Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojans, Ransomware & Zero Access Rootkit (Canít remove)


  • This topic is locked This topic is locked
73 replies to this topic

#1 Lily123

Lily123

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:12 AM

Posted 17 December 2013 - 06:48 AM

Hi there,

 

I’m hoping that someone could please help me with a problem I am having with multiple viruses that are growing in number (despite trying numerous times to remove them from my system).

 

A few days ago I was using my computer normally.  I went out of the room for a moment and heard my computer restart itself.  When it booted back up again my McAfee Antivirus (which is actually expired) said that a ‘Trojan’ had been just removed from my computer. 

 

I also noticed that the icons on my desktop had rearranged themselves.  When I tried to move them back to their original position, they would rearrange themselves a few seconds later.  My internet homepage has also disappeared (it is just a blank page). 

 

I ran Malwarebytes Anti-Malware.  MBAM found the following threats:

 

13th December (afternoon)

Trojan.Ransom.ED (File)

Trojan.Ransom.ED (Registry Key)

Trojan.Ransom.ED (File)

Trojan.Ransom.ED (Registry Key)

Trojan.Ransom.ED (Registry Value)

Trojan.Ransom.ED (Registry Key)

 

These threats were sent to quarantine and another scan was performed:

 

13th December (evening)

Trojan.Ransom.ED (File)

Trojan.Ransom.ED (File)

Rootkit.0Access (Registry Key)

 

These threats were sent to quarantine and another scan was performed:

 

14th December (morning)

Rootkit.0Access (Registry Key)

 

This threat was sent to quarantine and another scan was performed:

 

14th December (afternoon)

PUP.Optional.InstallQ.A (File)

 

This threat was sent to quarantine and another scan was performed:

 

15th December (morning)

Rootkit.0Access (Registry Key)

 

This threat was sent to quarantine and another scan was performed:

 

15th December (late morning)

Rootkit.0Access (Registry Key)

 

This threat was sent to quarantine and another scan was performed:

 

16th December (morning)

Rootkit.0Access (Registry Key)

 

As you can see the viruses keep multiplying (despite me scanning and cleaning my computer). 

 

While the MBAM scans were taking place, my McAfee Antivirus (which is expired) was also telling me that it was removing Trojans as well.

 

Yesterday I downloaded Ad-Aware Antivirus and have been scanning my system with that.  So far it has detected the following threats:

 

First scan:

1999 infected objects (threats include ‘Trojan.Generic.1002574’ and hundreds of threats beginning with “Cookie.”)

 

 

Second scan:

13 infected objects (infected objects were not listed on scan result for some reason)

 

 

Third scan:

3 infected objects (‘Gen:Trojan.Heur.Sirefef.1’, ‘Gen:Trojan.Heur.Sirefef.1’ & ‘Trojan.Generic.10025174’)

 

 

As you can see, no matter how much I scan and clean my computer, the viruses keep multiplying / returning.  If anyone could give me any advice on how to remove them and stop them returning it would be greatly appreciated.

 

Thank you



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 17 December 2013 - 07:38 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#3 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:12 AM

Posted 17 December 2013 - 10:37 AM

Hi Georgi,

 

Thank you very much for responding to my post so quickly – it is much appreciated!

 

I downloaded Farbar Recovery Scan Tool to my desktop and run the scan.  Here are the log reports requested (I will attach ‘Addition.txt’ in a post below (it won’t let me copy and paste both logs into a single post):

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2013 01

Ran by Lily (administrator) on D2DM8N0J on 17-12-2013 13:10:15

Running from C:\Documents and Settings\Lily\Desktop

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode:

 

==================== Processes (Whitelisted) ===================

 

(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXBCES.EXE

(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXPPS.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

(F-Secure Corporation) C:\Program Files\BT Cloud\fshoster32.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe

(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe

(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [YBrowser] - C:\Program Files\Yahoo!\browser\ybrwicon.exe [129536 2006-07-21] (Yahoo! Inc.)

HKLM\...\Run: [UpdReg] - C:\WINDOWS\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [151597 2003-03-06] (RealNetworks, Inc.)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-07-16] (Sun Microsystems, Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)

HKLM\...\Run: [PrinTray] - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe [36864 2000-08-10] (Lexmark)

HKLM\...\Run: [PE2CKFNT SE] - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [25088 1998-07-03] ()

HKLM\...\Run: [OneTouch Monitor] - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [86016 2002-04-16] (Visioneer Inc)

HKLM\...\Run: [nwiz] - nwiz.exe /install

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

HKLM\...\Run: [Motive SmartBridge] - C:\Program Files\BTTotalBroadband220V\Help\SmartBridge\BTHelpNotifier.exe [462935 2006-02-06] (Motive)

HKLM\...\Run: [LXSUPMON] - C:\WINDOWS\SYSTEM32\LXSUPMON.EXE [886272 2002-09-30] (Lexmark International Inc.)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2010-03-12] (Hewlett-Packard)

HKLM\...\Run: [DVDSentry] - C:\WINDOWS\SYSTEM32\DSentry.exe [28672 2002-08-14] (Dell - Advanced Desktop Engineering)

HKLM\...\Run: [DataCaching] - C:\Program Files\Data Caching\FlashKsk.exe [290816 2002-10-09] ( )

HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [53248 2002-09-11] (Creative Technology Ltd)

HKLM\...\Run: [CTHelper] - C:\WINDOWS\SYSTEM32\CTHELPER.EXE [24576 2002-09-03] (Creative Technology Ltd)

HKLM\...\Run: [CTDVDDet] - C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe [45056 2002-09-30] (Creative Technology Ltd)

HKLM\...\Run: [Camera Detector] - C:\Program Files\ACD Systems\DevDetect\DevDetect.exe [196608 2002-10-08] (ACD Systems, Ltd.)

HKLM\...\Run: [btbb_wcm_McciTrayApp] - C:\Program Files\btbb_wcm\McciTrayApp.exe [543232 2006-12-08] (Motive Communications, Inc.)

HKLM\...\Run: [BCMSMMSG] - C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)

HKLM\...\Run: [AdaptecDirectCD] - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [684032 2002-10-02] (Roxio)

HKLM\...\Run: [F-Secure Hoster (47188)] - C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)

HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1278064 2013-03-13] (McAfee, Inc.)

HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)

HKLM\...\Run: [] - [x]

HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe [3540312 2013-12-11] ()

HKLM\...\Policies\Explorer: []

HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0

HKLM\...\Policies\Explorer: [NoBandCustomize] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-28] (Google Inc.)

HKCU\...\Run: [RealPlayer] - C:\Program Files\Real\RealOne Player\realplay.exe [1003520 2006-06-07] (RealNetworks, Inc.)

HKCU\...\Run: [PPWebCap] - C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE [43008 2001-10-15] (Scansoft Inc.)

HKCU\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5244216 2009-11-10] (Yahoo! Inc.)

HKCU\...\Run: [BMUpdate] - C:\WINDOWS\SYSTEM32\BMUpdate.exe [176128 2001-07-03] (EchoBahn.com)

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

HKCU\...\Policies\Explorer: [Btn_Back] 0

HKCU\...\Policies\Explorer: [Btn_Forward] 0

HKCU\...\Policies\Explorer: [Btn_Stop] 0

HKCU\...\Policies\Explorer: [Btn_Refresh] 0

HKCU\...\Policies\Explorer: [Btn_Home] 0

HKCU\...\Policies\Explorer: [Btn_Search] 0

HKCU\...\Policies\Explorer: [Btn_History] 0

HKCU\...\Policies\Explorer: [Btn_Favorites] 0

HKCU\...\Policies\Explorer: [Btn_Media] 0

HKCU\...\Policies\Explorer: [Btn_Folders] 0

HKCU\...\Policies\Explorer: [Btn_Fullscreen] 0

HKCU\...\Policies\Explorer: [Btn_Tools] 0

HKCU\...\Policies\Explorer: [Btn_MailNews] 0

HKCU\...\Policies\Explorer: [Btn_Size] 0

HKCU\...\Policies\Explorer: [Btn_Print] 0

HKCU\...\Policies\Explorer: [Btn_Edit] 0

HKCU\...\Policies\Explorer: [Btn_Discussions] 0

HKCU\...\Policies\Explorer: [Btn_Cut] 0

HKCU\...\Policies\Explorer: [Btn_Copy] 0

HKCU\...\Policies\Explorer: [Btn_Paste] 0

HKCU\...\Policies\Explorer: [Btn_Encoding] 0

HKCU\...\Policies\Explorer: [Btn_PrintPreview] 0

HKCU\...\Policies\Explorer: [NoNetHood] 0

HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0

HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0

HKCU\...\Policies\Explorer: [NoSetTaskbar] 0

HKCU\...\Policies\Explorer: [NoFileMenu] 0

HKCU\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0

HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0

HKCU\...\Policies\Explorer: [NoNetConnectDisconnect] 0

HKU\Administrator.D2DM8N0J\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Administrator.D2DM8N0J.000\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-09-08] (Apple Inc.)

HKU\Guest\...\Run: [GdvBqagb] - C:\Documents and Settings\Lily\Local Settings\Application Data\xweogawk\gdvbqagb.exe

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk

ShortcutTarget: BT Broadband Desktop Help.lnk -> C:\Program Files\BTTotalBroadband220V\Help\bin\matcli.exe (Motive Communications, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk

ShortcutTarget: Photo Express Calendar Checker SE.lnk -> C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.

URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll (Yahoo! Inc.)

URLSearchHook: HKCU - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKCU - {2624CA7D-96CE-4F9C-86B2-1FC800A4516D} URL = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,17043,0,8,0

SearchScopes: HKCU - {C37CDA7C-2F36-4485-A0B4-C677283E716E} URL = http://delicious.com/search?p={searchTerms}

SearchScopes: HKCU - {CD23EF35-0E2D-4E4B-B5D8-648B41E93176} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

SearchScopes: HKCU - {F3D080AB-5ED9-4FC9-AEAE-0CA7580130C3} URL = http://www.flickr.com/search/?q={searchTerms}

BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)

BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)

BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll

DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default

FF Homepage: hxxp://uk.yahoo.com

FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=ffds1&p=

FF DefaultSearchEngine: Yahoo

FF SelectedSearchEngine: Yahoo

FF NetworkProxy: "http", "127.0.0.1"

FF NetworkProxy: "http_port", 56848

FF NetworkProxy: "type", 1

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File

FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=6.0.10.835 - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.2.1136 - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)

FF Plugin: @real.com/nprpjplug;version=6.0.11.847 - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File

FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYVerInfo.dll No File

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor

 

========================== Services (Whitelisted) =================

 

S2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)

R2 fshoster; C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [494136 2013-12-11] ()

R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-03-26] (Lexmark International, Inc.)

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

S3 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

S4 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279488 2013-02-25] (McAfee, Inc.)

S4 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)

S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)

S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-10-10] (Intel Corporation)

S2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)

S3 YPCService; C:\WINDOWS\SYSTEM32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.)

R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{3a16e1ff-b4d0-c9a8-adc4-3ef93d171fc4}\   \   \???\{3a16e1ff-b4d0-c9a8-adc4-3ef93d171fc4}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

 

==================== Drivers (Whitelisted) ====================

 

S4 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R3 BCMModem; C:\Windows\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)

S3 bvrp_pci; C:\Windows\System32\Drivers\bvrp_pci.sys [4272 2002-05-13] ()

R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [61424 2003-02-19] (Roxio)

R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [23420 2003-02-19] (Roxio)

R1 cdudf_xp; C:\Windows\System32\Drivers\cdudf_xp.sys [240640 2002-10-02] (Roxio)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)

S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [298384 2002-12-04] ()

R3 dvd_2K; C:\Windows\System32\Drivers\dvd_2K.sys [25674 2002-10-02] (Roxio)

S3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)

R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [816576 2002-11-26] (Creative Technology Ltd)

R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [135728 2002-11-26] (Creative Technology Ltd)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)

S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30464 2013-07-11] ()

S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)

S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)

S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)

S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)

S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)

S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)

S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)

S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)

S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)

S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)

S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)

R3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)

R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91640 2013-02-19] (McAfee, Inc.)

S3 mmc_2K; C:\Windows\System32\Drivers\mmc_2K.sys [30406 2002-10-02] (Roxio)

S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-03-24] (Motive, Inc.)

S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-10-10] (Intel Corporation)

S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)

R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2002-09-27] (Padus, Inc.)

R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [10477 2002-10-09] (Creative Technology Ltd.)

R1 pwd_2k; C:\Windows\System32\Drivers\pwd_2k.sys [134426 2002-10-02] (Roxio)

R3 scrcap; C:\Windows\System32\DRIVERS\scrcap.sys [9006 2006-12-27] (ZD Soft)

R0 SMR322; C:\Windows\System32\drivers\SMR322.SYS [98392 2013-06-13] (Symantec Corporation)

S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)

R1 UdfReadr_xp; C:\Windows\System32\Drivers\UdfReadr_xp.sys [206464 2002-10-02] (Roxio)

S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)

R3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)

R3 vidcap; C:\Windows\System32\DRIVERS\vidcap.sys [9006 2006-12-27] (ZD Soft)

S0 54094920; system32\drivers\53227322.sys [x]

S1 asdtpxjo; \??\C:\WINDOWS\system32\drivers\asdtpxjo.sys [x]

S1 bdpdlqft; \??\C:\WINDOWS\system32\drivers\bdpdlqft.sys [x]

S3 catchme; \??\C:\DOCUME~1\Lily\LOCALS~1\Temp\catchme.sys [x]

S1 fbhxordv; \??\C:\WINDOWS\system32\drivers\fbhxordv.sys [x]

S0 fgrdvhg; System32\drivers\xdrmmre.sys [x]

S1 gwvdxmrx; \??\C:\WINDOWS\system32\drivers\gwvdxmrx.sys [x]

S1 heafslgz; \??\C:\WINDOWS\system32\drivers\heafslgz.sys [x]

S1 heuhmauw; \??\C:\WINDOWS\system32\drivers\heuhmauw.sys [x]

S1 jmoyouqp; \??\C:\WINDOWS\system32\drivers\jmoyouqp.sys [x]

S3 MFE_RR; \??\C:\DOCUME~1\Lily\LOCALS~1\Temp\mfe_rr.sys [x]

S1 orzasdnp; \??\C:\WINDOWS\system32\drivers\orzasdnp.sys [x]

S1 psbrhrvq; \??\C:\WINDOWS\system32\drivers\psbrhrvq.sys [x]

S0 rccemu; System32\drivers\mtkgqn.sys [x]

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S1 szjkpvdt; \??\C:\WINDOWS\system32\drivers\szjkpvdt.sys [x]

U3 TlntSvr;

S1 vgludyil; \??\C:\WINDOWS\system32\drivers\vgludyil.sys [x]

S1 vtgonvmz; \??\C:\WINDOWS\system32\drivers\vtgonvmz.sys [x]

S1 ydkpilvm; \??\C:\WINDOWS\system32\drivers\ydkpilvm.sys [x]

U3 mbr; \??\C:\DOCUME~1\Lily\LOCALS~1\Temp\mbr.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-17 13:08 - 2013-12-17 13:10 - 00026301 _____ C:\Documents and Settings\Lily\Desktop\FRST.txt

2013-12-17 13:05 - 2013-12-17 13:05 - 01061167 _____ (Farbar) C:\Documents and Settings\Lily\Desktop\FRST.exe

2013-12-16 15:00 - 2013-12-16 15:00 - 00000000 ____D C:\Documents and Settings\Lily\Application Data\LavasoftStatistics

2013-12-16 15:00 - 2013-12-16 15:00 - 00000000 ____D C:\Documents and Settings\Lily\Application Data\Lavasoft

2013-12-16 09:53 - 2013-12-16 09:54 - 00002028 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk

2013-12-16 09:53 - 2013-12-16 09:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus

2013-12-16 09:35 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\Lily\Local Settings\Application Data\adawarebp

2013-12-16 09:35 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\blekko toolbars

2013-12-16 09:35 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection

2013-12-16 09:34 - 2013-12-16 09:35 - 00000000 ____D C:\Program Files\Toolbar Cleaner

2013-12-16 09:34 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\Lily\Application Data\adawaretb

2013-12-16 09:28 - 2013-12-16 09:28 - 00000000 ____D C:\Program Files\Common Files\Lavasoft

2013-12-16 09:22 - 2013-12-16 09:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$

2013-12-16 09:20 - 2013-12-16 09:23 - 00014195 _____ C:\WINDOWS\KB942288-v3.log

2013-12-16 09:17 - 2013-12-16 09:17 - 01725064 _____ C:\Documents and Settings\Lily\Desktop\Adaware_Installer.exe

2013-12-16 09:01 - 2013-12-16 09:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

2013-12-16 08:33 - 2013-12-16 08:33 - 00023685 _____ C:\Documents and Settings\Lily\Desktop\attach.txt

2013-12-16 08:33 - 2013-12-16 08:33 - 00017118 _____ C:\Documents and Settings\Lily\Desktop\dds.txt

2013-12-16 00:02 - 2013-12-16 00:02 - 04101441 _____ C:\Documents and Settings\Lily\Desktop\tdsskiller.zip

2013-12-15 23:37 - 2013-12-15 23:37 - 00001771 _____ C:\Documents and Settings\Lily\Desktop\RKreport[2]_S_12152013_02d2337.txt

2013-12-15 23:30 - 2013-12-15 23:31 - 00000000 ____D C:\AdwCleaner

2013-12-15 23:29 - 2013-12-15 23:29 - 01226750 _____ C:\Documents and Settings\Lily\Desktop\adwcleaner.exe

2013-12-15 21:14 - 2013-12-15 21:14 - 00002183 _____ C:\Documents and Settings\Lily\Desktop\aswMBR.txt

2013-12-15 21:14 - 2013-12-15 21:14 - 00000512 _____ C:\Documents and Settings\Lily\Desktop\MBR.dat

2013-12-14 21:24 - 2013-12-16 09:20 - 00000000 ____D C:\WINDOWS\LastGood

2013-12-14 11:28 - 2013-12-14 11:28 - 00000000 ____D C:\Program Files\HitmanPro

2013-12-14 11:26 - 2013-12-14 11:28 - 09096848 _____ (SurfRight B.V.) C:\Documents and Settings\Lily\Desktop\HitmanPro.exe

2013-12-14 11:08 - 2013-12-14 11:09 - 00001736 _____ C:\Documents and Settings\Lily\Desktop\RKreport[1]_S_12142013_02d1108.txt

2013-12-14 11:01 - 2013-12-14 11:08 - 00000000 ____D C:\Documents and Settings\Lily\Desktop\RK_Quarantine

2013-12-13 15:55 - 2013-12-13 15:55 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-13 15:55 - 2013-12-13 15:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2013-12-13 15:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2013-12-13 15:50 - 2013-12-13 15:54 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Lily\Desktop\mbam-setup.exe

2013-12-13 15:28 - 2013-12-16 08:37 - 00002720 _____ C:\Documents and Settings\Lily\Desktop\Rkill.txt

2013-12-13 15:28 - 2013-12-13 15:28 - 00000629 _____ C:\Documents and Settings\Lily\Desktop\Shortcut to iExplore.lnk

2013-12-13 13:09 - 2013-12-13 13:10 - 00016305 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-13 13:09 - 2013-12-13 13:10 - 00003400 _____ C:\WINDOWS\updspapi.log

2013-12-13 13:08 - 2013-12-13 13:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-13 12:58 - 2013-12-13 12:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-13 12:54 - 2013-12-13 13:06 - 00005236 _____ C:\WINDOWS\KB2904266.log

2013-12-13 12:47 - 2013-12-13 12:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-13 12:41 - 2013-12-13 12:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-13 12:33 - 2013-12-16 09:40 - 00012142 _____ C:\WINDOWS\setupapi.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00043278 _____ C:\WINDOWS\FaxSetup.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00020692 _____ C:\WINDOWS\ocgen.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00016513 _____ C:\WINDOWS\tsoc.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00014129 _____ C:\WINDOWS\comsetup.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00008725 _____ C:\WINDOWS\ntdtcsetup.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00006929 _____ C:\WINDOWS\iis6.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00002394 _____ C:\WINDOWS\ocmsn.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00002163 _____ C:\WINDOWS\msgsocm.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00001393 _____ C:\WINDOWS\imsins.log

2013-12-13 12:32 - 2013-12-13 12:32 - 00000000 _____ C:\WINDOWS\setuperr.log

2013-12-13 12:32 - 2013-12-13 12:32 - 00000000 _____ C:\WINDOWS\setupact.log

2013-12-13 12:30 - 2013-12-13 12:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 14:56 - 2013-12-13 12:49 - 00010418 _____ C:\WINDOWS\KB2893294.log

2013-12-12 14:56 - 2013-12-13 12:43 - 00011121 _____ C:\WINDOWS\KB2893984.log

2013-12-12 14:55 - 2013-12-13 12:34 - 00009399 _____ C:\WINDOWS\KB2892075.log

2013-12-12 14:50 - 2013-12-13 13:09 - 00011594 _____ C:\WINDOWS\KB2898715.log

2013-12-10 23:37 - 2013-12-10 23:37 - 00000637 _____ C:\Documents and Settings\Lily\Desktop\ch.txt

2013-12-05 09:56 - 2013-12-16 08:25 - 00000159 _____ C:\WINDOWS\wiadebug.log

2013-12-05 09:55 - 2013-12-16 08:25 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-12-05 09:55 - 2013-12-05 09:55 - 00000000 _____ C:\WINDOWS\Sti_Trace.log

2013-12-02 23:34 - 2013-12-03 00:38 - 00016384 ____T C:\WINDOWS\~DF59D2.tmp

2013-12-02 23:20 - 2013-12-02 23:20 - 00000000 ____T C:\WINDOWS\~DFEE8A.tmp

2013-11-28 23:24 - 2013-11-28 23:24 - 00140895 _____ C:\Documents and Settings\Lily\My Documents\28 nov bt bill.pspimage

2013-11-18 13:29 - 2013-11-18 13:29 - 00087281 _____ C:\Documents and Settings\Lily\My Documents\changes by together coat.pspimage

 

==================== One Month Modified Files and Folders =======

 

2013-12-17 13:10 - 2013-12-17 13:08 - 00026301 _____ C:\Documents and Settings\Lily\Desktop\FRST.txt

2013-12-17 13:05 - 2013-12-17 13:05 - 01061167 _____ (Farbar) C:\Documents and Settings\Lily\Desktop\FRST.exe

2013-12-17 11:26 - 2005-01-16 17:47 - 01775391 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-17 03:04 - 2011-11-22 18:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

2013-12-17 03:02 - 2011-02-13 18:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-12-16 15:00 - 2013-12-16 15:00 - 00000000 ____D C:\Documents and Settings\Lily\Application Data\LavasoftStatistics

2013-12-16 15:00 - 2013-12-16 15:00 - 00000000 ____D C:\Documents and Settings\Lily\Application Data\Lavasoft

2013-12-16 13:26 - 2013-06-12 15:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-12-16 13:08 - 2010-02-23 17:32 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-16 09:54 - 2013-12-16 09:53 - 00002028 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk

2013-12-16 09:53 - 2013-12-16 09:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus

2013-12-16 09:40 - 2013-12-13 12:33 - 00012142 _____ C:\WINDOWS\setupapi.log

2013-12-16 09:39 - 2011-06-22 11:17 - 00000000 ____D C:\Program Files\Lavasoft

2013-12-16 09:35 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\Lily\Local Settings\Application Data\adawarebp

2013-12-16 09:35 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\blekko toolbars

2013-12-16 09:35 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection

2013-12-16 09:35 - 2013-12-16 09:34 - 00000000 ____D C:\Program Files\Toolbar Cleaner

2013-12-16 09:35 - 2013-12-16 09:34 - 00000000 ____D C:\Documents and Settings\Lily\Application Data\adawaretb

2013-12-16 09:28 - 2013-12-16 09:28 - 00000000 ____D C:\Program Files\Common Files\Lavasoft

2013-12-16 09:23 - 2013-12-16 09:20 - 00014195 _____ C:\WINDOWS\KB942288-v3.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00043278 _____ C:\WINDOWS\FaxSetup.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00020692 _____ C:\WINDOWS\ocgen.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00016513 _____ C:\WINDOWS\tsoc.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00014129 _____ C:\WINDOWS\comsetup.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00008725 _____ C:\WINDOWS\ntdtcsetup.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00006929 _____ C:\WINDOWS\iis6.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00002394 _____ C:\WINDOWS\ocmsn.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00002163 _____ C:\WINDOWS\msgsocm.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00001393 _____ C:\WINDOWS\imsins.log

2013-12-16 09:22 - 2013-12-16 09:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$

2013-12-16 09:22 - 2003-02-19 11:54 - 00000000 ____D C:\WINDOWS\system32\MUI

2013-12-16 09:20 - 2013-12-14 21:24 - 00000000 ____D C:\WINDOWS\LastGood

2013-12-16 09:17 - 2013-12-16 09:17 - 01725064 _____ C:\Documents and Settings\Lily\Desktop\Adaware_Installer.exe

2013-12-16 09:17 - 2011-06-22 11:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft

2013-12-16 09:01 - 2013-12-16 09:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

2013-12-16 09:01 - 2013-07-16 12:11 - 00001595 _____ C:\Documents and Settings\All Users\Desktop\BT NetProtect Plus.lnk

2013-12-16 08:37 - 2013-12-13 15:28 - 00002720 _____ C:\Documents and Settings\Lily\Desktop\Rkill.txt

2013-12-16 08:33 - 2013-12-16 08:33 - 00023685 _____ C:\Documents and Settings\Lily\Desktop\attach.txt

2013-12-16 08:33 - 2013-12-16 08:33 - 00017118 _____ C:\Documents and Settings\Lily\Desktop\dds.txt

2013-12-16 08:25 - 2013-12-05 09:56 - 00000159 _____ C:\WINDOWS\wiadebug.log

2013-12-16 08:25 - 2013-12-05 09:55 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-12-16 08:25 - 2010-02-23 17:32 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-16 08:25 - 2003-02-19 12:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-16 08:24 - 2009-07-21 18:06 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB896358$

2013-12-16 08:23 - 2003-02-19 12:51 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm

2013-12-16 08:23 - 2003-02-19 12:51 - 00001080 _____ C:\WINDOWS\system32\settings.sfm

2013-12-16 08:23 - 2003-02-19 12:51 - 00000288 _____ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

2013-12-16 08:23 - 2003-02-19 12:51 - 00000288 _____ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

2013-12-16 08:23 - 2003-02-19 12:26 - 00032504 _____ C:\WINDOWS\SchedLgU.Txt

2013-12-16 08:22 - 2003-03-06 15:44 - 00000278 ___SH C:\Documents and Settings\Lily\NTUSER.INI

2013-12-16 00:02 - 2013-12-16 00:02 - 04101441 _____ C:\Documents and Settings\Lily\Desktop\tdsskiller.zip

2013-12-15 23:37 - 2013-12-15 23:37 - 00001771 _____ C:\Documents and Settings\Lily\Desktop\RKreport[2]_S_12152013_02d2337.txt

2013-12-15 23:33 - 2013-06-15 20:28 - 00000000 ____D C:\JRT

2013-12-15 23:31 - 2013-12-15 23:30 - 00000000 ____D C:\AdwCleaner

2013-12-15 23:29 - 2013-12-15 23:29 - 01226750 _____ C:\Documents and Settings\Lily\Desktop\adwcleaner.exe

2013-12-15 21:14 - 2013-12-15 21:14 - 00002183 _____ C:\Documents and Settings\Lily\Desktop\aswMBR.txt

2013-12-15 21:14 - 2013-12-15 21:14 - 00000512 _____ C:\Documents and Settings\Lily\Desktop\MBR.dat

2013-12-15 16:02 - 2007-10-01 22:01 - 00000000 ____D C:\WINDOWS\tmp.0002

2013-12-14 23:59 - 2009-07-21 18:06 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB896423$

2013-12-14 23:56 - 2003-02-19 12:43 - 04481358 _____ C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10031102}.CDF

2013-12-14 13:35 - 2013-06-13 13:55 - 00001024 ____H C:\WINDOWS\system32\config\ELAM.LOG

2013-12-14 13:26 - 2010-02-15 19:54 - 00000038 _____ C:\WINDOWS\BMUpdate.ini

2013-12-14 13:25 - 2003-05-04 22:47 - 00000550 _____ C:\WINDOWS\ULEAD32.INI

2013-12-14 13:22 - 2003-03-06 15:59 - 00000022 _____ C:\WINDOWS\FLASHKSK.INI

2013-12-14 13:19 - 2009-07-25 20:32 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB885884$

2013-12-14 11:28 - 2013-12-14 11:28 - 00000000 ____D C:\Program Files\HitmanPro

2013-12-14 11:28 - 2013-12-14 11:26 - 09096848 _____ (SurfRight B.V.) C:\Documents and Settings\Lily\Desktop\HitmanPro.exe

2013-12-14 11:09 - 2013-12-14 11:08 - 00001736 _____ C:\Documents and Settings\Lily\Desktop\RKreport[1]_S_12142013_02d1108.txt

2013-12-14 11:08 - 2013-12-14 11:01 - 00000000 ____D C:\Documents and Settings\Lily\Desktop\RK_Quarantine

2013-12-14 10:34 - 2010-07-14 15:13 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2229593$

2013-12-13 19:09 - 2011-04-15 02:10 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2485663$

2013-12-13 15:55 - 2013-12-13 15:55 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-13 15:55 - 2013-12-13 15:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2013-12-13 15:55 - 2011-05-09 22:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-12-13 15:54 - 2013-12-13 15:50 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Lily\Desktop\mbam-setup.exe

2013-12-13 15:28 - 2013-12-13 15:28 - 00000629 _____ C:\Documents and Settings\Lily\Desktop\Shortcut to iExplore.lnk

2013-12-13 13:35 - 2002-09-03 09:05 - 02573816 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-12-13 13:10 - 2013-12-13 13:09 - 00016305 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-13 13:10 - 2013-12-13 13:09 - 00003400 _____ C:\WINDOWS\updspapi.log

2013-12-13 13:10 - 2002-09-03 09:04 - 00001393 _____ C:\WINDOWS\imsins.BAK

2013-12-13 13:09 - 2013-12-13 13:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-13 13:09 - 2013-12-12 14:50 - 00011594 _____ C:\WINDOWS\KB2898715.log

2013-12-13 13:09 - 2009-07-25 20:37 - 00000000 ____D C:\WINDOWS\ie8updates

2013-12-13 13:06 - 2013-12-13 12:54 - 00005236 _____ C:\WINDOWS\KB2904266.log

2013-12-13 13:06 - 2009-07-25 20:37 - 00260608 _____ C:\WINDOWS\system32\TZLog.log

2013-12-13 12:58 - 2013-12-13 12:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-13 12:49 - 2013-12-12 14:56 - 00010418 _____ C:\WINDOWS\KB2893294.log

2013-12-13 12:47 - 2013-12-13 12:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-13 12:43 - 2013-12-12 14:56 - 00011121 _____ C:\WINDOWS\KB2893984.log

2013-12-13 12:41 - 2013-12-13 12:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-13 12:34 - 2013-12-12 14:55 - 00009399 _____ C:\WINDOWS\KB2892075.log

2013-12-13 12:32 - 2013-12-13 12:32 - 00000000 _____ C:\WINDOWS\setuperr.log

2013-12-13 12:32 - 2013-12-13 12:32 - 00000000 _____ C:\WINDOWS\setupact.log

2013-12-13 12:30 - 2013-12-13 12:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 14:44 - 2013-06-12 15:04 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2013-12-12 14:44 - 2011-06-22 23:52 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2013-12-12 13:12 - 2003-02-19 12:24 - 00001170 _____ C:\WINDOWS\system32\WPA.DBL

2013-12-10 23:37 - 2013-12-10 23:37 - 00000637 _____ C:\Documents and Settings\Lily\Desktop\ch.txt

2013-12-06 10:20 - 2003-09-15 23:04 - 00000000 ____D C:\Documents and Settings\Lily\My Documents\My PSP8 Files

2013-12-05 09:55 - 2013-12-05 09:55 - 00000000 _____ C:\WINDOWS\Sti_Trace.log

2013-12-03 00:38 - 2013-12-02 23:34 - 00016384 ____T C:\WINDOWS\~DF59D2.tmp

2013-12-02 23:20 - 2013-12-02 23:20 - 00000000 ____T C:\WINDOWS\~DFEE8A.tmp

2013-11-28 23:24 - 2013-11-28 23:24 - 00140895 _____ C:\Documents and Settings\Lily\My Documents\28 nov bt bill.pspimage

2013-11-25 22:56 - 2006-05-27 15:49 - 00000000 ____D C:\Documents and Settings\Lily\Local Settings\Application Data\Google

2013-11-25 22:56 - 2006-05-27 15:48 - 00000000 ____D C:\Program Files\Google

2013-11-24 00:27 - 2012-04-23 18:02 - 00434239 _____ C:\Documents and Settings\Lily\My Documents\pspbrwse.jbf

2013-11-20 19:46 - 2003-03-08 16:01 - 00217088 _____ C:\Documents and Settings\Lily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-11-18 13:29 - 2013-11-18 13:29 - 00087281 _____ C:\Documents and Settings\Lily\My Documents\changes by together coat.pspimage

2013-11-18 13:16 - 2010-03-15 12:35 - 00000000 ____D C:\Documents and Settings\Lily\My Documents\Special Occasions

2013-11-17 21:30 - 2003-02-19 11:55 - 00000000 ____D C:\WINDOWS\Help

ZeroAccess:

C:\Documents and Settings\Lily\Local Settings\Application Data\Google\Desktop\Install

ZeroAccess:

C:\Program Files\Google\Desktop\Install

 

Files to move or delete:

====================

C:\Documents and Settings\Lily\Application Data\dm.ini

 

 

Some content of TEMP:

====================

C:\Documents and Settings\Lily\Local Settings\Temp\f1069075-6246-486e-b3a5-260340012fdb.exe

C:\Documents and Settings\Lily\Local Settings\Temp\feb29769-baf3-48a0-aba1-a78b46048f26.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

==================== End Of Log ============================



#4 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:12 AM

Posted 17 December 2013 - 10:40 AM

Addition .txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2013 01

Ran by Lily at 2013-12-17 13:11:51

Running from C:\Documents and Settings\Lily\Desktop

Boot Mode:

==========================================================

 

 

==================== Security Center ========================

 

AV: Ad-Aware Antivirus (Disabled - Up to date) {22CB8761-914A-11CF-B705-00AA0062CBB7}

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}

 

==================== Installed Programs ======================

 

ACD FotoSlate 2.0.1 (Version: 2.00.0001)

ACDSee for PENTAX 3.0 (Version: 9.0.34)

Ad-Aware Antivirus (Version: 11.1.5152.0)

Ad-Aware Security Add-on (Version: 3.7.0.0)

AdAwareInstaller (Version: 11.1.5152.0)

AdAwareUpdater (Version: 11.1.5152.0)

Adobe Acrobat 4.0 (Version: 4.0)

Adobe AIR (Version: 1.1.0.5790)

Adobe Download Manager 1.2 (Remove Only)

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)

Adobe Flash Player 11 Plugin (Version: 11.9.900.170)

Adobe Reader 6.0 (Version: 6.0)

AntimalwareEngine (Version: 2.6.0.0)

Apple Application Support (Version: 1.3.2)

Apple Mobile Device Support (Version: 3.2.0.47)

Apple Software Update (Version: 2.1.2.120)

Avery Wizard 3.1 (Version: 3.1.0.2153)

B57Inst (Version: 3.40)

BCM V.92 56K Modem

Bing Bar Platform (Version: 5.0.1449.0)

BitZipper 2010

BOB Books Version 1.5.0.4

Bob Designer

Broadcom Driver Installer (Version: 3.40)

BT Broadband Desktop Help

BT Broadband Talk Softphone 2.0

BT Cloud (Version: 1.77.243.0)

BT NetProtect Plus (Version: 11.6.511)

BT Voyager 220V USB Driver (Version: 7.3)

BT Wireless Connection Manager

BTTotalBroadband220V

CCF Authentication 1.00.211.0 (release) (Version: 1.00.211.0)

Classic PhoneTools (Version: 4.16)

Creative MediaSource

Dell Picture Studio - Dell Image Expert (Version: 3.4.1)

Dell Solution Center (Version: 1.00.0000)

Dell Support (Version: 2.00.0000)

Digital Line Detect (Version: 1.02.000)

DVDSentry (Version: 1.00.0001)

Easy CD Creator 5 Basic (Version: 5.3.2.34)

FLV Player (Version: 2.0 )

Google Earth (Version: 5.2.1.1588)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Update Helper (Version: 1.3.21.53)

Google Updater (Version: 2.4.1698.5652)

Help and Support Customization (Version: 1.00.0000)

HP Celebrations

HP Photo Creations (Version: 1.0.0.${CAB_VERSION})

HP Photosmart Plus B210 series Basic Device Software (Version: 22.0.334.0)

HP Photosmart Plus B210 series Help (Version: 140.0.54.54)

HP Photosmart Plus B210 series Product Improvement Study (Version: 22.0.334.0)

HP Update (Version: 5.002.005.003)

Hypertron

ImgBurn (Version: 2.5.5.0)

Intel® PRO Ethernet Adapter and Software

Intel® PROSet II (Version: 2.00.0020)

Intense Language Office

IS Express for C++Builder

Jasc Digital Camera Support v5.0 (Version: 5.00.0000)

Jasc Paint Shop Pro 8 (Version: 8.00.0000)

Java 2 Runtime Environment Standard Edition v1.3.1_01

Java™ 6 Update 14 (Version: 6.0.140)

Lexmark Photo Center (Version: 1.0)

Lexmark Supplies Monitor

Lexmark Z65

Lexmark Z700-P700 Series

LG USB Modem driver (Version: 4.9.4)

Macromedia Dreamweaver 3 (Version: 3)

Macromedia Flash 5 (Version: 5)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Media Library Management Wizard

Micrografx Windows Draw 6 Limited Edition

Microsoft .NET Framework (English) (Version: 1.0.3705)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft MPEG-4 VKI Video Codec V1/V2/V3

Microsoft Office 2000 Disc 2 (Version: 9.00.2720)

Microsoft Office Word Viewer 2003 (Version: 11.0.6506.0)

Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)

Microsoft PhotoDraw 2000

Microsoft Plus! Digital Media Edition (Version: 1.00.00.2239)

Microsoft Plus! for Windows XP (Version: 1.00.01.0732)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Works 7.0 (Version: 07.02.0620)

MicroTrack

Modem Helper

Movie Maker Background Music Files

Movie Maker Sound Effects

Movie Maker Title Images

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MULTIPEDIA

MyDVD

NVIDIA Display Driver

NVIDIA Windows 2000/XP Display Drivers

OneTouch Version 3.0 (Version: Version 3.0)

Paint Shop Pro 7 (Version: 7.0.0.0000)

PaperPort 7.02

Personal License Update Wizard for Windows Media Player

Picasa 3 (Version: 3.8)

plankton

Plus! MP3 Audio Converter LE

PowerDVD

QuickTime (Version: 7.68.75.0)

QuickTime for Windows (32-bit)

RealOne Player

Rollerbot

Roxio VideoWave Movie Creator (Version: 1.6.635.0)

Serif 3DPlus 1.0

Serif DrawPlus 4.0 Design CD-ROM

Shared C Run-time for x86 (Version: 10.0.0)

Shockwave

SmartDraw 6

Sound Blaster Audigy 2

Sync Client 1.40.498.0 (release) (Version: 1.40.498.0)

Ulead Photo Express 2.0 SE

Ulead VideoStudio 6 SE DVD

Update for Windows Internet Explorer 8 (KB976662) (Version: 1)

Update for Windows Internet Explorer 8 (KB976749) (Version: 1)

Update for Windows Internet Explorer 8 (KB980182) (Version: 1)

Update for Windows Internet Explorer 8 (KB982632) (Version: 1)

Update for Windows XP (KB2141007) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2607712) (Version: 1)

Update for Windows XP (KB2616676) (Version: 1)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB2904266) (Version: 1)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB955839) (Version: 1)

Update for Windows XP (KB967715) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

USB Card Reader

VideoCacheView (Version: 1.00)

WebFldrs XP (Version: 9.50.6513)

WebPainter for Win32 Version 1.0

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

Windows Media Bonus Pack for Windows XP

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series (Version: 9.00.2980)

Windows Media Format Runtime

Windows Media Player 10

Windows Media Player Playlist Import to Excel Wizard

Windows Media Player Skin Importer

Windows Media Player Tray Control

Windows Movie Maker 2.0 (Version: 2.0.0000)

Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164)

Windows XP Service Pack 3 (Version: 20080414.031525)

Windows XP Winter Fun Pack for Windows Movie Maker 2 (Version: 1.00.0000)

Xara Webstyle 3.0

Yahoo! Software Update

ZD Soft Screen Recorder (Version: 2.6)

ZD Soft Screen Video Decoder

ZD Soft Video Recorder (Version: 2.1)

 

==================== Restore Points  =========================

 

18-04-2013 15:25:03 System Checkpoint

18-04-2013 16:42:44 Software Distribution Service 3.0

19-04-2013 17:19:34 System Checkpoint

16-05-2013 15:38:10 System Checkpoint

13-06-2013 02:08:36 System Checkpoint

14-06-2013 02:48:38 System Checkpoint

15-06-2013 07:21:40 System Checkpoint

18-06-2013 00:51:42 Software Distribution Service 3.0

12-07-2013 17:25:52 System Checkpoint

 

==================== Hosts content: ==========================

 

2002-08-29 05:00 - 2013-06-16 00:51 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?

 

==================== Loaded Modules (whitelisted) =============

 

2003-03-13 11:36 - 2003-03-13 11:36 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBLPP5C.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00107392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_filesystem-vc100-mt-1_53.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00021880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_system-vc100-mt-1_53.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00232272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\Logger.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00048000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_date_time-vc100-mt-1_53.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 03259240 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareServiceKernel.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\SQLite.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\pugixml.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 02038088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\RCF.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00636280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_regex-vc100-mt-1_53.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00086904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_thread-vc100-mt-1_53.dll

2013-12-11 18:25 - 2013-12-11 18:25 - 00456552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareActivation.dll

2013-12-11 18:25 - 2013-12-11 18:25 - 00242040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareApplicationUpdater.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00119144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareGamingMode.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00091480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareReset.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00109400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTime.dll

2013-12-11 18:25 - 2013-12-11 18:25 - 00225144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareDefinitionsUpdater.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00012664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_atomic-vc100-mt-1_53.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00168328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareDefinitionsUpdaterScheduler.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00341352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareIgnoreList.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00207208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareQuarantine.dll

2013-12-11 18:25 - 2013-12-11 18:25 - 00244080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareAntiMalwareEngine.dll

2013-12-11 18:25 - 2013-12-11 18:25 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareAntiRootkitEngine.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00361840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareScannerHistory.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00494432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareScanner.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_timer-vc100-mt-1_53.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00029560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_chrono-vc100-mt-1_53.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00268144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareScannerScheduler.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00271224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareRealTimeProtection.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00187752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareIncompatibles.dll

2013-12-11 18:25 - 2013-12-11 18:25 - 00176480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareAntiSpam.dll

2013-12-11 18:25 - 2013-12-11 18:25 - 00105320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareAntiPhishing.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00470384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareParentalControl.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 01773416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareWebProtection.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00220016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareEmailProtection.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00509296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareNetworkProtection.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00403296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareInstaller.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\libssh2.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\zlib.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00296280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwarePromo.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00234848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareFeedback.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00135008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\SecurityCenter.dll

2013-07-17 17:10 - 2013-07-17 17:10 - 00565640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00405368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_locale-vc100-mt-1_53.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00307552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\HtmlFramework.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00055128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\DllStorage.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00781168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTrayDefaultSkin.dll

2013-12-11 18:26 - 2013-12-11 18:26 - 00121176 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\Localization.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3"

 

==================== Faulty Device Manager Devices =============

 

Name: MAC Bridge Miniport

Description: MAC Bridge Miniport

Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}

Manufacturer: Microsoft

Service: BridgeMP

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/16/2013 03:24:44 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (12/16/2013 03:02:38 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: The installation of c:\f4c91d17dd05e63ee335117228\Silverlight.msp is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

 

Error: (12/16/2013 03:02:31 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: The installation of c:\f4c91d17dd05e63ee335117228\Silverlight.msp is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

 

Error: (12/15/2013 03:01:58 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: The installation of c:\967a6b9e83155685034effdbe83983\Silverlight.msp is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

 

Error: (12/15/2013 03:01:53 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: The installation of c:\967a6b9e83155685034effdbe83983\Silverlight.msp is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

 

Error: (12/14/2013 01:26:57 PM) (Source: McLogEvent) (User: NT AUTHORITY)

Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

 

The process will be terminated.

Thread id : 3456 (0xd80)

 

Thread address : 0x7C90E514

 

Thread message :

 

 Build VSCORE.15.1.0.520 / 5500.1093

 Object being scanned = \Device\HarddiskVolume2\WINDOWS\SYSTEM32\rastapi.dll

 by C:\WINDOWS\System32\svchost.exe

 4(0)(0)

 4(0)(0)

 7200(0)(0)

 7595(0)(0)

 7005(0)(0)

 7004(0)(0)

 5006(0)(0)

 5004(0)(0)

 

Error: (12/14/2013 01:26:57 PM) (Source: McLogEvent) (User: NT AUTHORITY)

Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

 

The process will be terminated.

Thread id : 3452 (0xd7c)

 

Thread address : 0x7C90E514

 

Thread message :

 

 Build VSCORE.15.1.0.520 / 5500.1093

 Object being scanned = \Device\HarddiskVolume2\WINDOWS\SYSTEM32\CTHELPER.EXE

 by C:\WINDOWS\system32\CTHELPER.EXE

 4(0)(0)

 4(0)(0)

 7200(0)(0)

 7595(0)(0)

 7005(0)(0)

 7004(0)(0)

 5006(0)(0)

 5004(0)(0)

 

Error: (12/14/2013 01:26:57 PM) (Source: McLogEvent) (User: NT AUTHORITY)

Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

 

The process will be terminated.

Thread id : 3460 (0xd84)

 

Thread address : 0x7C90E514

 

Thread message :

 

 Build VSCORE.15.1.0.520 / 5500.1093

 Object being scanned = \Device\HarddiskVolume2\WINDOWS\SYSTEM32\rpcss.dll

 by C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 4(0)(0)

 4(0)(0)

 7200(0)(0)

 7595(0)(0)

 7005(0)(0)

 7004(0)(0)

 5006(0)(0)

 5004(0)(0)

 

Error: (12/14/2013 01:26:56 PM) (Source: McLogEvent) (User: NT AUTHORITY)

Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

 

The process will be terminated.

Thread id : 3448 (0xd78)

 

Thread address : 0x7C90E514

 

Thread message :

 

 Build VSCORE.15.1.0.520 / 5500.1093

 Object being scanned = \Device\HarddiskVolume2\Program Files\Yahoo!\Messenger\YahooMessenger.exe

 by C:\WINDOWS\Explorer.EXE

 4(0)(0)

 4(0)(0)

 7200(0)(0)

 7595(0)(0)

 7005(0)(0)

 7004(0)(0)

 5006(0)(0)

 5004(0)(0)

 

Error: (12/14/2013 03:01:07 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: The installation of c:\e6cbd636e408a786e46375d3226adc\Silverlight.msp is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

 

 

System errors:

=============

Error: (12/16/2013 08:36:57 AM) (Source: Service Control Manager) (User: )

Description: The WMDM PMSP Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/16/2013 08:36:57 AM) (Source: Service Control Manager) (User: )

Description: The Creative Service for CDROM Access service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/16/2013 08:26:42 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

mfehidk

 

Error: (12/16/2013 08:26:42 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service terminated with the following error:

%%1060

 

Error: (12/16/2013 08:26:42 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:

%%1068

 

Error: (12/16/2013 08:26:42 AM) (Source: Service Control Manager) (User: )

Description: The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:

%%1068

 

Error: (12/16/2013 08:26:42 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:

%%31

 

Error: (12/16/2013 08:26:42 AM) (Source: Service Control Manager) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%1053

 

Error: (12/16/2013 08:26:42 AM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

 

Error: (12/16/2013 03:02:49 AM) (Source: Windows Update Agent) (User: )

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2890788).

 

 

Microsoft Office Sessions:

=========================

Error: (12/16/2013 03:24:44 PM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (12/16/2013 03:02:38 AM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: c:\f4c91d17dd05e63ee335117228\Silverlight.msp(NULL)(NULL)(NULL)

 

Error: (12/16/2013 03:02:31 AM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: c:\f4c91d17dd05e63ee335117228\Silverlight.msp(NULL)(NULL)(NULL)

 

Error: (12/15/2013 03:01:58 AM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: c:\967a6b9e83155685034effdbe83983\Silverlight.msp(NULL)(NULL)(NULL)

 

Error: (12/15/2013 03:01:53 AM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: c:\967a6b9e83155685034effdbe83983\Silverlight.msp(NULL)(NULL)(NULL)

 

Error: (12/14/2013 01:26:57 PM) (Source: McLogEvent)(User: NT AUTHORITY)

Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003456 (0xd80)0x7C90E514

 Build VSCORE.15.1.0.520 / 5500.1093

 Object being scanned = \Device\HarddiskVolume2\WINDOWS\SYSTEM32\rastapi.dll

 by C:\WINDOWS\System32\svchost.exe

 4(0)(0)

 4(0)(0)

 7200(0)(0)

 7595(0)(0)

 7005(0)(0)

 7004(0)(0)

 5006(0)(0)

 5004(0)(0)

 

Error: (12/14/2013 01:26:57 PM) (Source: McLogEvent)(User: NT AUTHORITY)

Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003452 (0xd7c)0x7C90E514

 Build VSCORE.15.1.0.520 / 5500.1093

 Object being scanned = \Device\HarddiskVolume2\WINDOWS\SYSTEM32\CTHELPER.EXE

 by C:\WINDOWS\system32\CTHELPER.EXE

 4(0)(0)

 4(0)(0)

 7200(0)(0)

 7595(0)(0)

 7005(0)(0)

 7004(0)(0)

 5006(0)(0)

 5004(0)(0)

 

Error: (12/14/2013 01:26:57 PM) (Source: McLogEvent)(User: NT AUTHORITY)

Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003460 (0xd84)0x7C90E514

 Build VSCORE.15.1.0.520 / 5500.1093

 Object being scanned = \Device\HarddiskVolume2\WINDOWS\SYSTEM32\rpcss.dll

 by C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 4(0)(0)

 4(0)(0)

 7200(0)(0)

 7595(0)(0)

 7005(0)(0)

 7004(0)(0)

 5006(0)(0)

 5004(0)(0)

 

Error: (12/14/2013 01:26:56 PM) (Source: McLogEvent)(User: NT AUTHORITY)

Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003448 (0xd78)0x7C90E514

 Build VSCORE.15.1.0.520 / 5500.1093

 Object being scanned = \Device\HarddiskVolume2\Program Files\Yahoo!\Messenger\YahooMessenger.exe

 by C:\WINDOWS\Explorer.EXE

 4(0)(0)

 4(0)(0)

 7200(0)(0)

 7595(0)(0)

 7005(0)(0)

 7004(0)(0)

 5006(0)(0)

 5004(0)(0)

 

Error: (12/14/2013 03:01:07 AM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: c:\e6cbd636e408a786e46375d3226adc\Silverlight.msp(NULL)(NULL)(NULL)

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 76%

Total physical RAM: 511 MB

Available physical RAM: 121.53 MB

Total Pagefile: 1245.88 MB

Available Pagefile: 770.08 MB

Total Virtual: 2047.88 MB

Available Virtual: 1940.63 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:111.75 GB) (Free:37.79 GB) NTFS ==>[Drive with boot components (Windows XP)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: 9DC96E9E)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

 

 

 

Thank you for your help.




#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 17 December 2013 - 06:10 PM

Hello Lilly,

 

 

I recommend that you uninstall McAfee because it seems that the application caused a lot of error events to appear in your system.

Next please download the MCPR tool and run it to clean the remnants from McAfee.

 

It's a good idea to uninstall Ad-aware Antivirus as well because it comes with Blekko toolbar which have a poor reputation in the wild. Once we are done with the cleaning process I'll let you know when to install a different antivirus of your choice.

 

Now please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

Regards,
Georgi


cXfZ4wS.png


#6 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:12 AM

Posted 18 December 2013 - 06:22 PM

Hi Georgi,

 

Thank you very much for your further advice.

 

I have now followed all of your recommendations.  I have uninstalled McAfee and downloaded / run the MCPR tool to clean the remnants from McAfee.

 

I have also uninstalled the Ad-aware Antivirus.

 

Finally I downloaded fixlist.txt and then ran FRST.  Here is the log report:

 

 

 

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-12-2013 01

Ran by Lily at 2013-12-18 23:11:58 Run:2

Running from C:\Documents and Settings\Lily\Desktop

Boot Mode:

 

==============================================

 

Content of fixlist:

*****************

start

HKLM\...\Run: [] - [x]

HKLM\...\Policies\Explorer: []

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

HKU\Guest\...\Run: [GdvBqagb] - C:\Documents and Settings\Lily\Local Settings\Application Data\xweogawk\gdvbqagb.exe

C:\Documents and Settings\Lily\Local Settings\Application Data\xweogawk

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.

SearchScopes: HKLM - DefaultScope value is missing.

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File

FF NetworkProxy: "http", "127.0.0.1"

FF NetworkProxy: "http_port", 56848

FF NetworkProxy: "type", 1

U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{3a16e1ff-b4d0-c9a8-adc4-3ef93d171fc4}\   \   \???\{3a16e1ff-b4d0-c9a8-adc4-3ef93d171fc4}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)

S0 54094920; system32\drivers\53227322.sys [x]

S1 asdtpxjo; \??\C:\WINDOWS\system32\drivers\asdtpxjo.sys [x]

S1 bdpdlqft; \??\C:\WINDOWS\system32\drivers\bdpdlqft.sys [x]

S3 catchme; \??\C:\DOCUME~1\Lily\LOCALS~1\Temp\catchme.sys [x]

S1 fbhxordv; \??\C:\WINDOWS\system32\drivers\fbhxordv.sys [x]

S0 fgrdvhg; System32\drivers\xdrmmre.sys [x]

S1 gwvdxmrx; \??\C:\WINDOWS\system32\drivers\gwvdxmrx.sys [x]

S1 heafslgz; \??\C:\WINDOWS\system32\drivers\heafslgz.sys [x]

S1 heuhmauw; \??\C:\WINDOWS\system32\drivers\heuhmauw.sys [x]

S1 jmoyouqp; \??\C:\WINDOWS\system32\drivers\jmoyouqp.sys [x]

S3 MFE_RR; \??\C:\DOCUME~1\Lily\LOCALS~1\Temp\mfe_rr.sys [x]

S1 orzasdnp; \??\C:\WINDOWS\system32\drivers\orzasdnp.sys [x]

S1 psbrhrvq; \??\C:\WINDOWS\system32\drivers\psbrhrvq.sys [x]

S0 rccemu; System32\drivers\mtkgqn.sys [x]

S1 szjkpvdt; \??\C:\WINDOWS\system32\drivers\szjkpvdt.sys [x]

S1 vgludyil; \??\C:\WINDOWS\system32\drivers\vgludyil.sys [x]

S1 vtgonvmz; \??\C:\WINDOWS\system32\drivers\vtgonvmz.sys [x]

S1 ydkpilvm; \??\C:\WINDOWS\system32\drivers\ydkpilvm.sys [x]

U3 mbr; \??\C:\DOCUME~1\Lily\LOCALS~1\Temp\mbr.sys [x]

2013-12-16 09:35 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\Lily\Local Settings\Application Data\adawarebp

2013-12-16 09:35 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\blekko toolbars

2013-12-16 09:35 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection

2013-12-16 09:34 - 2013-12-16 09:35 - 00000000 ____D C:\Program Files\Toolbar Cleaner

2013-12-16 09:34 - 2013-12-16 09:35 - 00000000 ____D C:\Documents and Settings\Lily\Application Data\adawaretb

C:\Documents and Settings\Lily\Local Settings\Application Data\Google\Desktop\Install

C:\Program Files\Google\Desktop\Install

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

C:\Documents and Settings\Lily\Local Settings\Temp

end

 

 

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.

HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\GdvBqagb => Value deleted successfully.

C:\Documents and Settings\Lily\Local Settings\Application Data\xweogawk => Moved successfully.

Default URLSearchHook was restored successfully .

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Value deleted successfully.

HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Key not found.

Firefox Proxy settings were reset.

Firefox Proxy settings were reset.

Firefox Proxy settings were reset.

*etadpug => Service deleted successfully.

Trufos => Service not found.

54094920 => Service deleted successfully.

asdtpxjo => Service deleted successfully.

bdpdlqft => Service deleted successfully.

catchme => Service deleted successfully.

fbhxordv => Service deleted successfully.

fgrdvhg => Service deleted successfully.

gwvdxmrx => Service deleted successfully.

heafslgz => Service deleted successfully.

heuhmauw => Service deleted successfully.

jmoyouqp => Service deleted successfully.

MFE_RR => Service deleted successfully.

orzasdnp => Service deleted successfully.

psbrhrvq => Service deleted successfully.

rccemu => Service deleted successfully.

szjkpvdt => Service deleted successfully.

vgludyil => Service deleted successfully.

vtgonvmz => Service deleted successfully.

ydkpilvm => Service deleted successfully.

mbr => Service not found.

C:\Documents and Settings\Lily\Local Settings\Application Data\adawarebp => Moved successfully.

"C:\Documents and Settings\All Users\Application Data\blekko toolbars" => File/Directory not found.

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection => Moved successfully.

"C:\Program Files\Toolbar Cleaner" => File/Directory not found.

"C:\Documents and Settings\Lily\Application Data\adawaretb" => File/Directory not found.

C:\Documents and Settings\Lily\Local Settings\Application Data\Google\Desktop\Install => Moved successfully.

C:\Program Files\Google\Desktop\Install => Moved successfully.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender\wgadef.chm" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

C:\Documents and Settings\Lily\Local Settings\Temp => Moved successfully.

 

==== End of Fixlog ====

 

 

Thanks again for your help.



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 19 December 2013 - 12:39 AM

Hi Lilly,

 

Great work!

Can you please rerun FRST and run a new scan then post the results of the scan in your next reply?

 

 

Regards,

Georgi


cXfZ4wS.png


#8 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:12 AM

Posted 19 December 2013 - 09:13 AM

Hi Georgi,

 

I have now rerun FRST as you advised.  Here is a copy of the scan results:

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2013 01

Ran by Lily (administrator) on D2DM8N0J on 19-12-2013 13:53:23

Running from C:\Documents and Settings\Lily\Desktop

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode:

 

==================== Processes (Whitelisted) ===================

 

(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXBCES.EXE

(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXPPS.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE

(F-Secure Corporation) C:\Program Files\BT Cloud\fshoster32.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\WINDOWS\SYSTEM32\MsPMSPSv.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe

(F-Secure Corporation) C:\Program Files\BT Cloud\trigger.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [YBrowser] - C:\Program Files\Yahoo!\browser\ybrwicon.exe [129536 2006-07-21] (Yahoo! Inc.)

HKLM\...\Run: [UpdReg] - C:\WINDOWS\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [151597 2003-03-06] (RealNetworks, Inc.)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-07-16] (Sun Microsystems, Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)

HKLM\...\Run: [PrinTray] - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe [36864 2000-08-10] (Lexmark)

HKLM\...\Run: [PE2CKFNT SE] - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [25088 1998-07-03] ()

HKLM\...\Run: [OneTouch Monitor] - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [86016 2002-04-16] (Visioneer Inc)

HKLM\...\Run: [nwiz] - nwiz.exe /install

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

HKLM\...\Run: [Motive SmartBridge] - C:\Program Files\BTTotalBroadband220V\Help\SmartBridge\BTHelpNotifier.exe [462935 2006-02-06] (Motive)

HKLM\...\Run: [LXSUPMON] - C:\WINDOWS\SYSTEM32\LXSUPMON.EXE [886272 2002-09-30] (Lexmark International Inc.)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2010-03-12] (Hewlett-Packard)

HKLM\...\Run: [DVDSentry] - C:\WINDOWS\SYSTEM32\DSentry.exe [28672 2002-08-14] (Dell - Advanced Desktop Engineering)

HKLM\...\Run: [DataCaching] - C:\Program Files\Data Caching\FlashKsk.exe [290816 2002-10-09] ( )

HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [53248 2002-09-11] (Creative Technology Ltd)

HKLM\...\Run: [CTHelper] - C:\WINDOWS\SYSTEM32\CTHELPER.EXE [24576 2002-09-03] (Creative Technology Ltd)

HKLM\...\Run: [CTDVDDet] - C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe [45056 2002-09-30] (Creative Technology Ltd)

HKLM\...\Run: [Camera Detector] - C:\Program Files\ACD Systems\DevDetect\DevDetect.exe [196608 2002-10-08] (ACD Systems, Ltd.)

HKLM\...\Run: [btbb_wcm_McciTrayApp] - C:\Program Files\btbb_wcm\McciTrayApp.exe [543232 2006-12-08] (Motive Communications, Inc.)

HKLM\...\Run: [BCMSMMSG] - C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)

HKLM\...\Run: [AdaptecDirectCD] - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [684032 2002-10-02] (Roxio)

HKLM\...\Run: [F-Secure Hoster (47188)] - C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)

HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0

HKLM\...\Policies\Explorer: [NoBandCustomize] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKCU\...\Runonce: [adawarebp] - reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f

HKCU\...\Runonce: [adawarebp_XP] - reg.exe delete "HKCU\Software\adawarebp" /f

HKCU\...\Runonce: [adawarebp_DATA_FOLDER] - cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q

HKCU\...\Runonce: [adawarebp_INSTALL_FOLDER] - cmd.exe /c rmdir "C:\Documents and Settings\Lily\Local Settings\Application Data\adawarebp" /s /q

HKCU\...\Policies\Explorer: [Btn_Back] 0

HKCU\...\Policies\Explorer: [Btn_Forward] 0

HKCU\...\Policies\Explorer: [Btn_Stop] 0

HKCU\...\Policies\Explorer: [Btn_Refresh] 0

HKCU\...\Policies\Explorer: [Btn_Home] 0

HKCU\...\Policies\Explorer: [Btn_Search] 0

HKCU\...\Policies\Explorer: [Btn_History] 0

HKCU\...\Policies\Explorer: [Btn_Favorites] 0

HKCU\...\Policies\Explorer: [Btn_Media] 0

HKCU\...\Policies\Explorer: [Btn_Folders] 0

HKCU\...\Policies\Explorer: [Btn_Fullscreen] 0

HKCU\...\Policies\Explorer: [Btn_Tools] 0

HKCU\...\Policies\Explorer: [Btn_MailNews] 0

HKCU\...\Policies\Explorer: [Btn_Size] 0

HKCU\...\Policies\Explorer: [Btn_Print] 0

HKCU\...\Policies\Explorer: [Btn_Edit] 0

HKCU\...\Policies\Explorer: [Btn_Discussions] 0

HKCU\...\Policies\Explorer: [Btn_Cut] 0

HKCU\...\Policies\Explorer: [Btn_Copy] 0

HKCU\...\Policies\Explorer: [Btn_Paste] 0

HKCU\...\Policies\Explorer: [Btn_Encoding] 0

HKCU\...\Policies\Explorer: [Btn_PrintPreview] 0

HKCU\...\Policies\Explorer: [NoNetHood] 0

HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0

HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0

HKCU\...\Policies\Explorer: [NoSetTaskbar] 0

HKCU\...\Policies\Explorer: [NoFileMenu] 0

HKCU\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0

HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0

HKCU\...\Policies\Explorer: [NoNetConnectDisconnect] 0

HKU\Administrator.D2DM8N0J\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Administrator.D2DM8N0J.000\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-09-08] (Apple Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk

ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk

ShortcutTarget: BT Broadband Desktop Help.lnk -> C:\Program Files\BTTotalBroadband220V\Help\bin\matcli.exe (Motive Communications, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk

ShortcutTarget: Photo Express Calendar Checker SE.lnk -> C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll (Yahoo! Inc.)

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKCU - {2624CA7D-96CE-4F9C-86B2-1FC800A4516D} URL = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,17043,0,8,0

SearchScopes: HKCU - {C37CDA7C-2F36-4485-A0B4-C677283E716E} URL = http://delicious.com/search?p={searchTerms}

SearchScopes: HKCU - {CD23EF35-0E2D-4E4B-B5D8-648B41E93176} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

SearchScopes: HKCU - {F3D080AB-5ED9-4FC9-AEAE-0CA7580130C3} URL = http://www.flickr.com/search/?q={searchTerms}

BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)

BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)

BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll

DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default

FF Homepage: hxxp://uk.yahoo.com

FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=ffds1&p=

FF DefaultSearchEngine: Yahoo

FF SelectedSearchEngine: Yahoo

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File

FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=6.0.10.835 - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.2.1136 - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)

FF Plugin: @real.com/nprpjplug;version=6.0.11.847 - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File

FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYVerInfo.dll No File

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox

 

========================== Services (Whitelisted) =================

 

R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)

R2 fshoster; C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)

R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-03-26] (Lexmark International, Inc.)

S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-10-10] (Intel Corporation)

R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)

S3 YPCService; C:\WINDOWS\SYSTEM32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.)

R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

 

==================== Drivers (Whitelisted) ====================

 

S4 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R3 BCMModem; C:\Windows\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)

S3 bvrp_pci; C:\Windows\System32\Drivers\bvrp_pci.sys [4272 2002-05-13] ()

R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [61424 2003-02-19] (Roxio)

R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [23420 2003-02-19] (Roxio)

R1 cdudf_xp; C:\Windows\System32\Drivers\cdudf_xp.sys [240640 2002-10-02] (Roxio)

S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [298384 2002-12-04] ()

R3 dvd_2K; C:\Windows\System32\Drivers\dvd_2K.sys [25674 2002-10-02] (Roxio)

S3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)

R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [816576 2002-11-26] (Creative Technology Ltd)

R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [135728 2002-11-26] (Creative Technology Ltd)

S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30464 2013-07-11] ()

S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)

S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)

S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)

S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)

S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)

S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)

S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)

S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)

S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)

S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)

S3 mmc_2K; C:\Windows\System32\Drivers\mmc_2K.sys [30406 2002-10-02] (Roxio)

S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-03-24] (Motive, Inc.)

S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-10-10] (Intel Corporation)

S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)

R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2002-09-27] (Padus, Inc.)

R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [10477 2002-10-09] (Creative Technology Ltd.)

R1 pwd_2k; C:\Windows\System32\Drivers\pwd_2k.sys [134426 2002-10-02] (Roxio)

R3 scrcap; C:\Windows\System32\DRIVERS\scrcap.sys [9006 2006-12-27] (ZD Soft)

R0 SMR322; C:\Windows\System32\drivers\SMR322.SYS [98392 2013-06-13] (Symantec Corporation)

R1 UdfReadr_xp; C:\Windows\System32\Drivers\UdfReadr_xp.sys [206464 2002-10-02] (Roxio)

S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)

S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)

R3 vidcap; C:\Windows\System32\DRIVERS\vidcap.sys [9006 2006-12-27] (ZD Soft)

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U3 TlntSvr;

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-18 22:17 - 2013-12-18 22:17 - 03218352 _____ (McAfee, Inc.) C:\Documents and Settings\Lily\Desktop\MCPR.exe

2013-12-17 13:11 - 2013-12-17 13:12 - 00027233 _____ C:\Documents and Settings\Lily\Desktop\Addition.txt

2013-12-17 13:08 - 2013-12-19 13:54 - 00020040 _____ C:\Documents and Settings\Lily\Desktop\FRST.txt

2013-12-17 13:05 - 2013-12-17 13:05 - 01061167 _____ (Farbar) C:\Documents and Settings\Lily\Desktop\FRST.exe

2013-12-16 15:00 - 2013-12-17 23:27 - 00000000 ____D C:\Documents and Settings\Lily\Application Data\LavasoftStatistics

2013-12-16 09:22 - 2013-12-16 09:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$

2013-12-16 09:20 - 2013-12-16 09:23 - 00014195 _____ C:\WINDOWS\KB942288-v3.log

2013-12-16 08:33 - 2013-12-16 08:33 - 00023685 _____ C:\Documents and Settings\Lily\Desktop\attach.txt

2013-12-16 08:33 - 2013-12-16 08:33 - 00017118 _____ C:\Documents and Settings\Lily\Desktop\dds.txt

2013-12-16 00:02 - 2013-12-16 00:02 - 04101441 _____ C:\Documents and Settings\Lily\Desktop\tdsskiller.zip

2013-12-15 23:37 - 2013-12-15 23:37 - 00001771 _____ C:\Documents and Settings\Lily\Desktop\RKreport[2]_S_12152013_02d2337.txt

2013-12-15 23:30 - 2013-12-15 23:31 - 00000000 ____D C:\AdwCleaner

2013-12-15 23:29 - 2013-12-15 23:29 - 01226750 _____ C:\Documents and Settings\Lily\Desktop\adwcleaner.exe

2013-12-15 21:14 - 2013-12-15 21:14 - 00002183 _____ C:\Documents and Settings\Lily\Desktop\aswMBR.txt

2013-12-15 21:14 - 2013-12-15 21:14 - 00000512 _____ C:\Documents and Settings\Lily\Desktop\MBR.dat

2013-12-14 21:24 - 2013-12-17 23:27 - 00000000 ____D C:\WINDOWS\LastGood

2013-12-14 11:28 - 2013-12-14 11:28 - 00000000 ____D C:\Program Files\HitmanPro

2013-12-14 11:26 - 2013-12-14 11:28 - 09096848 _____ (SurfRight B.V.) C:\Documents and Settings\Lily\Desktop\HitmanPro.exe

2013-12-14 11:08 - 2013-12-14 11:09 - 00001736 _____ C:\Documents and Settings\Lily\Desktop\RKreport[1]_S_12142013_02d1108.txt

2013-12-14 11:01 - 2013-12-14 11:08 - 00000000 ____D C:\Documents and Settings\Lily\Desktop\RK_Quarantine

2013-12-13 15:55 - 2013-12-13 15:55 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-13 15:55 - 2013-12-13 15:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2013-12-13 15:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2013-12-13 15:50 - 2013-12-13 15:54 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Lily\Desktop\mbam-setup.exe

2013-12-13 15:28 - 2013-12-16 08:37 - 00002720 _____ C:\Documents and Settings\Lily\Desktop\Rkill.txt

2013-12-13 15:28 - 2013-12-13 15:28 - 00000629 _____ C:\Documents and Settings\Lily\Desktop\Shortcut to iExplore.lnk

2013-12-13 13:09 - 2013-12-13 13:10 - 00016305 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-13 13:09 - 2013-12-13 13:10 - 00003400 _____ C:\WINDOWS\updspapi.log

2013-12-13 13:08 - 2013-12-13 13:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-13 12:58 - 2013-12-13 12:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-13 12:54 - 2013-12-13 13:06 - 00005236 _____ C:\WINDOWS\KB2904266.log

2013-12-13 12:47 - 2013-12-13 12:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-13 12:41 - 2013-12-13 12:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-13 12:33 - 2013-12-16 09:40 - 00012142 _____ C:\WINDOWS\setupapi.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00043278 _____ C:\WINDOWS\FaxSetup.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00020692 _____ C:\WINDOWS\ocgen.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00016513 _____ C:\WINDOWS\tsoc.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00014129 _____ C:\WINDOWS\comsetup.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00008725 _____ C:\WINDOWS\ntdtcsetup.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00006929 _____ C:\WINDOWS\iis6.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00002394 _____ C:\WINDOWS\ocmsn.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00002163 _____ C:\WINDOWS\msgsocm.log

2013-12-13 12:32 - 2013-12-16 09:23 - 00001393 _____ C:\WINDOWS\imsins.log

2013-12-13 12:32 - 2013-12-13 12:32 - 00000000 _____ C:\WINDOWS\setuperr.log

2013-12-13 12:32 - 2013-12-13 12:32 - 00000000 _____ C:\WINDOWS\setupact.log

2013-12-13 12:30 - 2013-12-13 12:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 14:56 - 2013-12-13 12:49 - 00010418 _____ C:\WINDOWS\KB2893294.log

2013-12-12 14:56 - 2013-12-13 12:43 - 00011121 _____ C:\WINDOWS\KB2893984.log

2013-12-12 14:55 - 2013-12-13 12:34 - 00009399 _____ C:\WINDOWS\KB2892075.log

2013-12-12 14:50 - 2013-12-13 13:09 - 00011594 _____ C:\WINDOWS\KB2898715.log

2013-12-10 23:37 - 2013-12-10 23:37 - 00000637 _____ C:\Documents and Settings\Lily\Desktop\ch.txt

2013-12-05 09:56 - 2013-12-19 13:47 - 00000159 _____ C:\WINDOWS\wiadebug.log

2013-12-05 09:55 - 2013-12-19 13:46 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-12-05 09:55 - 2013-12-05 09:55 - 00000000 _____ C:\WINDOWS\Sti_Trace.log

2013-12-02 23:34 - 2013-12-03 00:38 - 00016384 ____T C:\WINDOWS\~DF59D2.tmp

2013-12-02 23:20 - 2013-12-02 23:20 - 00000000 ____T C:\WINDOWS\~DFEE8A.tmp

2013-11-28 23:24 - 2013-11-28 23:24 - 00140895 _____ C:\Documents and Settings\Lily\My Documents\28 nov bt bill.pspimage

 

==================== One Month Modified Files and Folders =======

 

2013-12-19 13:54 - 2013-12-17 13:08 - 00020040 _____ C:\Documents and Settings\Lily\Desktop\FRST.txt

2013-12-19 13:52 - 2005-01-16 17:47 - 01851524 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-19 13:47 - 2013-12-05 09:56 - 00000159 _____ C:\WINDOWS\wiadebug.log

2013-12-19 13:46 - 2013-12-05 09:55 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-12-19 13:46 - 2010-02-23 17:32 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-19 13:46 - 2003-02-19 12:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-18 23:24 - 2003-02-19 12:51 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm

2013-12-18 23:24 - 2003-02-19 12:51 - 00001080 _____ C:\WINDOWS\system32\settings.sfm

2013-12-18 23:24 - 2003-02-19 12:51 - 00000288 _____ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

2013-12-18 23:24 - 2003-02-19 12:51 - 00000288 _____ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

2013-12-18 23:23 - 2003-03-06 15:44 - 00000278 ___SH C:\Documents and Settings\Lily\NTUSER.INI

2013-12-18 23:23 - 2003-02-19 12:26 - 00032504 _____ C:\WINDOWS\SchedLgU.Txt

2013-12-18 23:08 - 2010-02-23 17:32 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-18 22:17 - 2013-12-18 22:17 - 03218352 _____ (McAfee, Inc.) C:\Documents and Settings\Lily\Desktop\MCPR.exe

2013-12-18 22:06 - 2003-02-19 12:24 - 00001170 _____ C:\WINDOWS\system32\WPA.DBL

2013-12-17 23:28 - 2011-06-22 11:17 - 00000000 ____D C:\Program Files\Lavasoft

2013-12-17 23:27 - 2013-12-16 15:00 - 00000000 ____D C:\Documents and Settings\Lily\Application Data\LavasoftStatistics

2013-12-17 23:27 - 2013-12-14 21:24 - 00000000 ____D C:\WINDOWS\LastGood

2013-12-17 23:27 - 2011-06-22 11:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft

2013-12-17 13:12 - 2013-12-17 13:11 - 00027233 _____ C:\Documents and Settings\Lily\Desktop\Addition.txt

2013-12-17 13:05 - 2013-12-17 13:05 - 01061167 _____ (Farbar) C:\Documents and Settings\Lily\Desktop\FRST.exe

2013-12-17 03:04 - 2011-11-22 18:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

2013-12-17 03:02 - 2011-02-13 18:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-12-16 13:26 - 2013-06-12 15:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-12-16 09:40 - 2013-12-13 12:33 - 00012142 _____ C:\WINDOWS\setupapi.log

2013-12-16 09:23 - 2013-12-16 09:20 - 00014195 _____ C:\WINDOWS\KB942288-v3.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00043278 _____ C:\WINDOWS\FaxSetup.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00020692 _____ C:\WINDOWS\ocgen.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00016513 _____ C:\WINDOWS\tsoc.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00014129 _____ C:\WINDOWS\comsetup.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00008725 _____ C:\WINDOWS\ntdtcsetup.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00006929 _____ C:\WINDOWS\iis6.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00002394 _____ C:\WINDOWS\ocmsn.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00002163 _____ C:\WINDOWS\msgsocm.log

2013-12-16 09:23 - 2013-12-13 12:32 - 00001393 _____ C:\WINDOWS\imsins.log

2013-12-16 09:22 - 2013-12-16 09:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$

2013-12-16 09:22 - 2003-02-19 11:54 - 00000000 ____D C:\WINDOWS\system32\MUI

2013-12-16 08:37 - 2013-12-13 15:28 - 00002720 _____ C:\Documents and Settings\Lily\Desktop\Rkill.txt

2013-12-16 08:33 - 2013-12-16 08:33 - 00023685 _____ C:\Documents and Settings\Lily\Desktop\attach.txt

2013-12-16 08:33 - 2013-12-16 08:33 - 00017118 _____ C:\Documents and Settings\Lily\Desktop\dds.txt

2013-12-16 08:24 - 2009-07-21 18:06 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB896358$

2013-12-16 00:02 - 2013-12-16 00:02 - 04101441 _____ C:\Documents and Settings\Lily\Desktop\tdsskiller.zip

2013-12-15 23:37 - 2013-12-15 23:37 - 00001771 _____ C:\Documents and Settings\Lily\Desktop\RKreport[2]_S_12152013_02d2337.txt

2013-12-15 23:33 - 2013-06-15 20:28 - 00000000 ____D C:\JRT

2013-12-15 23:31 - 2013-12-15 23:30 - 00000000 ____D C:\AdwCleaner

2013-12-15 23:29 - 2013-12-15 23:29 - 01226750 _____ C:\Documents and Settings\Lily\Desktop\adwcleaner.exe

2013-12-15 21:14 - 2013-12-15 21:14 - 00002183 _____ C:\Documents and Settings\Lily\Desktop\aswMBR.txt

2013-12-15 21:14 - 2013-12-15 21:14 - 00000512 _____ C:\Documents and Settings\Lily\Desktop\MBR.dat

2013-12-15 16:02 - 2007-10-01 22:01 - 00000000 ____D C:\WINDOWS\tmp.0002

2013-12-14 23:59 - 2009-07-21 18:06 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB896423$

2013-12-14 23:56 - 2003-02-19 12:43 - 04481358 _____ C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10031102}.CDF

2013-12-14 13:35 - 2013-06-13 13:55 - 00001024 ____H C:\WINDOWS\system32\config\ELAM.LOG

2013-12-14 13:26 - 2010-02-15 19:54 - 00000038 _____ C:\WINDOWS\BMUpdate.ini

2013-12-14 13:25 - 2003-05-04 22:47 - 00000550 _____ C:\WINDOWS\ULEAD32.INI

2013-12-14 13:22 - 2003-03-06 15:59 - 00000022 _____ C:\WINDOWS\FLASHKSK.INI

2013-12-14 13:19 - 2009-07-25 20:32 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB885884$

2013-12-14 11:28 - 2013-12-14 11:28 - 00000000 ____D C:\Program Files\HitmanPro

2013-12-14 11:28 - 2013-12-14 11:26 - 09096848 _____ (SurfRight B.V.) C:\Documents and Settings\Lily\Desktop\HitmanPro.exe

2013-12-14 11:09 - 2013-12-14 11:08 - 00001736 _____ C:\Documents and Settings\Lily\Desktop\RKreport[1]_S_12142013_02d1108.txt

2013-12-14 11:08 - 2013-12-14 11:01 - 00000000 ____D C:\Documents and Settings\Lily\Desktop\RK_Quarantine

2013-12-14 10:34 - 2010-07-14 15:13 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2229593$

2013-12-13 19:09 - 2011-04-15 02:10 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2485663$

2013-12-13 15:55 - 2013-12-13 15:55 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-13 15:55 - 2013-12-13 15:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2013-12-13 15:55 - 2011-05-09 22:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-12-13 15:54 - 2013-12-13 15:50 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Lily\Desktop\mbam-setup.exe

2013-12-13 15:28 - 2013-12-13 15:28 - 00000629 _____ C:\Documents and Settings\Lily\Desktop\Shortcut to iExplore.lnk

2013-12-13 13:35 - 2002-09-03 09:05 - 02573816 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-12-13 13:10 - 2013-12-13 13:09 - 00016305 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-13 13:10 - 2013-12-13 13:09 - 00003400 _____ C:\WINDOWS\updspapi.log

2013-12-13 13:10 - 2002-09-03 09:04 - 00001393 _____ C:\WINDOWS\imsins.BAK

2013-12-13 13:09 - 2013-12-13 13:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-13 13:09 - 2013-12-12 14:50 - 00011594 _____ C:\WINDOWS\KB2898715.log

2013-12-13 13:09 - 2009-07-25 20:37 - 00000000 ____D C:\WINDOWS\ie8updates

2013-12-13 13:06 - 2013-12-13 12:54 - 00005236 _____ C:\WINDOWS\KB2904266.log

2013-12-13 13:06 - 2009-07-25 20:37 - 00260608 _____ C:\WINDOWS\system32\TZLog.log

2013-12-13 12:58 - 2013-12-13 12:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-13 12:49 - 2013-12-12 14:56 - 00010418 _____ C:\WINDOWS\KB2893294.log

2013-12-13 12:47 - 2013-12-13 12:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-13 12:43 - 2013-12-12 14:56 - 00011121 _____ C:\WINDOWS\KB2893984.log

2013-12-13 12:41 - 2013-12-13 12:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-13 12:34 - 2013-12-12 14:55 - 00009399 _____ C:\WINDOWS\KB2892075.log

2013-12-13 12:32 - 2013-12-13 12:32 - 00000000 _____ C:\WINDOWS\setuperr.log

2013-12-13 12:32 - 2013-12-13 12:32 - 00000000 _____ C:\WINDOWS\setupact.log

2013-12-13 12:30 - 2013-12-13 12:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 14:44 - 2013-06-12 15:04 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2013-12-12 14:44 - 2011-06-22 23:52 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2013-12-10 23:37 - 2013-12-10 23:37 - 00000637 _____ C:\Documents and Settings\Lily\Desktop\ch.txt

2013-12-06 10:20 - 2003-09-15 23:04 - 00000000 ____D C:\Documents and Settings\Lily\My Documents\My PSP8 Files

2013-12-05 09:55 - 2013-12-05 09:55 - 00000000 _____ C:\WINDOWS\Sti_Trace.log

2013-12-03 00:38 - 2013-12-02 23:34 - 00016384 ____T C:\WINDOWS\~DF59D2.tmp

2013-12-02 23:20 - 2013-12-02 23:20 - 00000000 ____T C:\WINDOWS\~DFEE8A.tmp

2013-11-28 23:24 - 2013-11-28 23:24 - 00140895 _____ C:\Documents and Settings\Lily\My Documents\28 nov bt bill.pspimage

2013-11-25 22:56 - 2006-05-27 15:49 - 00000000 ____D C:\Documents and Settings\Lily\Local Settings\Application Data\Google

2013-11-25 22:56 - 2006-05-27 15:48 - 00000000 ____D C:\Program Files\Google

2013-11-24 00:27 - 2012-04-23 18:02 - 00434239 _____ C:\Documents and Settings\Lily\My Documents\pspbrwse.jbf

2013-11-20 19:46 - 2003-03-08 16:01 - 00217088 _____ C:\Documents and Settings\Lily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

Files to move or delete:

====================

C:\Documents and Settings\Lily\Application Data\dm.ini

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

 

Thanks again



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 19 December 2013 - 06:52 PM

Hello Lilly,

 

 

Before we continue with the rest of the cleaning process let's get rid of your security software leftovers.

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#10 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:12 AM

Posted 20 December 2013 - 08:07 AM

Hi Georgi,

 

Thank you very much for your further advice.  At first I had a little trouble downloading fixlist.txt – I think this may be because my computer is running particularly slow today.  I managed to successfully download the file after a few attempts though.

 

Here is a copy of the report produced by FRST:

 

 

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-12-2013 01

Ran by Lily at 2013-12-20 12:45:58 Run:3

Running from C:\Documents and Settings\Lily\Desktop

Boot Mode:

 

==============================================

 

Content of fixlist:

*****************

start

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk

FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File

S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30464 2013-07-11] ()

C:\WINDOWS\system32\drivers\hitmanpro37.sys

2013-12-17 23:28 - 2011-06-22 11:17 - 00000000 ____D C:\Program Files\Lavasoft

2013-12-16 15:00 - 2013-12-17 23:27 - 00000000 ____D C:\Documents and Settings\Lily\Application Data\LavasoftStatistics

2013-12-17 23:27 - 2011-06-22 11:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft

2013-12-14 11:28 - 2013-12-14 11:28 - 00000000 ____D C:\Program Files\HitmanPro

2013-12-02 23:34 - 2013-12-03 00:38 - 00016384 ____T C:\WINDOWS\~DF59D2.tmp

2013-12-02 23:20 - 2013-12-02 23:20 - 00000000 ____T C:\WINDOWS\~DFEE8A.tmp

end

 

 

*****************

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => Moved successfully.

HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => Key deleted successfully.

C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.

hitmanpro37 => Service deleted successfully.

C:\WINDOWS\system32\drivers\hitmanpro37.sys => Moved successfully.

C:\Program Files\Lavasoft => Moved successfully.

C:\Documents and Settings\Lily\Application Data\LavasoftStatistics => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Lavasoft => Moved successfully.

C:\Program Files\HitmanPro => Moved successfully.

C:\WINDOWS\~DF59D2.tmp => Moved successfully.

C:\WINDOWS\~DFEE8A.tmp => Moved successfully.

 

==== End of Fixlog ====

 

Thank you



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 20 December 2013 - 12:44 PM

Hey Lilly,

 

 

You are doing great so far! :)

Let's take a deeper look to see if anything still lurking in the system:

 

 

  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.46625204.png
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the customFix.png textbox.
  • Don't copy the word "quoted"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.
    %USERPROFILE%\*.*
    %USERPROFILE%\*.
    %USERPROFILE%\*.exe /s
    %USERPROFILE%\My Documents\*.exe /s
    %USERPROFILE%\Application Data\*.*
    %USERPROFILE%\Application Data\*.
    %USERPROFILE%\Local Settings\*.*
    %USERPROFILE%\Local Settings\*.
    %USERPROFILE%\Local Settings\Application Data\*.*
    %USERPROFILE%\Local Settings\Application Data\*.
    %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\*.*
    %AllUsersProfile%\*.
    %AllUsersProfile%\*.exe /s
    %AllUsersProfile%\DRM\*.tmp
    %AllUsersProfile%\Application Data\*.*
    %AllUsersProfile%\Application Data\*.
    %AllUsersProfile%\Documents\*.exe /s
    %CommonProgramFiles%\*.exe
    %CommonProgramFiles%\ComObjects\*.*
    %PROGRAMFILES%\*.*
    %PROGRAMFILES%\*.
    %systemroot%\system32\config\systemprofile\*.*
    %systemroot%\system32\config\systemprofile\*.
    %systemroot%\system32\config\systemprofile\*.exe /s
    %systemroot%\system32\config\systemprofile\Application Data\*.*
    %systemroot%\system32\config\systemprofile\Application Data\*.
    %systemroot%\system32\config\systemprofile\Local Settings\*.*
    %systemroot%\system32\config\systemprofile\Local Settings\*.
    %systemroot%\system32\config\systemprofile\Local Settings\Application Data\*.*
    %systemroot%\system32\config\systemprofile\Local Settings\Application Data\*.
    C:\Documents and Settings\Default User\*.exe /s
    C:\Documents and Settings\Default User\Application Data\*.*
    C:\Documents and Settings\Default User\Application Data\*.
    C:\Documents and Settings\Default User\Local Settings\*.*
    C:\Documents and Settings\Default User\Local Settings\*.
    C:\Documents and Settings\Default User\Local Settings\Application Data\*.*
    C:\Documents and Settings\Default User\Local Settings\Application Data\*.
    C:\Documents and Settings\LocalService\*.exe /s
    C:\Documents and Settings\LocalService\*.*
    C:\Documents and Settings\LocalService\Application Data\*.*
    C:\Documents and Settings\LocalService\Application Data\*.
    C:\Documents and Settings\LocalService\Local Settings\*.*
    C:\Documents and Settings\LocalService\Local Settings\*.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\*.*
    C:\Documents and Settings\LocalService\Local Settings\Application Data\*.
    C:\Documents and Settings\LocalService\Local Settings\temp\*.tlb
    C:\Documents and Settings\NetworkService\*.exe /s
    C:\Documents and Settings\NetworkService\*.*
    C:\Documents and Settings\NetworkService\Application Data\*.*
    C:\Documents and Settings\NetworkService\Application Data\*.
    C:\Documents and Settings\NetworkService\Local Settings\*.*
    C:\Documents and Settings\NetworkService\Local Settings\*.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.*
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.
    C:\Documents and Settings\NetworkService\Local Settings\temp\*.tlb
    C:\Documents and Settings\Guest Access\*.exe /s
    C:\Documents and Settings\Guest Access\*.*
    C:\Documents and Settings\Guest Access\Application Data\*.*
    C:\Documents and Settings\Guest Access\Application Data\*.
    C:\Documents and Settings\Guest Access\Local Settings\*.*
    C:\Documents and Settings\Guest Access\Local Settings\*.
    C:\Documents and Settings\Guest Access\Local Settings\Application Data\*.*
    C:\Documents and Settings\Guest Access\Local Settings\Application Data\*.
    %windir%\temp\*.exe /s
    %windir%\*.
    %windir%\AppPatch\*.exe
    %windir%\ShellNew\*.exe
    %windir%\installer\*.
    %windir%\system32\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %SYSTEMDRIVE%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s
    HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s
    HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s
    HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    type C:\WINDOWS\system.ini >> test.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    winlogon.exe
    userinit.exe
    smss.exe
    imapi.sys
    fastfat.sys
    atapi.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    tcpip.sys
    ipsec.sys
    kbdclass.sys
    mouclass.sys
    mouhid.sys
    hlp.dat
    str.sys
    crexv.ocx
    crexvx.ocx
    msseedir.dll
    msdr.dll
    lmbd.dll
    wsse.dll
    intel.exe
    WService.dll
    /md5stop
  • Push the runscanbutton.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

 

 

Regards,

Georgi


cXfZ4wS.png


#12 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:12 AM

Posted 20 December 2013 - 06:13 PM

Hi Georgi,

 

Thank you once again for all of your help :) 

 

I have now followed your instructions.  I downloaded and run OTL (making all necessary changes to the settings beforehand). 

 

After the scan finished, it only produced one report (OTL.txt).  The scan did not produce ‘Extra.txt’ (I checked for this and it was not minimized or saved to desktop).

 

Here is a copy of OTL.txt (the report is 58 pages long and too big to copy into a single post, so I have had to split the report over several posts):

 

OTL.txt:

OTL logfile created on: 20/12/2013 21:42:46 - Run 5

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Lily\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

511.00 Mb Total Physical Memory | 378.73 Mb Available Physical Memory | 74.11% Memory free

1.22 Gb Paging File | 1.00 Gb Available in Paging File | 82.51% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.75 Gb Total Space | 38.47 Gb Free Space | 34.43% Space Free | Partition Type: NTFS

 

Computer Name: D2DM8N0J | User Name: Lily | Logged in as Administrator.

Cannot determine boot mode. | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/12/20 21:30:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lily\Desktop\OTL.scr

PRC - [2013/01/18 10:06:36 | 000,188,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\BT Cloud\fshoster32.exe

PRC - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2003/03/13 11:36:24 | 000,078,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\LXBLPP5C.DLL

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2013/12/12 14:45:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/01/18 10:06:36 | 000,188,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\BT Cloud\fshoster32.exe -- (fshoster)

SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2003/05/19 15:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\YPcservice.exe -- (YPCService)

SRV - [2002/10/10 04:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - [2013/06/13 23:28:59 | 000,098,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SMR322.SYS -- (SMR322)

DRV - [2013/02/12 00:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS)

DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)

DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)

DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)

DRV - [2006/12/27 14:47:30 | 000,009,006 | ---- | M] (ZD Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vidcap.sys -- (vidcap)

DRV - [2006/12/27 14:47:30 | 000,009,006 | ---- | M] (ZD Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\scrcap.sys -- (scrcap)

DRV - [2006/03/24 16:53:07 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)

DRV - [2004/08/03 21:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)

DRV - [2004/08/03 21:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)

DRV - [2004/08/03 21:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)

DRV - [2004/08/03 21:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)

DRV - [2004/08/03 21:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)

DRV - [2004/08/03 21:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)

DRV - [2004/08/03 21:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)

DRV - [2004/08/03 21:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)

DRV - [2004/08/03 21:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)

DRV - [2004/08/03 21:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)

DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)

DRV - [2003/02/19 12:43:44 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2003/02/19 12:43:44 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2002/12/09 12:20:32 | 000,115,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)

DRV - [2002/12/09 12:20:20 | 000,134,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)

DRV - [2002/12/09 12:20:02 | 000,117,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)

DRV - [2002/12/09 12:19:50 | 000,493,568 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k)

DRV - [2002/12/04 13:35:44 | 000,298,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)

DRV - [2002/11/26 13:31:36 | 000,816,576 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)

DRV - [2002/11/26 13:30:32 | 000,135,728 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys -- (hap16v2k)

DRV - [2002/10/10 04:18:58 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)

DRV - [2002/10/09 03:09:58 | 000,010,477 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)

DRV - [2002/10/02 17:47:04 | 000,025,674 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)

DRV - [2002/10/02 17:46:58 | 000,030,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)

DRV - [2002/10/02 17:46:52 | 000,134,426 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)

DRV - [2002/10/02 17:43:20 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)

DRV - [2002/10/02 17:42:00 | 000,240,640 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)

DRV - [2002/09/27 18:56:50 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)

DRV - [2002/09/03 12:30:00 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)

DRV - [2002/09/03 12:28:22 | 000,186,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)

DRV - [2002/07/19 10:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2002/05/13 19:59:20 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)

DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\SearchScopes,DefaultScope = {D9CD7B06-1F0C-45CA-B87D-8643BED60DE6}

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\SearchScopes\{2624CA7D-96CE-4F9C-86B2-1FC800A4516D}: "URL" = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,17043,0,8,0

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\SearchScopes\{C37CDA7C-2F36-4485-A0B4-C677283E716E}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\SearchScopes\{CD23EF35-0E2D-4E4B-B5D8-648B41E93176}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\SearchScopes\{D9CD7B06-1F0C-45CA-B87D-8643BED60DE6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GPEA_en

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\SearchScopes\{F3D080AB-5ED9-4FC9-AEAE-0CA7580130C3}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com"

FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=ffds1&p="

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?fr=ffsp1&p="

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll File not found

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/16 08:35:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox

 

[2009/07/15 21:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lily\Application Data\Mozilla\Extensions

[2009/07/15 21:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lily\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/04/23 00:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default\extensions

[2010/02/18 21:59:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/05/09 22:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/07/16 08:36:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009/07/16 08:35:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/07/16 08:35:53 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2010/10/23 19:57:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2010/10/23 19:57:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2010/10/23 19:57:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2010/10/23 19:57:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2010/10/23 19:57:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2010/10/23 19:57:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2010/10/23 19:57:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

 

O1 HOSTS File: ([2013/06/16 00:51:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)

O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)

O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [Camera Detector] C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)

O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DataCaching] C:\Program Files\Data Caching\FlashKsk.exe ( )

O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)

O4 - HKLM..\Run: [F-Secure Hoster (47188)] C:\Program Files\BT Cloud\fshoster32.exe (F-Secure Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.)

O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\BTTotalBroadband220V\Help\SmartBridge\BTHelpNotifier.exe (Motive)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)

O4 - HKLM..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe ()

O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe (Lexmark)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)

O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found

O4 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q File not found

O4 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Documents and Settings\Lily\Local Settings\Application Data\adawarebp" /s /q File not found

O4 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BTTotalBroadband220V\Help\bin\matcli.exe (Motive Communications, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0

O7 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O15 - HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\..Trusted Domains:   ([]msn in My Computer)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab (Auctiva Image Uploader Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab (Java Plug-in 1.3.1)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9352B787-CDE7-4FA1-BE70-428485EB13F4}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)



#13 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:12 AM

Posted 20 December 2013 - 06:22 PM

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Lily\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lily\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: Remoteaccess -  File not found

NetSvcs: Sharedaccess -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: hitmanpro37 - Reg Error: Value error.

SafeBootMin: hitmanpro37.sys - Reg Error: Value error.

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: hitmanpro37 - Reg Error: Value error.

SafeBootNet: hitmanpro37.sys - Reg Error: Value error.

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: SharedAccess -  File not found

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java

ActiveX: {0968F9E0-5972-8733-1227-3467D16863BF} - Browser Customizations

ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1

ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.

ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

ActiveX: {34C70B70-8FFF-4179-A2EB-0819FFA38126} - Reg Error: Value error.

ActiveX: {362A5D5E-1BF6-4CA7-87B4-B6686F3C1BEF} - Reg Error: Value error.

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4a01a151-e350-4839-a2b8-03dc39d6c8e5} - Reg Error: Value error.

ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899

ActiveX: {4DAEE2D4-A471-42AC-97A2-4C2A79C77648} - Reg Error: Value error.

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework

ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)

ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour

ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - Reg Error: Value error.

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {944D7BBB-EA1D-43EB-B49F-F517CF2B6C9D} - Reg Error: Value error.

ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.

ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.

ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {CE734E0A-D6D3-4A92-AF9F-499BE87A025C} - Reg Error: Value error.

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567

ActiveX: {F4FE5839-9C90-D2B0-13CD-A7DB1101C573} - Internet Explorer

ActiveX: {F53CE5EC-1CD8-41EB-A220-F8EA247E3A06} - Reg Error: Value error.

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{64A10DCF-7FF1-4600-9824-DE0BCC2AA72E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\Vio\DVACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - vct3216.acm File not found

Drivers32: MSVideo - vfwwdm32.dll File not found

Drivers32: MSVideo8 - VfWWDM32.dll File not found

Drivers32: New Value #1 -  File not found

Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - DivX.dll File not found

Drivers32: VIDC.DRAW - DVIDEO.DLL File not found

Drivers32: VIDC.FPS1 - frapsvid.dll File not found

Drivers32: vidc.I420 - i420vfw.dll File not found

Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.MSUD - msulvc05.dll File not found

Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

Drivers32: VIDC.VP40 - vp4vfw.dll File not found

Drivers32: vidc.VP60 - vp6vfw.dll File not found

Drivers32: vidc.VP61 - vp6vfw.dll File not found

Drivers32: vidc.VP62 - vp6vfw.dll File not found

Drivers32: vidc.VP70 - vp7vfw.dll File not found

Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found

Drivers32: vidc.X264 - x264vfw.dll File not found

Drivers32: VIDC.YV12 - yv12vfw.dll File not found

Drivers32: VIDC.ZDSV - C:\WINDOWS\System32\scrvid.dll (ZD Soft, http://www.zdsoft.com/)

 

========== Files/Folders - Created Within 90 Days ==========

 

[2013/12/20 21:30:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lily\Desktop\OTL.scr

[2013/12/18 22:17:10 | 003,218,352 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Lily\Desktop\MCPR.exe

[2013/12/17 13:05:31 | 001,061,167 | ---- | C] (Farbar) -- C:\Documents and Settings\Lily\Desktop\FRST.exe

[2013/12/15 23:30:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/12/14 21:24:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2013/12/14 11:26:33 | 009,096,848 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Lily\Desktop\HitmanPro.exe

[2013/12/14 11:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lily\Desktop\RK_Quarantine

[2013/12/13 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/12/13 15:55:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/12/13 15:50:52 | 010,284,816 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Lily\Desktop\mbam-setup.exe

[2013/12/09 21:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP

[2013/11/15 15:08:20 | 000,000,000 | -HSD | C] -- C:\found.009

[2013/11/11 22:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lily\Desktop\Job Application

[2013/10/20 20:18:06 | 000,000,000 | ---D | C] -- C:\55658b8dc35c055bf5a4ed7c06af

[2013/10/20 20:17:37 | 000,000,000 | ---D | C] -- C:\8a23d12876d72914d2abb7

[2013/10/17 20:55:01 | 000,000,000 | ---D | C] -- C:\81aae620781a3413b326

[2013/10/17 20:54:33 | 000,000,000 | ---D | C] -- C:\01e40382363a4005d485

[2013/10/13 12:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lily\My Documents\My eBooks

[2013/10/10 16:55:22 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

[2013/09/24 19:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lily\My Documents\Computer Problems

[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[83 C:\Documents and Settings\Lily\Desktop\*.tmp files -> C:\Documents and Settings\Lily\Desktop\*.tmp -> ]

[18 C:\Documents and Settings\Lily\My Documents\*.tmp files -> C:\Documents and Settings\Lily\My Documents\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2013/12/20 21:30:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lily\Desktop\OTL.scr

[2013/12/20 21:26:50 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/12/20 21:16:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/12/20 21:15:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2013/12/20 21:15:35 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys

[2013/12/20 14:43:27 | 000,029,580 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx

[2013/12/20 14:43:26 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx

[2013/12/20 14:43:26 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx

[2013/12/20 14:43:26 | 000,029,580 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx

[2013/12/20 14:43:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2013/12/20 14:43:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2013/12/20 14:43:26 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

[2013/12/20 14:43:26 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

[2013/12/20 14:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/12/18 22:17:35 | 003,218,352 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Lily\Desktop\MCPR.exe

[2013/12/18 22:06:23 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2013/12/17 13:05:31 | 001,061,167 | ---- | M] (Farbar) -- C:\Documents and Settings\Lily\Desktop\FRST.exe

[2013/12/16 00:02:53 | 004,101,441 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\tdsskiller.zip

[2013/12/15 23:29:51 | 001,226,750 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\adwcleaner.exe

[2013/12/15 21:14:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\MBR.dat

[2013/12/14 23:56:02 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10031102}.CDF

[2013/12/14 13:26:18 | 000,000,038 | ---- | M] () -- C:\WINDOWS\BMUpdate.ini

[2013/12/14 13:25:53 | 000,000,550 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI

[2013/12/14 13:22:50 | 000,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI

[2013/12/14 11:28:22 | 009,096,848 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lily\Desktop\HitmanPro.exe

[2013/12/13 15:55:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/12/13 15:54:54 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Lily\Desktop\mbam-setup.exe

[2013/12/13 15:28:34 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Shortcut to iExplore.lnk

[2013/12/13 13:35:20 | 002,573,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/12/13 13:10:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/12/12 14:44:44 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/12/12 14:44:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/11/28 23:24:46 | 000,140,895 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\28 nov bt bill.pspimage

[2013/11/24 00:27:00 | 000,434,239 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\pspbrwse.jbf

[2013/11/21 23:14:20 | 000,027,966 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\baby giraffe.jpg

[2013/11/20 20:43:19 | 000,017,129 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Email to Jack rtf.rtf

[2013/11/20 19:46:36 | 000,217,088 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/11/18 13:29:13 | 000,087,281 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\changes by together coat.pspimage

[2013/11/17 21:22:06 | 000,146,627 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Letter from Job.jpg

[2013/11/14 13:29:44 | 000,005,853 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\diagram.jpg

[2013/11/13 02:59:42 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll

[2013/11/10 18:12:36 | 000,217,625 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\clerical officer job.pspimage

[2013/11/07 05:38:51 | 000,591,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll

[2013/11/04 23:00:49 | 000,091,131 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp11.pspimage

[2013/11/04 23:00:42 | 000,087,994 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp10.pspimage

[2013/11/04 23:00:36 | 000,091,958 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp9.pspimage

[2013/11/04 23:00:30 | 000,089,743 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp8.pspimage

[2013/11/04 23:00:23 | 000,089,668 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp7.pspimage

[2013/11/04 23:00:17 | 000,124,215 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp6.pspimage

[2013/11/04 23:00:09 | 000,101,661 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp5.pspimage

[2013/11/04 23:00:03 | 000,095,078 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp4.pspimage

[2013/11/04 22:59:55 | 000,095,907 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp3.pspimage

[2013/11/04 22:59:44 | 000,097,095 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp2.pspimage

[2013/11/04 22:59:35 | 000,120,350 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\riapp1.pspimage

[2013/11/01 23:45:18 | 000,056,896 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\CV - Lily.rtf

[2013/10/30 02:26:17 | 001,879,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys

[2013/10/30 02:26:17 | 001,879,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

[2013/10/29 07:57:34 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll

[2013/10/29 07:57:34 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

[2013/10/29 07:57:34 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll

[2013/10/29 07:57:34 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll

[2013/10/29 07:57:34 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll

[2013/10/29 07:57:34 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll

[2013/10/29 07:57:33 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2013/10/29 07:57:33 | 006,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2013/10/29 07:57:33 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2013/10/29 07:57:33 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl

[2013/10/29 07:57:33 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl

[2013/10/29 07:57:33 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2013/10/29 07:57:33 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll

[2013/10/29 07:57:33 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2013/10/29 07:57:33 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll

[2013/10/29 07:57:33 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll

[2013/10/29 07:57:33 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll

[2013/10/29 07:57:33 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll

[2013/10/29 07:57:33 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll

[2013/10/29 07:57:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll

[2013/10/29 07:57:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll

[2013/10/29 07:57:33 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll

[2013/10/29 07:57:33 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll

[2013/10/29 07:57:33 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2013/10/29 07:57:33 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll

[2013/10/29 07:57:33 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll

[2013/10/29 07:57:33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll

[2013/10/29 07:57:33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll

[2013/10/29 07:57:33 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll

[2013/10/29 07:57:33 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll

[2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe

[2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe

[2013/10/29 00:45:02 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec

[2013/10/27 14:40:16 | 000,363,734 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2013/10/27 14:40:15 | 000,045,408 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2013/10/24 21:10:31 | 000,597,785 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\horse.pspimage

[2013/10/23 23:45:49 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll

[2013/10/23 22:08:39 | 000,464,013 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\print screened 23 oct.pspimage

[2013/10/15 21:56:44 | 000,080,778 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Photo 2 (Front).jpg

[2013/10/15 21:56:30 | 000,068,112 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Photo 1 (Side View).jpg

[2013/10/12 23:26:33 | 000,910,427 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\csfb3.pspimage

[2013/10/12 23:26:20 | 000,422,422 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\csfb1.pspimage

[2013/10/12 15:56:19 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll

[2013/10/09 23:21:35 | 000,235,823 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\cs5.pspimage

[2013/10/09 23:21:30 | 000,274,344 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\cs4.pspimage

[2013/10/09 23:21:23 | 000,712,659 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\cs3.pspimage

[2013/10/09 23:21:11 | 000,631,246 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\cs2.pspimage

[2013/10/09 23:20:53 | 000,802,740 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\cs1.pspimage

[2013/10/09 23:11:02 | 000,311,189 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\9 oct cw4.pspimage

[2013/10/09 23:07:35 | 000,211,296 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\9 oct cw3.pspimage

[2013/10/09 23:07:13 | 000,466,647 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\9 oct cw2.pspimage

[2013/10/09 23:06:18 | 000,548,267 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\9 oct cw 1.pspimage

[2013/10/09 19:06:32 | 000,236,351 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\jd2013.pspimage

[2013/10/09 18:48:59 | 000,965,879 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\2013 aw.pspimage

[2013/10/09 13:12:48 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll

[2013/10/07 10:59:21 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll

[2013/10/06 00:22:22 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10031102}.BAK

[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[83 C:\Documents and Settings\Lily\Desktop\*.tmp files -> C:\Documents and Settings\Lily\Desktop\*.tmp -> ]

[18 C:\Documents and Settings\Lily\My Documents\*.tmp files -> C:\Documents and Settings\Lily\My Documents\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/12/16 00:02:52 | 004,101,441 | ---- | C] () -- C:\Documents and Settings\Lily\Desktop\tdsskiller.zip

[2013/12/15 23:29:51 | 001,226,750 | ---- | C] () -- C:\Documents and Settings\Lily\Desktop\adwcleaner.exe

[2013/12/15 21:14:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lily\Desktop\MBR.dat

[2013/12/13 15:55:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/12/13 15:28:34 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\Lily\Desktop\Shortcut to iExplore.lnk

[2013/11/28 23:24:46 | 000,140,895 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\28 nov bt bill.pspimage

[2013/11/21 23:14:40 | 000,027,966 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\baby giraffe.jpg

[2013/11/20 19:46:25 | 000,017,129 | ---- | C] () -- C:\Documents and Settings\Lily\Desktop\Email to Jack rtf.rtf

[2013/11/18 13:29:12 | 000,087,281 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\changes by together coat.pspimage

[2013/11/17 21:23:51 | 000,146,627 | ---- | C] () -- C:\Documents and Settings\Lily\Desktop\Letter from Job.jpg

[2013/11/14 13:29:43 | 000,005,853 | ---- | C] () -- C:\Documents and Settings\Lily\Desktop\diagram.jpg

[2013/11/10 18:12:31 | 000,217,625 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\clerical officer job.pspimage

[2013/11/04 23:00:49 | 000,091,131 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp11.pspimage

[2013/11/04 23:00:42 | 000,087,994 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp10.pspimage

[2013/11/04 23:00:36 | 000,091,958 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp9.pspimage

[2013/11/04 23:00:30 | 000,089,743 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp8.pspimage

[2013/11/04 23:00:23 | 000,089,668 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp7.pspimage

[2013/11/04 23:00:16 | 000,124,215 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp6.pspimage

[2013/11/04 23:00:08 | 000,101,661 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp5.pspimage

[2013/11/04 23:00:03 | 000,095,078 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp4.pspimage

[2013/11/04 22:59:55 | 000,095,907 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp3.pspimage

[2013/11/04 22:59:44 | 000,097,095 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp2.pspimage

[2013/11/04 22:59:34 | 000,120,350 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\riapp1.pspimage

[2013/11/01 23:45:18 | 000,056,896 | ---- | C] () -- C:\Documents and Settings\Lily\Desktop\CV - Lily.rtf

[2013/10/24 21:10:28 | 000,597,785 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\horse.pspimage

[2013/10/23 22:08:39 | 000,464,013 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\print screened 23 oct.pspimage

[2013/10/15 22:06:17 | 000,080,778 | ---- | C] () -- C:\Documents and Settings\Lily\Desktop\Photo 2 (Front).jpg

[2013/10/15 22:06:17 | 000,068,112 | ---- | C] () -- C:\Documents and Settings\Lily\Desktop\Photo 1 (Side View).jpg

[2013/10/12 23:26:32 | 000,910,427 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\csfb3.pspimage

[2013/10/12 23:26:20 | 000,422,422 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\csfb1.pspimage

[2013/10/09 23:21:35 | 000,235,823 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\cs5.pspimage

[2013/10/09 23:21:29 | 000,274,344 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\cs4.pspimage

[2013/10/09 23:21:22 | 000,712,659 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\cs3.pspimage

[2013/10/09 23:21:08 | 000,631,246 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\cs2.pspimage

[2013/10/09 23:20:50 | 000,802,740 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\cs1.pspimage

[2013/10/09 23:10:50 | 000,311,189 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\9 oct cw4.pspimage

[2013/10/09 23:07:34 | 000,211,296 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\9 oct cw3.pspimage

[2013/10/09 23:07:12 | 000,466,647 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\9 oct cw2.pspimage

[2013/10/09 23:06:10 | 000,548,267 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\9 oct cw 1.pspimage

[2013/10/09 19:06:30 | 000,236,351 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\jd2013.pspimage

[2013/10/09 18:48:49 | 000,965,879 | ---- | C] () -- C:\Documents and Settings\Lily\My Documents\2013 aw.pspimage

[2013/06/14 22:14:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2013/06/13 23:29:03 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\SMR322.dat

[2013/06/12 14:42:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/09/18 00:19:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ

[2012/02/14 22:43:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/07/08 22:40:20 | 000,000,008 | -HS- | C] () -- C:\Documents and Settings\Lily\Application Data\date

[2011/07/08 22:40:12 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Lily\Application Data\evf6

[2007/11/10 13:35:58 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2003/08/24 12:04:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lily\Application Data\dm.ini

[2003/03/08 16:01:08 | 000,217,088 | ---- | C] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2003/03/08 12:49:27 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\fusioncache.dat

 

========== ZeroAccess Check ==========

 

[2003/02/19 12:35:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)



#14 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:12 AM

Posted 20 December 2013 - 06:26 PM

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2011/09/30 08:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.D2DM8N0J.000\Application Data\Ityzyc

[2013/04/17 00:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5856326AF11C49CA00005855DA1A4F02

[2008/03/12 18:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2003/02/19 12:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2007/11/05 13:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success

[2011/04/16 19:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2013/06/14 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2010/06/28 19:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2013/07/11 23:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2003/05/05 13:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2011/05/04 17:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

[2010/10/23 20:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/04/17 16:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}

[2008/03/12 18:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\ACD Systems

[2011/04/16 19:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\BitZipper

[2010/06/09 08:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Five

[2011/10/10 11:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\GrabPro

[2011/09/09 01:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\ImgBurn

[2003/03/09 16:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Jasc

[2011/07/17 10:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Kiorim

[2006/06/21 23:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Leadertech

[2010/06/21 09:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\LG Electronics

[2003/05/04 22:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\MGI

[2011/08/21 17:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Omcyax

[2011/10/10 11:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Orbit

[2011/10/10 11:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\ProgSense

[2010/08/19 20:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Qidy

[2011/04/16 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\RegistryKeys

[2005/04/10 16:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\SmartDraw

[2003/03/06 17:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Template

[2003/07/04 21:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\The Labyrinth Plus! Edition

[2003/05/05 14:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Ulead Systems

[2011/05/04 17:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Visan

[2003/09/06 21:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Xara

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2013/06/15 19:19:36 | 000,002,953 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2013/06/15 19:38:00 | 000,003,173 | ---- | M] () -- C:\AdwCleaner[S1].txt

[2002/09/03 08:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2011/09/02 12:06:57 | 000,000,210 | -HS- | M] () -- C:\Boot.bak

[2013/06/14 09:46:19 | 000,000,281 | -HS- | M] () -- C:\boot.ini

[2002/09/03 08:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS

[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2013/07/22 19:11:00 | 000,016,647 | ---- | M] () -- C:\ComboFix.txt

[2002/09/03 08:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2003/02/19 12:17:46 | 000,003,702 | R--- | M] () -- C:\DELL.SDR

[2013/10/10 22:32:19 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log

[2013/12/20 21:15:35 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/16 21:04:07 | 000,302,592 | ---- | M] () -- C:\ik2ny7sq.exe

[2002/09/03 08:59:58 | 000,000,000 | ---- | M] () -- C:\IO.SYS

[2011/08/21 23:29:03 | 000,000,159 | -H-- | M] () -- C:\IPH.PH

[2013/02/05 15:42:06 | 000,002,817 | ---- | M] () -- C:\lxal.log

[2011/04/17 16:40:32 | 000,000,765 | ---- | M] () -- C:\Micrografx Media Manager.lnk

[2011/04/17 16:40:32 | 000,000,675 | ---- | M] () -- C:\Micrografx Windows Draw.lnk

[2002/09/03 08:59:58 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS

[2009/07/21 17:52:14 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/07/27 16:32:22 | 000,250,048 | RHS- | M] () -- C:\NTLDR

[2013/12/20 21:15:23 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

[2011/08/28 12:01:38 | 000,005,973 | ---- | M] () -- C:\Resetlog.txt

[2011/06/28 12:07:21 | 000,000,528 | ---- | M] () -- C:\rkill.log

[2011/09/24 18:00:44 | 000,001,452 | ---- | M] () -- C:\SAFEBOOT_REPAIR.TXT

[2011/09/23 14:22:27 | 000,001,402 | ---- | M] () -- C:\serf_conf.txt

[2011/09/23 19:13:52 | 000,063,134 | ---- | M] () -- C:\TDSSKiller.2.6.0.0_23.09.2011_20.09.49_log.txt

[2011/09/23 19:21:07 | 000,001,818 | ---- | M] () -- C:\TDSSKiller.2.6.0.0_23.09.2011_20.20.52_log.txt

[2011/09/23 19:26:24 | 000,061,688 | ---- | M] () -- C:\TDSSKiller.2.6.0.0_23.09.2011_20.23.37_log.txt

[2013/12/16 00:00:04 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_15.12.2013_23.59.56_log.txt

[2013/06/27 19:02:18 | 000,003,402 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_27.06.2013_20.01.11_log.txt

[2013/06/27 22:00:41 | 000,115,420 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_27.06.2013_20.44.46_log.txt

[2013/06/14 10:02:03 | 000,102,346 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_14.06.2013_10.58.43_log.txt

[2013/12/16 00:03:44 | 000,000,492 | ---- | M] () -- C:\TDSSKiller.3.0.0.19_16.12.2013_00.03.17_log.txt

[2011/08/23 15:04:11 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat

[2000/07/21 09:40:00 | 000,002,048 | ---- | M] () -- C:\w2ksect.bin

[2011/03/31 13:50:31 | 006,102,682 | ---- | M] () -- C:\wialog.txt

[2011/09/08 23:24:37 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\XPSP3.EXE.exe

 

< %SYSTEMDRIVE%\*. >

[2013/10/17 20:54:55 | 000,000,000 | ---D | M] -- C:\01e40382363a4005d485

[2012/05/17 11:57:31 | 000,000,000 | ---D | M] -- C:\27a13f1c64075d9ce0b232292da2308b

[2012/05/26 17:26:58 | 000,000,000 | ---D | M] -- C:\292d573d579209f21958

[2012/04/26 01:30:54 | 000,000,000 | ---D | M] -- C:\295d0f3be93a5a122330

[2012/06/04 10:05:52 | 000,000,000 | ---D | M] -- C:\37d1d4c0e05008b7434c07a3b370ae89

[2013/10/20 20:18:17 | 000,000,000 | ---D | M] -- C:\55658b8dc35c055bf5a4ed7c06af

[2011/10/14 11:24:58 | 000,000,000 | ---D | M] -- C:\5acf5e0c375601ff6077dc

[2012/05/26 11:01:37 | 000,000,000 | ---D | M] -- C:\67cea43920c1facfa6f4d9cf831545d2

[2012/05/06 12:38:34 | 000,000,000 | ---D | M] -- C:\777ef4bdb56dbbc33d776fea20d0f856

[2012/05/28 02:02:14 | 000,000,000 | ---D | M] -- C:\808c336e68b4135c59

[2013/10/17 20:55:21 | 000,000,000 | ---D | M] -- C:\81aae620781a3413b326

[2013/10/20 20:18:03 | 000,000,000 | ---D | M] -- C:\8a23d12876d72914d2abb7

[2012/05/14 02:03:43 | 000,000,000 | ---D | M] -- C:\912a8614f5539d25eea2

[2013/12/15 23:31:51 | 000,000,000 | ---D | M] -- C:\AdwCleaner

[2010/11/21 22:47:08 | 000,000,000 | ---D | M] -- C:\After Dark

[2012/06/07 12:02:02 | 000,000,000 | ---D | M] -- C:\b9d84c594922908e5035

[2003/06/10 10:55:31 | 000,000,000 | ---D | M] -- C:\BBC

[2011/03/10 22:39:48 | 000,000,000 | ---D | M] -- C:\BODY6

[2003/06/09 20:35:54 | 000,000,000 | ---D | M] -- C:\CASCAiD

[2012/06/08 19:41:42 | 000,000,000 | ---D | M] -- C:\cbb792a4b9842acdbf14090d

[2011/09/14 19:44:54 | 000,000,000 | RHSD | M] -- C:\cmdcons

[2013/12/18 22:05:38 | 000,000,000 | ---D | M] -- C:\Config.Msi

[2012/05/24 02:04:06 | 000,000,000 | ---D | M] -- C:\d78397657c4a02ab495dcd1842c296be

[2011/09/30 08:16:49 | 000,000,000 | ---D | M] -- C:\DELL

[2003/05/04 22:52:16 | 000,000,000 | ---D | M] -- C:\Disney Interactive

[2011/08/21 13:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings

[2011/10/10 11:15:39 | 000,000,000 | ---D | M] -- C:\Downloads

[2003/02/19 11:56:38 | 000,000,000 | ---D | M] -- C:\DRIVERS

[2012/05/07 02:02:01 | 000,000,000 | ---D | M] -- C:\fab8a4f79a03d15780afd7

[2012/05/27 17:04:16 | 000,000,000 | ---D | M] -- C:\fbb96846701887105a825ff8

[2010/11/21 13:28:26 | 000,000,000 | ---D | M] -- C:\Focus

[2003/04/23 15:24:03 | 000,000,000 | ---D | M] -- C:\found.000

[2010/03/31 09:45:36 | 000,000,000 | ---D | M] -- C:\found.001

[2011/03/07 10:00:22 | 000,000,000 | ---D | M] -- C:\found.002

[2013/04/17 14:01:34 | 000,000,000 | ---D | M] -- C:\found.003

[2013/05/16 14:40:09 | 000,000,000 | ---D | M] -- C:\found.004

[2013/06/12 19:35:37 | 000,000,000 | ---D | M] -- C:\found.005

[2013/06/27 19:23:00 | 000,000,000 | ---D | M] -- C:\found.006

[2013/08/17 12:29:45 | 000,000,000 | -HSD | M] -- C:\found.007

[2013/09/13 12:13:47 | 000,000,000 | -HSD | M] -- C:\found.008

[2013/11/15 15:08:20 | 000,000,000 | -HSD | M] -- C:\found.009

[2003/12/28 15:07:02 | 000,000,000 | ---D | M] -- C:\freeserve

[2013/07/03 11:06:18 | 000,000,000 | ---D | M] -- C:\FRST

[2003/03/31 16:27:00 | 000,000,000 | ---D | M] -- C:\Games

[2011/09/30 11:03:55 | 000,000,000 | ---D | M] -- C:\I386

[2003/03/06 21:40:37 | 000,000,000 | ---D | M] -- C:\ISB

[2013/12/15 23:33:54 | 000,000,000 | ---D | M] -- C:\JRT

[2003/09/11 21:21:09 | 000,000,000 | ---D | M] -- C:\LETTS

[2011/09/30 11:02:02 | 000,000,000 | ---D | M] -- C:\MORPHER

[2008/02/23 18:07:57 | 000,000,000 | R--D | M] -- C:\MSOCache

[2011/08/21 21:08:15 | 000,000,000 | ---D | M] -- C:\mult2

[2004/02/20 22:47:23 | 000,000,000 | ---D | M] -- C:\My Pictures

[2007/09/11 12:21:51 | 000,000,000 | ---D | M] -- C:\OEFONT

[2003/03/06 16:02:59 | 000,000,000 | ---D | M] -- C:\OnSpec

[2013/12/20 12:45:59 | 000,000,000 | R--D | M] -- C:\Program Files

[2013/07/22 19:11:12 | 000,000,000 | ---D | M] -- C:\Qoobox

[2013/08/04 22:58:45 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2010/03/27 13:30:09 | 000,000,000 | ---D | M] -- C:\ScanSoft Documents

[2010/03/27 13:22:51 | 000,000,000 | ---D | M] -- C:\Screen Recordings

[2011/09/30 08:06:38 | 000,000,000 | ---D | M] -- C:\SmartDraw

[2010/06/21 10:03:26 | 000,000,000 | ---D | M] -- C:\Sounds

[2011/07/20 14:11:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010/08/15 13:07:38 | 000,000,000 | ---D | M] -- C:\temp

[2011/03/02 16:07:45 | 000,000,000 | ---D | M] -- C:\Video Recordings

[2013/12/20 12:45:59 | 000,000,000 | ---D | M] -- C:\WINDOWS

[2007/09/11 12:21:38 | 000,000,000 | ---D | M] -- C:\XFonts

[2011/09/30 08:06:03 | 000,000,000 | ---D | M] -- C:\XPSETUP

[2011/08/30 16:55:31 | 000,000,000 | ---D | M] -- C:\_OTL

 

< %USERPROFILE%\*.* >

[2013/12/20 14:42:40 | 018,087,936 | ---- | M] () -- C:\Documents and Settings\Lily\ntuser.dat

[2013/12/20 21:48:41 | 000,638,976 | ---- | M] () -- C:\Documents and Settings\Lily\ntuser.dat.LOG

[2013/12/20 14:42:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lily\NTUSER.INI

 

< %USERPROFILE%\*. >

[2009/07/17 09:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\.java

[2013/12/20 12:45:59 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Lily\Application Data

[2013/06/14 22:33:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Lily\BT Cloud

[2013/12/20 21:23:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Lily\Cookies

[2013/12/20 21:42:31 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Lily\Desktop

[2013/12/01 22:10:42 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Lily\Favorites

[2009/07/23 18:11:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Lily\IECompatCache

[2009/07/23 18:01:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Lily\IETldCache

[2013/12/19 13:46:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lily\Local Settings

[2013/12/02 23:43:36 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Lily\My Documents

[2013/11/04 17:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\NetHood

[2003/02/19 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\PrintHood

[2009/07/23 18:09:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Lily\PrivacIE

[2013/12/20 21:42:30 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Lily\Recent

[2011/02/18 15:09:23 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Lily\SendTo

[2011/06/21 18:31:22 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Lily\Start Menu

[2011/07/17 20:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Templates

[2003/03/10 11:50:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Lily\UserData

 

< %USERPROFILE%\*.exe /s >

[2011/09/09 12:03:10 | 000,049,152 | ---- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Lily\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\Anim3Premium.exe

[2011/09/09 12:03:10 | 000,014,278 | R--- | M] () -- C:\Documents and Settings\Lily\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\ARPPRODUCTICON.exe

[2011/09/09 12:03:10 | 000,014,278 | R--- | M] () -- C:\Documents and Settings\Lily\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\PaintShopPro8_Premium.exe

[2003/04/06 20:47:27 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Lily\Application Data\Microsoft\Installer\{CCF08FE4-C3CD-475B-9960-9F53EAF1808C}\CameraIcon.exe

[2013/12/15 23:29:51 | 001,226,750 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\adwcleaner.exe

[2013/06/14 22:13:53 | 000,815,248 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Lily\Desktop\BTNetworkInstaller_C-BZARC-9DPAA-6XBY6-Q942U_.exe

[2013/12/17 13:05:31 | 001,061,167 | ---- | M] (Farbar) -- C:\Documents and Settings\Lily\Desktop\FRST.exe

[2013/12/14 11:28:22 | 009,096,848 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lily\Desktop\HitmanPro.exe

[2013/12/13 15:54:54 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Lily\Desktop\mbam-setup.exe

[2013/12/18 22:17:35 | 003,218,352 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Lily\Desktop\MCPR.exe

[83 C:\Documents and Settings\Lily\Desktop\*.tmp files -> C:\Documents and Settings\Lily\Desktop\*.tmp -> ]

[2013/06/14 10:19:51 | 009,171,472 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lily\Desktop\Antivirus Software\HitmanPro.exe

[2013/04/17 00:19:46 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Lily\Desktop\Antivirus Software\mbam-setup-1.75.0.1300.exe

[2013/06/13 23:24:38 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Lily\Desktop\Antivirus Software\NPE.exe

[2013/06/14 09:58:04 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lily\Desktop\Antivirus Software\tdsskiller.exe

[2013/07/02 18:26:30 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\aswMBR.exe

[2011/08/27 20:16:04 | 000,092,296 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\BullGuardDownloader.exe

[2013/07/22 17:59:45 | 005,091,940 | R--- | M] (Swearware) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\ComboFix.exe

[2013/07/03 11:04:40 | 001,372,429 | ---- | M] (Farbar) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\FRST.exe

[2013/06/28 10:38:40 | 000,356,397 | ---- | M] (Farbar) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\FSS.exe

[2013/07/11 23:41:52 | 009,171,472 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\HitmanPro.exe

[2013/04/17 00:16:55 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\iExplore.exe

[2013/06/15 18:17:08 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\JRT.exe

[2011/09/23 11:35:29 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\mbam-setup-1.51.2.1300.exe

[2011/09/29 11:22:21 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\mseinstall.exe

[2011/09/29 11:37:40 | 074,548,624 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\msert.exe

[2011/09/28 23:57:05 | 002,562,040 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\NPE.exe

[2011/09/22 21:35:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\OTL.exe

[2013/06/14 10:24:58 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\RogueKiller.exe

[2011/08/28 11:25:59 | 000,062,894 | ---- | M] (                                                                                            ) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\SafeBootKeyRepair-CF.exe

[2011/09/24 17:34:12 | 000,288,654 | ---- | M] (                                                                                            ) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\SafeBootKeyRepair.exe

[2013/07/25 11:33:42 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\ServicesRepair.exe

[2011/09/08 22:54:42 | 005,514,668 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\SetupImgBurn_2.5.5.0.exe

[2011/08/27 20:14:29 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\spybotsd162.exe

[2013/06/26 14:00:47 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\tdsskiller.exe

[2011/09/14 19:34:47 | 004,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[2011/08/29 12:14:57 | 000,770,560 | ---- | M] (Лаборатория Касперского, 2007-2010) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\avz4\avz4\avz.exe

[2012/07/09 05:29:51 | 001,887,056 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\CC Support\Tools\ServicesRepair\ServicesRepair_x32.exe

[2013/07/02 18:28:29 | 000,755,784 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\mbar-1.06.0.1004\fixdamage.exe

[2013/07/02 18:28:29 | 000,769,096 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\mbar-1.06.0.1004\mbar\mbar.exe

[2011/09/23 19:09:02 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lily\Desktop\Fixing Programs\tdsskiller\TDSSKiller.exe

[2010/02/15 19:53:33 | 007,876,406 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Internet Programmes\8700.303110.EN.exe

[2011/06/23 12:54:48 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lily\Desktop\Internet Programmes\killtdss.exe

[2011/06/21 18:56:21 | 011,454,936 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Lily\Desktop\Internet Programmes\sa.exe

[2011/06/21 17:39:00 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Lily\Desktop\Internet Programmes\SystemLook.exe

[2013/06/13 12:18:00 | 000,551,408 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Lily\Desktop\McAfee\rootkitremover.exe

[2013/06/13 12:21:02 | 003,795,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Lily\Desktop\McAfee\SecurityScan_Release.exe

[2007/11/12 20:06:04 | 002,635,902 | ---- | M] (Ares Tube                                                   ) -- C:\Documents and Settings\Lily\My Documents\Computer\Ares_Tube_Setup.exe

[2009/07/26 22:50:48 | 002,367,288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\earl.exe

[2007/07/30 13:57:27 | 002,514,657 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Computer\fpxp.exe

[2010/06/28 18:25:49 | 006,110,528 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lily\My Documents\Computer\HitmanPro35.exe

[2007/11/04 13:15:16 | 029,662,072 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\IE7-WindowsServer2003-x64-enu.exe

[2007/11/04 12:59:52 | 015,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\IE7-WindowsXP-x86-enu.exe

[2010/10/23 19:44:37 | 075,019,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Lily\My Documents\Computer\iTunesSetup.exe

[2007/11/04 14:21:31 | 012,754,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\MP10Setup.exe

[2007/11/12 19:50:58 | 002,112,080 | ---- | M] (www.orbitdownloader.com                                     ) -- C:\Documents and Settings\Lily\My Documents\Computer\OrbitDownloaderSetup.exe

[2007/11/10 13:32:58 | 021,321,008 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Lily\My Documents\Computer\QuickTimeInstaller.exe

[2010/02/18 21:05:29 | 001,413,912 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Computer\setup_Bob_Designer.exe

[2009/12/06 01:48:18 | 001,413,704 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Computer\setup_Jessops.exe

[2007/11/12 18:46:21 | 000,092,955 | ---- | M] (NirSoft) -- C:\Documents and Settings\Lily\My Documents\Computer\videocacheview_setup.exe

[2008/02/23 18:07:42 | 012,307,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\wdviewer.exe

[2007/11/02 11:05:13 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\wmp11-windowsxp-x86-enu.exe

[2010/08/19 20:08:56 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Computer\Antivirus\avira_antivir_personal_en.exe

[1996/02/23 00:53:02 | 000,458,512 | ---- | M] (Syntrillium Software Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\Cool Pro\coolpro153\COOL.EXE

[2002/03/11 07:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\Drivers\instmsia.exe

[2002/03/11 08:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\Drivers\instmsiw.exe

[2003/02/05 17:02:10 | 000,395,158 | ---- | M] (Broadcom                                                     ) -- C:\Documents and Settings\Lily\My Documents\Computer\Drivers\setup.exe

[2003/03/06 22:18:29 | 008,303,800 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Lily\My Documents\Computer\Technical Folders\r1p-bbc-en-setup.exe

[2009/10/23 12:08:44 | 000,440,808 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Lily\My Documents\Computer\Yahoo Messenger\msgr9uk.exe

[2010/07/22 21:33:12 | 000,555,576 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Family Tree\The Walkers\Ancestry\family_tree_builder.exe

[2010/07/18 17:01:44 | 000,055,088 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Family Tree\The Walkers\Ancestry\MFInstall.exe

[2004/05/03 01:23:55 | 006,076,024 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Interesting Images and Quotes\Bubblegum Characters\smartdraw_trial_1301.exe

[2007/11/12 19:26:17 | 002,231,872 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\My Videos\FLV\FLVPlayerSetup.exe

[2007/11/12 21:20:38 | 001,988,941 | ---- | M] (ZD Soft) -- C:\Documents and Settings\Lily\My Documents\My Videos\ZD Soft Screen Recorder\SRSetup.exe

[2007/11/12 21:42:59 | 002,043,331 | ---- | M] (ZD Soft) -- C:\Documents and Settings\Lily\My Documents\My Videos\ZD Soft Screen Recorder\VRSetup.exe

[2009/06/01 09:32:59 | 008,090,279 | ---- | M] (BOB Books Ltd.                                              ) -- C:\Documents and Settings\Lily\My Documents\Photography\Photographs to Order\Bob Designer\Setup_BobBooks.exe

[2010/01/19 00:34:26 | 001,413,912 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Photography\Photographs to Order\Bob Designer\setup_Bob_Designer.exe

 

< %USERPROFILE%\My Documents\*.exe /s >

[2007/11/12 20:06:04 | 002,635,902 | ---- | M] (Ares Tube                                                   ) -- C:\Documents and Settings\Lily\My Documents\Computer\Ares_Tube_Setup.exe

[2009/07/26 22:50:48 | 002,367,288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\earl.exe

[2007/07/30 13:57:27 | 002,514,657 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Computer\fpxp.exe

[2010/06/28 18:25:49 | 006,110,528 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lily\My Documents\Computer\HitmanPro35.exe

[2007/11/04 13:15:16 | 029,662,072 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\IE7-WindowsServer2003-x64-enu.exe

[2007/11/04 12:59:52 | 015,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\IE7-WindowsXP-x86-enu.exe

[2010/10/23 19:44:37 | 075,019,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Lily\My Documents\Computer\iTunesSetup.exe

[2007/11/04 14:21:31 | 012,754,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\MP10Setup.exe

[2007/11/12 19:50:58 | 002,112,080 | ---- | M] (www.orbitdownloader.com                                     ) -- C:\Documents and Settings\Lily\My Documents\Computer\OrbitDownloaderSetup.exe

[2007/11/10 13:32:58 | 021,321,008 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Lily\My Documents\Computer\QuickTimeInstaller.exe

[2010/02/18 21:05:29 | 001,413,912 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Computer\setup_Bob_Designer.exe

[2009/12/06 01:48:18 | 001,413,704 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Computer\setup_Jessops.exe

[2007/11/12 18:46:21 | 000,092,955 | ---- | M] (NirSoft) -- C:\Documents and Settings\Lily\My Documents\Computer\videocacheview_setup.exe

[2008/02/23 18:07:42 | 012,307,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\wdviewer.exe

[2007/11/02 11:05:13 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\wmp11-windowsxp-x86-enu.exe

[2010/08/19 20:08:56 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Computer\Antivirus\avira_antivir_personal_en.exe

[1996/02/23 00:53:02 | 000,458,512 | ---- | M] (Syntrillium Software Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\Cool Pro\coolpro153\COOL.EXE

[2002/03/11 07:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\Drivers\instmsia.exe

[2002/03/11 08:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lily\My Documents\Computer\Drivers\instmsiw.exe

[2003/02/05 17:02:10 | 000,395,158 | ---- | M] (Broadcom                                                     ) -- C:\Documents and Settings\Lily\My Documents\Computer\Drivers\setup.exe

[2003/03/06 22:18:29 | 008,303,800 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Lily\My Documents\Computer\Technical Folders\r1p-bbc-en-setup.exe

[2009/10/23 12:08:44 | 000,440,808 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Lily\My Documents\Computer\Yahoo Messenger\msgr9uk.exe

[2010/07/22 21:33:12 | 000,555,576 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Family Tree\The Walkers\Ancestry\family_tree_builder.exe

[2010/07/18 17:01:44 | 000,055,088 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Family Tree\The Walkers\Ancestry\MFInstall.exe

[2004/05/03 01:23:55 | 006,076,024 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Interesting Images and Quotes\Bubblegum Characters\smartdraw_trial_1301.exe

[2007/11/12 19:26:17 | 002,231,872 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\My Videos\FLV\FLVPlayerSetup.exe

[2007/11/12 21:20:38 | 001,988,941 | ---- | M] (ZD Soft) -- C:\Documents and Settings\Lily\My Documents\My Videos\ZD Soft Screen Recorder\SRSetup.exe

[2007/11/12 21:42:59 | 002,043,331 | ---- | M] (ZD Soft) -- C:\Documents and Settings\Lily\My Documents\My Videos\ZD Soft Screen Recorder\VRSetup.exe

[2009/06/01 09:32:59 | 008,090,279 | ---- | M] (BOB Books Ltd.                                              ) -- C:\Documents and Settings\Lily\My Documents\Photography\Photographs to Order\Bob Designer\Setup_BobBooks.exe

[2010/01/19 00:34:26 | 001,413,912 | ---- | M] () -- C:\Documents and Settings\Lily\My Documents\Photography\Photographs to Order\Bob Designer\setup_Bob_Designer.exe

 

< %USERPROFILE%\Application Data\*.* >

[2011/07/09 10:29:22 | 000,000,008 | -HS- | M] () -- C:\Documents and Settings\Lily\Application Data\date

[2002/09/03 08:50:46 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Lily\Application Data\DESKTOP.INI

[2003/11/30 14:00:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lily\Application Data\dm.ini

[2011/07/09 10:29:16 | 000,000,002 | -HS- | M] () -- C:\Documents and Settings\Lily\Application Data\evf6

[2012/03/04 15:08:02 | 000,235,440 | ---- | M] () -- C:\Documents and Settings\Lily\Application Data\GDIPFONTCACHEV1.DAT

 

< %USERPROFILE%\Application Data\*. >

[2008/03/12 18:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\ACD Systems

[2011/07/17 20:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Adobe

[2011/05/14 21:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\AdobeUM

[2010/11/21 13:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Apple Computer

[2011/04/16 19:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\BitZipper

[2003/04/06 20:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Creative

[2004/01/11 00:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\CyberLink

[2010/06/09 08:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Five

[2006/10/16 18:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Google

[2011/10/10 11:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\GrabPro

[2003/03/08 13:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Help

[2011/02/13 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\HpUpdate

[2003/02/19 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Identities

[2011/09/09 01:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\ImgBurn

[2007/10/27 20:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\InstallShield

[2003/03/09 16:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Jasc

[2003/09/15 23:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Jasc Software Inc

[2011/07/17 10:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Kiorim

[2006/06/21 23:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Leadertech

[2010/06/21 09:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\LG Electronics

[2004/05/24 15:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Macromedia

[2011/05/09 22:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Malwarebytes

[2003/05/04 22:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\MGI

[2011/08/17 16:25:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Lily\Application Data\Microsoft

[2007/11/04 15:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Motive

[2009/07/15 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Mozilla

[2010/07/11 17:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\MSN6

[2011/08/21 17:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Omcyax

[2011/10/10 11:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Orbit

[2011/10/10 11:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\ProgSense

[2010/08/19 20:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Qidy

[2006/04/17 21:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Real

[2011/04/16 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\RegistryKeys

[2007/07/13 17:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Roxio

[2005/04/10 16:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\SmartDraw

[2009/03/30 18:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Sun

[2011/06/23 13:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\SUPERAntiSpyware.com

[2003/02/19 12:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Symantec

[2003/03/06 17:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Template

[2003/07/04 21:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\The Labyrinth Plus! Edition

[2003/05/05 14:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Ulead Systems

[2011/05/04 17:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Visan

[2003/09/06 21:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Xara

[2010/02/19 11:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Application Data\Yahoo!

 

< %USERPROFILE%\Local Settings\*.* >

[2013/12/20 21:16:10 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Lily\Local Settings\DESKTOP.INI

 

< %USERPROFILE%\Local Settings\*. >

[2013/12/18 23:11:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data

[2009/07/22 11:30:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Lily\Local Settings\History

[2011/04/16 19:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\LocalLow

[2013/12/20 21:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Temp

[2013/11/23 00:19:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Lily\Local Settings\Temporary Internet Files

 

< %USERPROFILE%\Local Settings\Application Data\*.* >

[2011/09/28 13:15:28 | 000,336,048 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\bovqpeec.log

[2013/11/20 19:46:36 | 000,217,088 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/14 12:03:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\dhyrgyrt.log

[2003/03/08 12:49:27 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\fusioncache.dat

[2011/09/08 10:09:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\fviodyjm.log

[2011/09/29 12:10:26 | 000,238,464 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2011/09/30 08:57:25 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\hevsrclw.log

[2011/09/08 18:13:15 | 003,776,622 | -H-- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\IconCache.db

[2011/09/30 08:53:17 | 000,215,232 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\jusvlgrc.log

[2011/09/28 13:15:26 | 000,004,011 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\mnqntucr.log

[2012/09/18 01:31:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lily\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ

 

< %USERPROFILE%\Local Settings\Application Data\*. >

[2008/03/12 18:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\ACD Systems

[2013/06/14 23:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Adobe

[2007/11/10 13:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Apple

[2010/11/21 13:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Apple Computer

[2005/04/20 23:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\BVRP Software

[2003/03/27 23:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Dell

[2008/03/12 18:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Downloaded Installations

[2013/06/14 22:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\F-Secure

[2013/11/25 22:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Google

[2005/07/23 20:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Help

[2011/05/04 14:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\HP

[2003/12/30 21:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Identities

[2012/05/10 13:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Microsoft

[2009/07/15 21:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Mozilla

[2013/06/14 09:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\NPE

[2011/04/28 11:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Temp

[2011/05/09 23:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Webstyle

[2009/04/01 12:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\WMTools Downloaded Files

[2003/09/27 22:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Xara Online Dreamweaver Cache

[2010/03/08 15:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lily\Local Settings\Application Data\Yahoo

 

< %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\*.* >

 

< %AllUsersProfile%\*. >

[2013/12/20 12:45:59 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Application Data

[2013/12/17 23:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop

[2011/10/17 22:12:25 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Documents

[2010/07/01 20:18:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\DRM

[2003/02/19 11:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Favorites

[2011/08/27 13:52:09 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu

[2003/02/19 11:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Templates

 

< %AllUsersProfile%\*.exe /s >

[2011/03/21 13:54:52 | 003,003,784 | ---- | M] (Uniblue Systems Ltd                                                                                                                                                                                                                                                                                         ) -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe

[2009/08/17 22:29:44 | 000,857,560 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifier.exe

[2013/09/06 10:04:45 | 000,015,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\BT_CCFBASIC_1_WIN32_TP802M1\3\upgrade\DisableUpdateOfSecurityCenter.exe

[2013/09/06 10:04:45 | 000,018,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\BT_CCFBASIC_1_WIN32_TP802M1\3\upgrade\fslogcleaner.exe

[2013/09/06 10:04:45 | 000,150,464 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\All Users\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\BT_CCFBASIC_1_WIN32_TP802M1\3\upgrade\msitool.exe

[2013/01/18 10:06:40 | 000,483,312 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\All Users\Application Data\F-Secure\MySA\temp\fs_upgrade_handler\fs_upgrade_handler.exe

[2011/05/04 16:59:12 | 000,157,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe

[2011/05/04 16:59:12 | 000,301,224 | ---- | M] (Visan / RocketLife) -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\PhotoProductCore.exe

[2011/05/04 16:59:12 | 000,162,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\PhotoProductReg.exe

[2010/05/20 17:12:48 | 004,238,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\HP\HP Photosmart Plus B210 series\Help\flash\FlashPla.exe

[2011/06/20 20:07:36 | 009,435,312 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

[2010/04/07 03:50:42 | 003,693,160 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{019AF9D1-F437-4CF3-97B4-9F7399F84B89}\ytb_8.1.4.26_2.1.3_ysp_2.0.1.13_mail_bts_pub_us_setup_.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{0FA4C5A7-8E07-4DED-A1CE-B2E78A30CAF8}\yfix_2010.10.12.01.exe

[2010/04/07 03:50:42 | 003,693,160 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{144C83D5-222B-409E-B024-E80E62A14E8A}\ytb_8.1.4.26_2.1.3_ysp_2.0.1.13_mail_bts_pub_us_setup_.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{19A3CD0D-61D7-477B-9F8E-0C9119329C8E}\yfix_2010.10.12.01.exe

[2010/04/07 03:50:42 | 003,693,160 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{1D7152AB-63FD-4D65-9382-C3210E85290C}\ytb_8.1.4.26_2.1.3_ysp_2.0.1.13_mail_bts_pub_us_setup_.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{299324F4-5722-454E-96BF-CE8DC6459B73}\yfix_2010.10.12.01.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{2E6110CC-EF6B-4AB7-81DB-B3BE61BCC408}\yfix_2010.10.12.01.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{34918471-DD42-4097-8509-DC80870D077A}\yfix_2010.10.12.01.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{4886514B-F48B-4B97-AE65-151EC1A75130}\yfix_2010.10.12.01.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{52D422A5-7505-42D0-A9C2-E501BC70585B}\yfix_2010.10.12.01.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{5ADBD125-88A4-48B3-A7A9-B9800B8B6FA3}\yfix_2010.10.12.01.exe

[2010/04/07 03:50:42 | 003,693,160 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{682A38A0-DA53-47E8-84B5-6E512834C025}\ytb_8.1.4.26_2.1.3_ysp_2.0.1.13_mail_bts_pub_us_setup_.exe

[2010/04/07 03:50:42 | 003,693,160 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{895A9A6D-7C35-4378-A778-628D85734B9D}\ytb_8.1.4.26_2.1.3_ysp_2.0.1.13_mail_bts_pub_us_setup_.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{A15CE954-5C09-48C9-84A5-9FCBD346BDD7}\yfix_2010.10.12.01.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{A1DC9BAF-12B1-473F-8FA1-71EAA4A74968}\yfix_2010.10.12.01.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{AF7FB51A-C03E-4459-8BA4-97D48BED9EC2}\yfix_2010.10.12.01.exe

[2010/10/12 18:18:39 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{B16A7031-6691-4119-A7A2-50273DC80912}\yfix_2010.10.12.01.exe

[2010/04/07 03:50:36 | 003,693,160 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{B452D82F-78CE-4A24-9CDD-6900248E97B9}\ytb_8.1.4.26_2.1.3_ysp_2.0.1.13_mail_bts_pub_us_setup_.exe



#15 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:12 AM

Posted 20 December 2013 - 06:30 PM

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{CC42ACBE-254D-4F50-8869-929350FA8B7A}\yfix_2010.10.12.01.exe

[2010/10/12 18:18:42 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{D0192C5A-0C16-469C-8EBA-55F05E6D65FB}\yfix_2010.10.12.01.exe

[2010/10/12 18:18:47 | 000,077,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yahoo!\yau\{DAB9A9E6-81AC-4DA0-B87C-54C973413BDF}\yfix_2010.10.12.01.exe

[2009/11/10 16:08:16 | 000,607,544 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe

[2011/09/16 21:02:08 | 004,212,882 | ---- | M] (Swearware) -- C:\Documents and Settings\All Users\Documents\ComboFix.exe

[2011/09/16 21:04:07 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ik2ny7sq.exe

 

< %AllUsersProfile%\DRM\*.tmp >

 

< %AllUsersProfile%\Application Data\*.* >

[2002/09/03 08:50:46 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

[2007/11/10 13:35:58 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

 

< %AllUsersProfile%\Application Data\*. >

[2013/04/17 00:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5856326AF11C49CA00005855DA1A4F02

[2008/03/12 18:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2011/07/17 20:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2007/11/10 13:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2010/11/21 13:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2003/02/19 12:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2003/02/19 12:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell

[2007/11/05 13:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success

[2011/04/16 19:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2013/06/14 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2011/04/16 22:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2010/07/11 01:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2009/08/28 09:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater

[2010/06/28 19:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2013/07/11 23:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2011/02/09 22:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP

[2011/05/04 16:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations

[2010/02/18 21:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hps

[2011/05/09 22:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/07/05 23:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

[2012/05/10 13:25:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2007/10/02 11:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive

[2003/03/08 12:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6

[2011/09/28 23:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton

[2011/07/06 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS

[2003/05/05 13:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2003/02/19 12:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio

[2003/02/19 12:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2011/06/23 13:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/08/30 16:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2003/05/05 13:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2011/05/04 17:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

[2011/06/21 21:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2010/02/18 21:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!

[2013/05/16 17:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2010/10/23 20:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/04/17 16:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}

 

< %AllUsersProfile%\Documents\*.exe /s >

[2011/09/16 21:02:08 | 004,212,882 | ---- | M] (Swearware) -- C:\Documents and Settings\All Users\Documents\ComboFix.exe

[2011/09/16 21:04:07 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ik2ny7sq.exe

 

< %CommonProgramFiles%\*.exe >

 

< %CommonProgramFiles%\ComObjects\*.* >

 

< %PROGRAMFILES%\*.* >

 

< %PROGRAMFILES%\*. >

[2008/03/12 18:54:01 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems

[2011/07/17 20:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe

[2003/03/09 22:48:39 | 000,000,000 | ---D | M] -- C:\Program Files\Aludra Software

[2010/10/23 19:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update

[2011/09/30 11:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Wizard 3.1

[2011/08/21 21:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\BitZipper

[2011/09/30 11:01:38 | 000,000,000 | ---D | M] -- C:\Program Files\BOB Books

[2010/01/19 00:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\Bob Designer

[2007/10/27 20:45:46 | 000,000,000 | ---D | M] -- C:\Program Files\British Telecom

[2009/07/15 21:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom

[2011/09/30 11:00:26 | 000,000,000 | ---D | M] -- C:\Program Files\BT Broadband Talk Softphone

[2013/06/14 22:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\BT Cloud

[2011/09/30 10:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\btbb_wcm

[2007/10/27 20:45:27 | 000,000,000 | ---D | M] -- C:\Program Files\BTTotalBroadband220V

[2011/09/30 10:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\Classic PhoneTools

[2013/12/17 23:26:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files

[2004/09/19 16:25:54 | 000,000,000 | ---D | M] -- C:\Program Files\Compton's Home Library

[2011/03/11 00:04:07 | 000,000,000 | ---D | M] -- C:\Program Files\Cosmo Virtual Makeover 2 Deluxe

[2003/02/19 12:41:51 | 000,000,000 | ---D | M] -- C:\Program Files\Creative

[2003/02/19 12:37:14 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink

[2011/09/30 10:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Data Caching

[2003/02/19 12:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\Dell

[2003/02/19 12:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Computer

[2011/09/30 10:49:26 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect

[2010/11/21 13:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Driving Test Success 2003-2004

[2010/11/21 13:32:43 | 000,000,000 | ---D | M] -- C:\Program Files\Driving Test Success Practical

[2011/06/21 19:55:38 | 000,000,000 | ---D | M] -- C:\Program Files\ESET

[2007/11/12 19:15:06 | 000,000,000 | ---D | M] -- C:\Program Files\FLV Player

[2011/09/30 10:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Format Shell

[2013/11/25 22:56:34 | 000,000,000 | ---D | M] -- C:\Program Files\Google

[2004/06/21 21:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\GSP

[2003/03/09 22:46:02 | 000,000,000 | ---D | M] -- C:\Program Files\Guildhall Leisure

[2010/06/28 18:28:09 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5

[2011/02/13 18:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\HP

[2011/04/17 16:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\HP Celebrations

[2011/04/17 14:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\HP Celebrations(2)

[2011/05/04 16:56:41 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photo Creations

[2011/09/30 10:47:05 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn

[2007/09/11 12:30:35 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield

[2011/03/10 22:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information

[2003/02/19 12:36:41 | 000,000,000 | ---D | M] -- C:\Program Files\intel

[2004/03/22 14:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\Intense Language Office

[2010/11/21 13:23:15 | 000,000,000 | ---D | M] -- C:\Program Files\Internet

[2013/12/13 13:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2006/05/03 14:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc

[2009/07/16 08:35:44 | 000,000,000 | ---D | M] -- C:\Program Files\Java

[2003/03/06 16:38:09 | 000,000,000 | ---D | M] -- C:\Program Files\JavaSoft

[2004/02/20 22:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark

[2004/02/20 22:35:08 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Z700-P700 Series

[2010/06/21 10:00:36 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics

[2003/09/15 00:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia

[2013/12/13 15:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/02/08 16:04:03 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis

[2011/09/30 10:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger

[2011/09/30 10:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\MFInstall

[2011/03/11 00:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\MGI

[2011/09/30 10:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Micrografx

[2012/05/10 13:43:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft

[2003/03/06 22:58:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync

[2003/03/20 21:39:11 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage

[2008/02/23 18:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2003/07/04 20:47:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus!

[2011/09/30 06:19:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition

[2013/12/18 22:05:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight

[2003/03/06 22:57:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio

[2011/09/30 07:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works

[2011/09/30 07:26:43 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper

[2007/10/27 20:30:52 | 000,000,000 | ---D | M] -- C:\Program Files\Motive

[2011/09/30 05:18:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2010/11/21 13:24:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox

[2003/03/08 12:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSN

[2003/02/19 11:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone

[2009/07/27 16:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting

[2003/02/19 11:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services

[2011/09/30 05:19:57 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2011/09/30 07:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime

[2003/03/06 22:19:25 | 000,000,000 | ---D | M] -- C:\Program Files\Real

[2003/02/19 12:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio

[2003/03/06 16:14:16 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft

[2004/09/12 14:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\Serif

[2003/07/04 20:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\SoftCAD

[2003/02/19 12:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic

[2003/05/05 13:36:41 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems

[2013/07/01 13:46:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2011/09/30 08:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\USB Card Reader

[2011/09/30 08:08:43 | 000,000,000 | ---D | M] -- C:\Program Files\VideoCacheView

[2011/09/30 08:08:43 | 000,000,000 | ---D | M] -- C:\Program Files\Visioneer OneTouch

[2005/01/14 19:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\Wanadoo

[2011/09/30 08:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\WebPainter

[2011/06/22 00:29:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender

[2004/02/26 13:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Bonus Pack for Windows XP

[2004/02/26 12:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components

[2011/09/30 09:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2009/07/27 16:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2011/09/02 12:06:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Resource Kits

[2010/11/21 13:19:17 | 000,000,000 | ---D | M] -- C:\Program Files\Xara

[2003/02/19 11:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\XEROX

[2010/11/21 13:22:25 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

[2007/11/12 21:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\ZD Soft

[2011/07/17 20:23:16 | 000,000,000 | ---D | M] -- C:\Program Files\ZillaTube

 

< %systemroot%\system32\config\systemprofile\*.* >

[2003/02/19 12:22:36 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat

[2013/12/18 22:21:50 | 000,001,024 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG

 

< %systemroot%\system32\config\systemprofile\*. >

[2003/02/19 12:49:57 | 000,000,000 | R--D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data

[2013/12/14 20:18:31 | 000,000,000 | -HSD | M] -- C:\WINDOWS\system32\config\systemprofile\Cookies

[2003/03/20 21:39:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Desktop

[2003/02/19 11:56:44 | 000,000,000 | R--D | M] -- C:\WINDOWS\system32\config\systemprofile\Favorites

[2009/07/27 17:05:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\system32\config\systemprofile\IETldCache

[2013/07/22 19:11:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Local Settings

[2003/02/19 12:43:44 | 000,000,000 | R--D | M] -- C:\WINDOWS\system32\config\systemprofile\My Documents

[2003/02/19 11:56:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\NetHood

[2003/02/19 11:56:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\PrintHood

[2003/02/19 11:56:44 | 000,000,000 | R--D | M] -- C:\WINDOWS\system32\config\systemprofile\Recent

[2003/02/19 12:52:32 | 000,000,000 | R--D | M] -- C:\WINDOWS\system32\config\systemprofile\SendTo

[2003/02/19 11:56:44 | 000,000,000 | R--D | M] -- C:\WINDOWS\system32\config\systemprofile\Start Menu

[2003/02/19 11:56:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Templates

 

< %systemroot%\system32\config\systemprofile\*.exe /s >

 

< %systemroot%\system32\config\systemprofile\Application Data\*.* >

[2002/09/03 08:50:46 | 000,000,062 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\DESKTOP.INI

 

< %systemroot%\system32\config\systemprofile\Application Data\*. >

[2003/02/19 11:56:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Identities

[2009/07/22 11:24:54 | 000,000,000 | --SD | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft

[2003/02/19 12:43:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Roxio

[2003/02/19 12:49:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec

 

< %systemroot%\system32\config\systemprofile\Local Settings\*.* >

[2003/02/19 12:52:19 | 000,000,062 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\DESKTOP.INI

 

< %systemroot%\system32\config\systemprofile\Local Settings\*. >

[2011/06/22 11:18:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

[2003/02/19 12:52:55 | 000,000,000 | -HSD | M] -- C:\WINDOWS\system32\config\systemprofile\Local Settings\History

[2013/07/22 19:11:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Local Settings\temp

[2013/06/13 20:04:38 | 000,000,000 | -HSD | M] -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files

 

< %systemroot%\system32\config\systemprofile\Local Settings\Application Data\*.* >

[2003/02/19 12:48:11 | 000,044,648 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2003/02/19 12:52:57 | 003,245,900 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IconCache.db

 

< %systemroot%\system32\config\systemprofile\Local Settings\Application Data\*. >

[2007/11/12 23:00:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Apple

[2003/02/19 12:36:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory

[2011/06/01 20:03:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google

[2003/02/19 11:56:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft

[2011/06/22 11:18:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software

 

< C:\Documents and Settings\Default User\*.exe /s >

[2002/08/29 05:00:00 | 000,000,065 | R--- | C] () -- C:\WINDOWS\Tasks\DESKTOP.INI

[2003/02/19 12:26:20 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT

[2010/02/23 17:32:38 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

[2010/02/23 17:32:39 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

[2013/06/12 15:05:06 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

 

< C:\Documents and Settings\Default User\Application Data\*.* >

[2002/09/03 08:50:46 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Application Data\DESKTOP.INI

 

< C:\Documents and Settings\Default User\Application Data\*. >

[2003/02/19 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities

[2003/02/19 12:35:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft

[2003/02/19 12:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Roxio

[2003/02/19 12:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Symantec

 

< C:\Documents and Settings\Default User\Local Settings\*.* >

[2003/02/19 12:52:19 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Local Settings\DESKTOP.INI

 

< C:\Documents and Settings\Default User\Local Settings\*. >

[2003/02/19 12:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Local Settings\Application Data

[2011/11/22 18:13:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Default User\Local Settings\History

[2003/02/19 12:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Local Settings\Temp

[2011/11/22 18:13:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files

 

< C:\Documents and Settings\Default User\Local Settings\Application Data\*.* >

[2003/02/19 12:48:11 | 000,044,648 | ---- | M] () -- C:\Documents and Settings\Default User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2003/02/19 12:52:57 | 003,245,900 | ---- | M] () -- C:\Documents and Settings\Default User\Local Settings\Application Data\IconCache.db

 

< C:\Documents and Settings\Default User\Local Settings\Application Data\*. >

[2003/02/19 12:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Local Settings\Application Data\ApplicationHistory

[2003/02/19 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft

 

< C:\Documents and Settings\LocalService\*.exe /s >

 

< C:\Documents and Settings\LocalService\*.* >

[2013/12/20 14:43:27 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2013/12/20 21:16:54 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG

[2002/09/03 09:05:20 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\LocalService\NTUSER.INI

 

< C:\Documents and Settings\LocalService\Application Data\*.* >

 

< C:\Documents and Settings\LocalService\Application Data\*. >

[2013/04/17 00:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2003/09/13 16:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help

[2013/06/12 14:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/03/07 15:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2011/02/13 18:05:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

 

< C:\Documents and Settings\LocalService\Local Settings\*.* >

[2013/12/20 21:16:02 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\LocalService\Local Settings\DESKTOP.INI

 

< C:\Documents and Settings\LocalService\Local Settings\*. >

[2011/09/30 00:51:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data

[2003/03/06 15:44:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService\Local Settings\History

[2013/07/22 19:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\temp

[2011/09/23 11:54:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files

 

< C:\Documents and Settings\LocalService\Local Settings\Application Data\*.* >

[2011/09/28 12:46:16 | 000,336,048 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\bovqpeec.log

[2011/09/28 12:46:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\dhyrgyrt.log

[2011/09/28 13:12:56 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\hevsrclw.log

[2011/09/28 13:06:26 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\jusvlgrc.log

[2011/09/28 12:46:13 | 000,004,011 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\mnqntucr.log

 

< C:\Documents and Settings\LocalService\Local Settings\Application Data\*. >

[2011/04/28 14:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2003/09/13 16:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help

[2011/03/30 09:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2011/09/30 00:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth

[2011/09/29 17:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xweogawk

 

< C:\Documents and Settings\LocalService\Local Settings\temp\*.tlb >

 

< C:\Documents and Settings\NetworkService\*.exe /s >

 

< C:\Documents and Settings\NetworkService\*.* >

[2013/12/20 14:43:27 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2013/12/20 21:16:54 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[2002/09/03 09:05:20 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.INI

 

< C:\Documents and Settings\NetworkService\Application Data\*.* >

 

< C:\Documents and Settings\NetworkService\Application Data\*. >

[2013/05/16 15:03:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2010/03/22 23:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!

 

< C:\Documents and Settings\NetworkService\Local Settings\*.* >

[2013/12/20 21:15:58 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\DESKTOP.INI

 

< C:\Documents and Settings\NetworkService\Local Settings\*. >

[2011/10/08 10:19:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data

[2009/08/31 22:00:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService\Local Settings\History

[2013/07/22 19:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\temp

[2013/06/17 19:35:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files

 

< C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.* >

 

< C:\Documents and Settings\NetworkService\Local Settings\Application Data\*. >

[2009/08/31 22:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2011/04/28 12:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2011/10/01 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2011/10/08 10:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

 

< C:\Documents and Settings\NetworkService\Local Settings\temp\*.tlb >

 

< C:\Documents and Settings\Guest Access\*.exe /s >

 

< C:\Documents and Settings\Guest Access\*.* >

 

< C:\Documents and Settings\Guest Access\Application Data\*.* >

 

< C:\Documents and Settings\Guest Access\Application Data\*. >

 

< C:\Documents and Settings\Guest Access\Local Settings\*.* >

 

< C:\Documents and Settings\Guest Access\Local Settings\*. >

 

< C:\Documents and Settings\Guest Access\Local Settings\Application Data\*.* >

 

< C:\Documents and Settings\Guest Access\Local Settings\Application Data\*. >

 

< %windir%\temp\*.exe /s >

 

< %windir%\*. >

[2013/05/15 10:18:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\$hf_mig$

[2009/01/12 16:52:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

[2009/07/27 16:30:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtServicePackUninstall$

[2011/05/09 22:55:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2079403$

[2010/08/12 02:20:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2115168$

[2010/09/15 11:56:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2121546$

[2010/09/15 11:53:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2141007$

[2010/09/29 23:53:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2158563$

[2010/08/12 02:17:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2160329$

[2013/12/14 10:34:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2229593$

[2010/09/15 11:56:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2259922$

[2013/06/12 19:16:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2279986$

[2010/08/03 23:14:38 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2286198$

[2010/10/14 23:37:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2296011$

[2010/12/18 03:06:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2296199$

[2010/10/14 23:38:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2345886$

[2010/09/15 11:56:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2347290$

[2010/10/14 23:33:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2360937$

[2010/10/14 23:37:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2378111_WM9$

[2010/10/14 23:38:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2387149$

[2011/02/10 03:02:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2393802$

[2011/04/15 02:08:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2412687$

[2011/01/13 03:03:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2419632$

[2010/12/18 03:01:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2423089$

[2010/12/18 03:05:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2436673$

[2010/12/18 03:05:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2440591$

[2010/12/18 03:06:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2443105$

[2011/08/21 17:05:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2443685$

[2010/12/18 03:04:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2447961_WM9L$

[2010/12/18 03:05:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2467659$

[2011/06/16 16:40:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2476490$

[2011/02/10 03:02:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2476687$

[2011/02/10 03:02:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2478960$

[2011/02/10 03:07:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2478971$

[2011/02/10 03:07:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2479628$

[2011/03/10 01:17:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2479943$

[2011/03/10 01:15:12