked on it it says wrong url i did do the mrncheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0E8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9E43000 iaStor.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E23000 fltmgr.sys
0xB9E11000 sr.sys
0xB9DFA000 KSecDD.sys
0xB9DE7000 WudfPf.sys
0xB9D5A000 Ntfs.sys
0xB9D2D000 NDIS.sys
0xBA5AE000 Thpevm.SYS
0xBA338000 thpdrv.sys
0xB9D13000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA288000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA580000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB8DF0000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8DDC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8DB8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8D90000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8D4A000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xB8D36000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA298000 \SystemRoot\system32\DRIVERS\o2media.sys
0xB8D1E000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xB93E6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA428000 \SystemRoot\system32\drivers\qkbfiltr.sys
0xBA430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB88DD000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA438000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9B36000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0xB93D6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB93C6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB88BA000 \SystemRoot\system32\DRIVERS\ks.sys
0xB93B6000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xBA7CE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB93A6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9B2E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB88A3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9396000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9386000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA440000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB886A000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA308000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB3684000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB63AF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA64A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB3626000 \SystemRoot\system32\DRIVERS\update.sys
0xB8887000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA64C000 \SystemRoot\system32\drivers\BoiHwSetup.sys
0xBA64E000 \SystemRoot\system32\DRIVERS\QIOMem.sys
0xB639F000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xB638F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB5168000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA650000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA33A1000 \SystemRoot\system32\drivers\CHDAud.sys
0xA337D000 \SystemRoot\system32\drivers\portcls.sys
0xB5158000 \SystemRoot\system32\drivers\drmk.sys
0xA3349000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA3257000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA31A4000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA3C0000 \SystemRoot\System32\Drivers\Modem.SYS
0xA2608000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xBA5BE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB3CF3000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C0000 \SystemRoot\System32\Drivers\Beep.SYS
0xB803E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB4CBF000 \SystemRoot\System32\drivers\vga.sys
0xBA5C2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5C4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB4CB7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB4CAF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB37A2000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA25D5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA257C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2478000 \SystemRoot\System32\Drivers\Mpfp.sys
0xA23ED000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB3D4B000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA1BE2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA2FC1000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA1856000 \SystemRoot\System32\drivers\afd.sys
0xA34AE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA11C9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA0F8D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0D31000 \SystemRoot\system32\drivers\mfehidk.sys
0xBA318000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA158000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA198000 \SystemRoot\system32\DRIVERS\arp1394.sys
0x9E9C6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9D918000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0x9EB6D000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x9D8FA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9E2E5000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9D832000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB361A000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA448000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9D818000 \SystemRoot\system32\DRIVERS\tdudf.sys
0x9D807000 \SystemRoot\System32\Drivers\Udfs.SYS
0x9D7E6000 \SystemRoot\system32\DRIVERS\trudf.sys
0x9FAAF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2FBD000 \SystemRoot\system32\DRIVERS\netdevio.sys
0x9D719000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9D6B4000 \SystemRoot\system32\drivers\wdmaud.sys
0xB5128000 \SystemRoot\system32\drivers\sysaudio.sys
0x9D49F000 \SystemRoot\system32\DRIVERS\srv.sys
0x9D357000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB4C77000 \SystemRoot\system32\drivers\mfebopk.sys
0x9CBBE000 \SystemRoot\system32\drivers\mfeavfk.sys
0x9C602000 \SystemRoot\System32\Drivers\HTTP.sys
0x9C4AA000 \SystemRoot\system32\drivers\mfesmfk.sys
0x9BC71000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
692 C:\WINDOWS\system32\smss.exe
908 csrss.exe
936 C:\WINDOWS\system32\winlogon.exe
984 C:\WINDOWS\system32\services.exe
1004 C:\WINDOWS\system32\lsass.exe
1176 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1328 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1364 C:\WINDOWS\system32\svchost.exe
1428 C:\WINDOWS\system32\svchost.exe
1680 svchost.exe
1728 svchost.exe
224 C:\WINDOWS\system32\spoolsv.exe
264 C:\WINDOWS\explorer.exe
392 svchost.exe
872 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
1504 C:\WINDOWS\system32\svchost.exe
1576 C:\Program Files\Java\jre6\bin\jqs.exe
1820 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
556 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
1584 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1800 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2056 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
2064 C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
2096 C:\WINDOWS\system32\hkcmd.exe
2136 C:\WINDOWS\system32\igfxpers.exe
2144 C:\Program Files\McAfee\MPF\MpfSrv.exe
2160 C:\WINDOWS\system32\ThpSrv.exe
2224 C:\WINDOWS\system32\igfxsrvc.exe
2228 C:\Program Files\McAfee.com\Agent\mcagent.exe
2332 C:\Program Files\McAfee\MSK\msksrver.exe
2328 C:\Program Files\Microsoft Security Essentials\msseces.exe
2452 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
2472 C:\WINDOWS\system32\svchost.exe
2600 C:\WINDOWS\system32\ctfmon.exe
2620 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
2644 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
2732 C:\WINDOWS\system32\svchost.exe
2760 C:\Program Files\uTorrent\uTorrent.exe
2856 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3084 C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
3336 C:\WINDOWS\system32\svchost.exe
3396 C:\WINDOWS\system32\ThpSrv.exe
3512 C:\WINDOWS\system32\TODDSrv.exe
3536 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2812 C:\Program Files\Internet Explorer\iexplore.exe
1480 C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
3432 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
3700 alg.exe
2248 C:\WINDOWS\system32\msiexec.exe
4408 C:\WINDOWS\system32\msiexec.exe
2612 C:\Program Files\Internet Explorer\iexplore.exe
5136 C:\Program Files\Internet Explorer\iexplore.exe
5328 C:\Program Files\Internet Explorer\iexplore.exe
5644 C:\Program Files\Windows Live\Contacts\wlcomm.exe
2776 C:\Program Files\Internet Explorer\iexplore.exe
2832 C:\Documents and Settings\Any Authorised User\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1246GSX, Rev: LB213M

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Hello, RC7.

Yeah, the RKU site appears to be down for me too. Ok, we can move on...but will need to come back to RKU most likely.

Next, please download ComboFix from one of these locations:

• Bleepingcomputer
  
• ForoSpyware

* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on etavaresCF.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares

hi ive attched the log

Hello, RC7.

OK, you have a very sick machine. The Virtumonde/Vundo infection is a specific file infector one that may require repeated fixes to remove.

Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

etavares

EDIT: paste as codebox not quotebox.

Edited by etavares, 03 October 2010 - 12:43 PM.

Hi sorry for the delay it ended up taking all night!

ComboFix 10-10-02.02 - Any Authorised User 03/10/2010 18:49:44.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1389 [GMT 1:00]
Running from: c:\documents and settings\Any Authorised User\Desktop\etavaresCF.exe
Command switches used :: c:\documents and settings\Any Authorised User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

file zipped: c:\documents and settings\All Users\Application Data\nN2B8M6.dat
file zipped: c:\windows\Agetev.dat
file zipped: c:\windows\Osagit.bin
file zipped: c:\windows\system32\drivers\axvtvyfl.sys
file zipped: c:\windows\system32\drivers\nxojjouu.sys
file zipped: c:\windows\system32\drivers\qjvvhfgn.sys
file zipped: c:\windows\system32\drivers\tryvkejw.sys
file zipped: c:\windows\system32\drivers\vahinqxq.sys
file zipped: c:\windows\vmm32dll.ex_
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\56bf8287fbae544d611f9b2344e53a
c:\56bf8287fbae544d611f9b2344e53a\update\update.exe
C:\6c4cbb249e3470ab92c469cef6
c:\6c4cbb249e3470ab92c469cef6\update\update.exe
C:\9fe1584a4a0974ddc3892e55a842aabd
c:\9fe1584a4a0974ddc3892e55a842aabd\mrt.exe
c:\9fe1584a4a0974ddc3892e55a842aabd\mrtstub.exe
c:\documents and settings\All Users\Application Data\nN2B8M6.dat
c:\documents and settings\Any Authorised User\Application Data\Adyxo
c:\documents and settings\Any Authorised User\Application Data\Buur
c:\documents and settings\Any Authorised User\Application Data\Imhim
c:\documents and settings\Any Authorised User\Application Data\Piepr
c:\documents and settings\Any Authorised User\Application Data\Uvid
c:\documents and settings\Any Authorised User\Application Data\Yglyc
c:\documents and settings\Any Authorised User\Application Data\Yglyc\rauvb .exe
c:\windows\Agetev.dat
c:\windows\Osagit.bin
c:\windows\system32\drivers\axvtvyfl.sys
c:\windows\system32\drivers\nxojjouu.sys
c:\windows\system32\drivers\qjvvhfgn.sys
c:\windows\system32\drivers\tryvkejw.sys
c:\windows\system32\drivers\vahinqxq.sys
c:\windows\vmm32dll.ex_

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OBGIOU
-------\Service_eawjckip
-------\Service_obgiou

Looks like the log got cut off. can you please repost? you can attach if needed.

Hi i went to turn the laptop back on and it came up with system can not boot missing c:\windows\system32\config\system then it says press 'r' to bring up another menu asking how do u want to run it i tryed safe mode etc it just kept coming up with the same thing c:\windows\system32\config\system missing

Ok, that's a corrupted registry for whatever reason. Really odd it rebooted and gave you a log to begin with...that kind of error should happen during the reboot while Combofix is running. Anyway, this is why we install the recovery console as part of this process. Your data is safe and we can recover it through a variety of methods. First, let's get Windows working again.

At the boot menu, use the arrow keys to select Microsoft Windows Recovery Console
Type 1 for the Windows installation (or adjust if it's a different number...it's usually 1).
Press Enter.
At the C:\Windows prompt, type the following bolded text and press enter:
cd erdnt\hiv-backup

The prompt shoudl change to C:\erdnt\hiv-backup\> At this new prompt, type the bold text and press Enter:
batch erdnt.con

The backups will begin copying.
At the next prompt, type exit and press enter to reboot. Can you get into Windows now?

Hi yes ive managed to get onto windows. When ive logged on a rundll message comes up stating: erro loading c:/WINDOWS/evokecikot.dll. What would you like me to do know?

Please run an OTL quick scan and post the resulting log here..same settings as above, but please do NOT include the blue text in the custom scan box this time. Please also post the contents of C:\Qoobox\ComboFix-quarantined-files.txt in your reply.

EDIT: remove double post.

Edited by etavares, 05 October 2010 - 10:46 AM.

hi

OTL logfile created on: 05/10/2010 17:20:29 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Any Authorised User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 90.61 Gb Free Space | 81.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-88457C3610
Current User Name: Any Authorised User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/03 14:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any Authorised User\Desktop\OTL.exe
PRC - [2010/09/16 16:49:44 | 000,391,544 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/22 11:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/18 14:17:38 | 000,558,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/10/25 17:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/09/28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/07/10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/03/16 13:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/01/17 16:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/10/03 14:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any Authorised User\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/18 14:17:38 | 000,558,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/09/28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2005/01/17 16:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\wpoixagw.sys -- (eawjckip)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\etavaresCF\catchme.sys -- (catchme)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/09/24 12:45:54 | 000,022,368 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008/09/24 12:45:54 | 000,010,976 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/04 09:12:06 | 000,048,600 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/02/01 13:18:56 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (CnxtHdAudAddService)
DRV - [2008/01/11 22:58:10 | 000,021,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/12/28 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/12/26 10:20:18 | 000,288,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/12/19 11:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/12/17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/06 15:25:36 | 000,101,888 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/05 11:56:58 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/11/01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/09/04 10:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/05/29 10:01:50 | 000,006,912 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/01/12 16:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/06/10 21:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/05/05 14:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/05/22 11:33:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/10/04 16:32:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Xveqozeraz] C:\WINDOWS\evokecikot.DLL File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/02 16:44:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/03 17:07:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/03 17:05:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/03 17:05:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/03 17:05:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/03 17:05:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/03 17:05:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/03 17:04:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/03 14:11:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Any Authorised User\Desktop\OTL.exe
[2010/10/02 20:00:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Any Authorised User\Recent
[2010/10/01 21:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\Unity
[2010/10/01 20:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Electronic Arts
[2010/09/16 16:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/09/05 14:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/04 19:54:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/04 19:54:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/04 17:47:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/09/04 00:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/04 00:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/04 00:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/09/01 16:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/01 16:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/01 15:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/01 15:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\hktgaupno
[2010/09/01 13:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/09/01 13:47:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/08/30 15:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\Help
[2010/08/30 15:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Help
[2010/08/30 15:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/08/30 15:29:19 | 000,390,520 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\PsInfo.exe
[2010/08/30 15:29:19 | 000,381,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\PsExec.exe
[2010/08/30 15:29:19 | 000,333,176 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\PsGetsid.exe
[2010/08/30 15:29:19 | 000,231,288 | ---- | C] (Sysinternals) -- C:\WINDOWS\System32\PsList.exe
[2010/08/30 15:29:19 | 000,183,160 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\PsLoggedon.exe
[2010/08/30 15:29:19 | 000,178,040 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\psloglist.exe
[2010/08/30 15:29:19 | 000,169,848 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\PsService.exe
[2010/08/30 15:29:13 | 000,621,944 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pskill.exe
[2010/08/30 15:29:13 | 000,207,664 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\psshutdown.exe
[2010/08/30 15:29:13 | 000,187,184 | ---- | C] (Sysinternals) -- C:\WINDOWS\System32\pssuspend.exe
[2010/08/30 15:29:13 | 000,105,264 | ---- | C] (Sysinternals) -- C:\WINDOWS\System32\psfile.exe
[2010/08/30 15:29:13 | 000,105,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pspasswd.exe
[2010/08/29 15:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/28 13:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\iyulahnkc
[2010/08/26 00:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/08/25 16:03:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/25 15:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\sobpxjoko
[2010/08/21 01:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/08/20 22:04:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/20 21:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/08/20 21:03:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/08/20 21:03:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/08/20 21:03:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/08/20 20:58:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/08/20 20:54:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/08/19 22:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/19 19:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Malwarebytes
[2010/08/19 19:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/19 19:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/19 19:17:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/19 16:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/19 15:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\xmxkrtudn
[2010/08/19 15:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\gxtmqpfyo
[2010/08/19 15:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\lxdmqgfpn
[2010/08/16 00:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/08/16 00:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Office Genuine Advantage
[2010/08/15 15:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/08/13 15:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Mozilla
[2010/08/13 15:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/08/12 23:09:41 | 000,022,368 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010/08/12 23:09:41 | 000,010,976 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010/08/12 23:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/08/11 23:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\aerix
[2010/08/10 21:11:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/08/10 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/08/09 23:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/09 23:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/09 23:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/09 23:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/09 23:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\D5E7702ABFBF2BCA5B7A719B20C7C03E
[2010/07/28 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\WinRAR
[2010/07/28 17:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/20 16:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/19 02:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/07/19 02:20:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/07/09 14:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any Authorised User\Application Data\Real
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/05 17:14:25 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0392ED5-749D-4A87-B0AB-F107940030A1}.job
[2010/10/05 16:38:34 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/05 16:36:58 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2010/10/05 16:33:47 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/10/05 16:33:42 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/10/05 16:33:39 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/05 16:33:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/05 16:33:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/05 16:33:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 16:32:58 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/05 16:32:57 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 19:39:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/04 19:36:47 | 000,505,570 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/04 19:36:47 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/04 19:36:47 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 19:27:15 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\ntuser.dat
[2010/10/04 19:27:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\ntuser.ini
[2010/10/04 19:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/04 16:34:41 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk
[2010/10/04 16:32:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/04 16:32:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/03 17:08:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/03 17:05:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Ÿ=Ÿ=
[2010/10/03 16:56:21 | 004,838,798 | -H-- | M] () -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\IconCache.db
[2010/10/03 16:54:34 | 003,859,660 | R--- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\etavaresCF.exe
[2010/10/03 16:41:56 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\MBRCheck.exe
[2010/10/03 14:24:29 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\gmer.zip
[2010/10/03 14:20:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\defogger_reenable
[2010/10/03 14:19:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\Defogger.exe
[2010/10/03 14:11:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/03 14:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any Authorised User\Desktop\OTL.exe
[2010/10/02 13:30:23 | 000,012,967 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Michael Wain.docx
[2010/09/24 18:25:03 | 000,000,696 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/18 17:44:26 | 000,449,024 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\STUDENT DESIGN TEMPLATE 2.ppt
[2010/09/16 17:20:09 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 16:49:46 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/09/07 18:28:02 | 000,025,096 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Science - Enzymes.docx
[2010/09/05 14:33:00 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 19:54:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 19:15:43 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/08/29 16:07:50 | 000,005,772 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\sharedaccess.reg
[2010/08/26 21:12:15 | 000,004,809 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Attach.zip
[2010/08/25 17:32:31 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\rkill.com
[2010/08/20 20:58:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/20 01:07:20 | 004,754,038 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Nelly -Ride With ME.mp3
[2010/08/20 01:06:21 | 000,009,486 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Folder.jpg
[2010/08/20 01:06:21 | 000,009,486 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{2BEBFD54-AFCB-4016-A917-E8997183485A}_Large.jpg
[2010/08/20 01:06:19 | 000,002,568 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArtSmall.jpg
[2010/08/20 01:06:19 | 000,002,568 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{2BEBFD54-AFCB-4016-A917-E8997183485A}_Small.jpg
[2010/08/18 20:18:30 | 004,410,337 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Wu-Tang Clan - Protect Ya Neck.mp3
[2010/08/18 20:14:39 | 003,701,060 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\bow wow rock da mic.mp3
[2010/08/18 20:10:15 | 003,962,703 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Busta Rhymes - In The Ghetto ft. Rick James.mp3
[2010/08/16 15:19:26 | 021,272,038 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\ibizadownload_20100803-1347.mp3
[2010/08/13 15:16:50 | 050,974,376 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Omnius_for_SE_v0.08.2498.zip
[2010/08/12 23:10:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/08/12 23:10:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/08/12 21:15:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/08/10 21:14:42 | 000,000,174 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/28 21:28:16 | 000,002,493 | -HS- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{3D819CE4-E9AC-4E11-BD5F-D206BA5BC6DA}_Small.jpg
[2010/07/28 18:36:26 | 030,587,522 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Da CoD MoD.rar
[2010/07/28 00:11:20 | 005,040,619 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\My Documents\Delerium - Silence ft. Sarah McLachlan (Tiesto Mix).mp3
[2010/07/20 16:13:53 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/20 16:13:52 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Any Authorised User\Desktop\Windows Media Player.lnk
[2010/07/19 22:00:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/19 22:00:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/19 02:21:39 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/19 02:20:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 19:28:43 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/10/04 16:34:41 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk
[2010/10/03 17:08:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/03 17:07:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/03 17:05:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/03 17:05:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/03 17:05:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/03 17:05:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/03 17:05:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 16:54:28 | 003,859,660 | R--- | C] () -- C:\Documents and Settings\Any Authorised User\Desktop\etavaresCF.exe
[2010/10/03 16:41:47 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Desktop\MBRCheck.exe
[2010/10/03 14:24:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Desktop\gmer.zip
[2010/10/03 14:20:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\defogger_reenable
[2010/10/03 14:19:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Desktop\Defogger.exe
[2010/10/01 18:42:45 | 000,012,967 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Michael Wain.docx
[2010/09/26 17:52:24 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/18 17:44:23 | 000,449,024 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\STUDENT DESIGN TEMPLATE 2.ppt
[2010/09/16 16:49:46 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/09/07 18:28:02 | 000,025,096 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Science - Enzymes.docx
[2010/09/05 14:38:32 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/05 14:33:00 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 19:54:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 19:15:43 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/30 15:29:13 | 000,064,126 | ---- | C] () -- C:\WINDOWS\System32\Pstools.chm
[2010/08/29 16:07:54 | 000,005,772 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Desktop\sharedaccess.reg
[2010/08/26 21:12:15 | 000,004,809 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Attach.zip
[2010/08/26 00:31:41 | 000,000,450 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0392ED5-749D-4A87-B0AB-F107940030A1}.job
[2010/08/25 17:32:29 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Desktop\rkill.com
[2010/08/21 20:28:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Ÿ=Ÿ=
[2010/08/20 01:06:22 | 000,009,486 | -HS- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{2BEBFD54-AFCB-4016-A917-E8997183485A}_Large.jpg
[2010/08/20 01:06:22 | 000,002,568 | -HS- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{2BEBFD54-AFCB-4016-A917-E8997183485A}_Small.jpg
[2010/08/19 15:53:37 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\ntuser.dat
[2010/08/18 20:18:30 | 004,410,337 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Wu-Tang Clan - Protect Ya Neck.mp3
[2010/08/18 20:15:21 | 004,754,038 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Nelly -Ride With ME.mp3
[2010/08/18 20:14:39 | 003,701,060 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\bow wow rock da mic.mp3
[2010/08/18 20:10:15 | 003,962,703 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Busta Rhymes - In The Ghetto ft. Rick James.mp3
[2010/08/17 18:55:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/16 15:19:51 | 000,009,486 | -HS- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Folder.jpg
[2010/08/16 15:18:32 | 021,272,038 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\ibizadownload_20100803-1347.mp3
[2010/08/13 15:16:44 | 050,974,376 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Omnius_for_SE_v0.08.2498.zip
[2010/08/12 23:10:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/08/12 23:10:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/08/12 21:15:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/08/10 21:14:42 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/10 21:11:51 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/28 21:28:18 | 000,002,568 | -HS- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArtSmall.jpg
[2010/07/28 21:28:18 | 000,002,493 | -HS- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\AlbumArt_{3D819CE4-E9AC-4E11-BD5F-D206BA5BC6DA}_Small.jpg
[2010/07/28 18:36:03 | 030,587,522 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Da CoD MoD.rar
[2010/07/28 00:11:05 | 005,040,619 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\My Documents\Delerium - Silence ft. Sarah McLachlan (Tiesto Mix).mp3
[2010/07/19 02:20:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/02 19:35:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/02 19:35:14 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/02 19:35:14 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/02 19:35:13 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/02 19:35:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/06/01 17:17:19 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/22 11:25:47 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/09/02 08:13:34 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/22 13:45:07 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/05/22 13:45:06 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/05/22 13:45:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/05/22 13:45:06 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/04/02 18:05:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/02 17:59:13 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2008/04/02 17:41:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/04/02 17:41:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/04/02 17:41:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/04/02 17:41:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/04/02 17:41:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/04/02 17:41:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/04/02 17:37:29 | 000,012,524 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2008/04/02 17:37:29 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2008/04/02 17:28:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2008/04/02 17:26:45 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/04/02 17:26:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/04/02 17:26:45 | 000,009,484 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/04/02 17:26:45 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/04/02 16:59:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2008/04/02 16:57:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008/04/02 16:57:01 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2007/12/18 13:47:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2007/12/14 16:01:30 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/08/01 22:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/30 15:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/05/08 21:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/08/11 23:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\aerix
[2008/07/10 09:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Bytemobile
[2010/08/19 20:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\D5E7702ABFBF2BCA5B7A719B20C7C03E
[2010/10/01 20:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Electronic Arts
[2008/05/22 20:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\TMP
[2008/05/30 08:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\toshiba
[2010/10/05 17:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\uTorrent
[2008/07/10 09:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any Authorised User\Application Data\Vodafone
[2010/10/05 16:38:34 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/10/05 16:33:42 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2008/05/22 13:45:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2010/10/05 17:14:25 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0392ED5-749D-4A87-B0AB-F107940030A1}.job
[2010/10/05 16:33:47 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 22528 bytes -> C:\WINDOWS\System32\autochk(6).exe:BAK
@Alternate Data Stream - 22528 bytes -> C:\WINDOWS\System32\autochk(5).exe:BAK
@Alternate Data Stream - 22528 bytes -> C:\WINDOWS\System32\autochk(4).exe:BAK
@Alternate Data Stream - 22528 bytes -> C:\WINDOWS\System32\autochk(3).exe:BAK
< End of report >