Soft virus

View previous topic View next topic Go down

Soft virus

Post by Ronnieballs on 1st June 2010, 9:46 pm

Hi , I had that soft virus thing and found this site and downloaded the malwarebytes antivirus program and it got rid of all the fake security alerts, now some of my programs wont launch from my desk top, I cnat get yahoo messenger to load or some of my sons games like Pirates of the Caribean online, they start loading then they just stop..
Any ideas what I may have or may be doing wrong? Keep in mind I dont know alot about computers and such lol I can look up some things on the net and thats about it,
Thanks
Ron

Ronnieballs
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-06-01
Gender Gender : Male
OS OS : vista
Points Points : 24113
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Crush on 2nd June 2010, 3:13 am

Welcome to GeekPolice.net.

My name is Crush but, you can call me Chris too , and I will do my best to help get your problem resolved today.

I am currently a student in GeekPolice Academy, and will be a little delayed on each reply, as my instructors must review and approve each reply.

[You must be registered and logged in to see this link.]

If you have any questions, please ask, and I will do my best to get to the question promptly.

Please wait here, while I get the first set of instructions for you.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Crush on 2nd June 2010, 6:40 am

Hi,

Download [You must be registered and logged in to see this link.] to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time


=========

Additionally, I will need the Malwarebytes log. You can find it by opening MBAM, navigating to the Logs tab, and double clicking on the relevant log. It will open in notepad and you can copy and paste it back here

Things to include in your reply:
OTL Log
MBAM Log

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Ronnieballs on 2nd June 2010, 12:56 pm

Thanks for the reply Chris, Here is the notepad log I will post the others shortly,
Thanks
Ron
OTL logfile created on: 6/2/2010 8:35:42 AM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Dad\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.27 Gb Total Space | 345.41 Gb Free Space | 75.70% Space Free | Partition Type: NTFS
Drive D: | 9.49 Gb Total Space | 1.29 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAD-PC
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/02 08:35:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL(2).exe
PRC - [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/30 21:22:40 | 002,329,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/02/13 18:15:48 | 001,986,896 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/11/29 04:54:06 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/12 20:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 08:35:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL(2).exe
MOD - [2006/11/02 05:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/23 17:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/23 10:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/07/19 10:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/07/19 10:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007/11/29 04:54:05 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/07/12 20:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/03/12 15:31:07 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/12 15:31:07 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/12 15:31:07 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/07/19 10:37:42 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/07/19 10:36:03 | 000,051,280 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2008/07/19 10:35:18 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/07/19 10:33:42 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/07/19 10:32:36 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 06:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/05/02 23:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/25 09:44:24 | 002,307,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/15 19:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/03 06:44:00 | 000,091,648 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/12 12:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {399d96ca-6f9a-4fff-95fe-284e45ebb935} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.fishlore.com/fishforum/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Yahoo"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 21:16:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/05 21:16:31 | 000,000,000 | ---D | M]

[2008/08/26 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2010/06/01 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\extensions
[2009/09/02 17:48:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/14 07:51:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/24 09:00:36 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/01/01 11:25:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/11/08 07:48:27 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/01 20:58:16 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\extensions\runtime@panda3d.org
[2009/11/24 09:00:43 | 000,004,554 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\searchplugins\aim-search.xml
[2009/07/17 18:18:29 | 000,005,413 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\searchplugins\fast-browser-search.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\searchplugins\MySpace.xml
[2008/12/05 20:19:05 | 000,003,915 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\eb1xvphn.default\searchplugins\sweetim.xml
[2009/12/02 04:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Dad\Documents\neat pic.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dad\Documents\neat pic.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/29 05:48:02 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 07:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/01 20:58:23 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Panda3D
[2010/06/01 16:44:38 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Malwarebytes
[2010/06/01 16:44:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/01 16:44:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/01 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/01 16:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/01 12:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/06/01 12:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/06/01 11:52:01 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\wvnpsrplc
[2010/05/25 17:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\The Creative Assembly
[2010/03/11 17:16:45 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Marine Aquarium 3
[2010/03/11 17:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Marine Aquarium

========== Files - Modified Within 90 Days ==========

[2010/06/02 08:35:30 | 002,621,440 | -HS- | M] () -- C:\Users\Dad\ntuser.dat
[2010/06/02 08:28:29 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 08:28:29 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 00:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/06/01 19:16:22 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\cedlp.sys
[2010/06/01 17:33:25 | 000,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/01 17:33:25 | 000,626,738 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/01 17:33:25 | 000,107,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/01 17:29:03 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/01 17:29:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/01 17:28:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/01 17:27:28 | 001,712,994 | -H-- | M] () -- C:\Users\Dad\AppData\Local\IconCache.db
[2010/06/01 16:44:32 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 12:55:34 | 000,047,659 | ---- | M] () -- C:\Users\Dad\AppData\Local\syssvc.exe
[2010/05/25 17:41:34 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk
[2010/05/25 17:41:34 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2010/05/01 21:04:43 | 000,000,372 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\wklnhst.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/19 21:13:11 | 000,031,232 | ---- | M] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/11 17:15:40 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Marine Aquarium 3.lnk

========== Files Created - No Company Name ==========

[2010/06/01 19:16:22 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\cedlp.sys
[2010/06/01 16:44:32 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 11:54:26 | 000,047,659 | ---- | C] () -- C:\Users\Dad\AppData\Local\syssvc.exe
[2010/05/25 17:41:34 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk
[2010/05/25 17:41:34 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2010/03/11 17:15:40 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Marine Aquarium 3.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/24 21:06:18 | 000,000,075 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2008/03/25 09:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2007/11/29 05:34:12 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/11/29 05:34:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1332.dll
[2007/11/29 05:34:12 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/11/29 05:22:30 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/29 05:22:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/11/24 08:58:27 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\acccore
[2009/02/01 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\DriverCure
[2008/09/06 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\GetRightToGo
[2009/05/11 05:06:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\IObit
[2009/04/17 09:59:41 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\LimeWire
[2010/03/11 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Marine Aquarium 3
[2008/04/10 04:36:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\MSNInstaller
[2008/08/01 13:05:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\PlayFirst
[2008/05/22 21:37:12 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Snapfish
[2009/11/04 12:50:57 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Template
[2009/03/19 08:37:19 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Turbine
[2009/05/11 05:36:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Uniblue
[2008/05/26 20:04:36 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WinBatch
[2010/06/01 17:29:03 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/06/01 17:27:33 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/02 00:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

Ronnieballs
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-06-01
Gender Gender : Male
OS OS : vista
Points Points : 24113
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Ronnieballs on 2nd June 2010, 12:56 pm

part 2
< c:\$recycle.bin\*.* /s >
[2009/09/22 12:12:28 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-20\desktop.ini
[2007/11/29 05:20:55 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-157222645-202247039-1304757861-500\desktop.ini
[2010/03/29 15:37:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I09KIOC.JPG
[2010/03/29 15:36:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I0QTZIA.JPG
[2010/03/29 15:36:36 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I1YJVS7.JPG
[2010/03/29 15:40:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I23UDVX.JPG
[2010/03/24 15:21:13 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I2T7JIK.JPG
[2010/03/29 15:37:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I3BIDG3.JPG
[2010/03/29 15:37:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I3FXCXD.JPG
[2010/03/29 15:36:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I3NBJ9N.JPG
[2010/03/29 15:41:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I3O6AKQ.JPG
[2010/03/29 15:40:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I45RYDV.JPG
[2010/03/30 14:50:59 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I53XQXI.JPG
[2010/03/30 14:59:37 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I5OZF84
[2010/03/29 15:39:59 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I6T2PHQ.gif
[2010/03/24 15:21:00 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I6VMIRV.JPG
[2010/03/29 15:48:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I73SKD7.JPG
[2010/03/29 15:36:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I7IOUPF.JPG
[2010/03/30 14:53:30 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I7JSIOV.JPG
[2010/03/29 15:36:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I7OCACE.JPG
[2010/03/30 14:53:56 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I83QMJX.JPG
[2010/03/29 15:48:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I879Y41.JPG
[2010/03/30 14:56:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I8I8GPE
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I8K00DJ.JPG
[2010/03/30 14:47:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I8MQFIN.JPG
[2010/03/29 15:37:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I8VIRT2.JPG
[2010/03/29 15:41:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I8Y80X8
[2010/03/30 14:47:10 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I9BFVUE.JPG
[2010/03/29 15:40:08 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I9JTRDV.jpg
[2010/03/29 15:43:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$I9Y9V7C.JPG
[2010/03/29 15:36:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IA8Y4GI.JPG
[2010/03/30 14:47:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IAMHN8X.JPG
[2010/03/30 14:51:06 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IAUJVEB.JPG
[2010/03/30 14:57:27 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IBDNIPV.JPG
[2010/03/29 15:40:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IBQ0QUZ.JPG
[2010/03/29 15:44:00 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IBZM7H3.lnk
[2010/03/29 15:36:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IC5RVWI.JPG
[2010/03/30 14:46:58 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ICD1QAH.JPG
[2010/03/29 15:43:08 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ICHJLYZ.JPG
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ICJAZCT.JPG
[2010/03/29 15:40:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ICY7MUZ.JPG
[2010/03/29 15:47:46 | 000,000,544 | ---- | M] () \$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IDMD5LV.JPG -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IDMD5LV.JPG
[2010/03/29 15:36:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IDQI9PX.JPG
[2010/03/29 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IDSKR7S.JPG
[2010/03/29 15:38:49 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IE0B7MO.JPG
[2010/03/30 14:47:23 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IE29XTH.JPG
[2010/03/29 15:40:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IFDX3FU.JPG
[2010/03/29 15:43:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IFGMAQR.JPG
[2010/03/30 14:57:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IFKRGJG.JPG
[2010/03/29 15:40:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IG4U5IV.gif
[2010/03/29 15:42:25 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IGSV1B2.JPG
[2010/03/30 14:47:25 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IGSX7Y2.JPG
[2010/03/29 15:41:04 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IGTODI9.JPG
[2010/03/29 15:48:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IH1SB75.JPG
[2010/03/30 14:52:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IHEL9HS.JPG
[2010/03/24 15:21:06 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$II3NIZB.JPG
[2010/03/29 15:36:43 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$II6178V.JPG
[2010/03/29 15:36:58 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IJNMUWI.JPG
[2010/03/24 15:21:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IKCGVNP.JPG
[2010/03/30 14:51:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IKIKYIN.JPG
[2010/03/24 15:21:08 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IKK6O65.JPG
[2010/03/29 15:38:34 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IKRZGSO.JPG
[2010/03/24 15:03:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IKZTU8L.JPG
[2010/03/29 15:38:37 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IL2FFXY.JPG
[2010/03/29 15:40:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ILAD22C.JPG
[2010/03/29 15:36:27 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ILGP6HM.JPG
[2010/03/29 15:38:18 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ILXV1RG.JPG
[2010/03/29 15:36:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IM13WCM.JPG
[2010/03/30 14:52:25 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IM96TON.JPG
[2010/03/30 14:57:35 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IMFBFTR.JPG
[2010/03/29 15:38:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IMVSW5U.JPG
[2010/03/24 15:03:34 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IN3GHJC.JPG
[2010/03/24 15:22:05 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IN41R3X.JPG
[2010/03/30 14:51:20 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IN442T6.JPG
[2010/03/29 15:36:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IN62N7X.JPG
[2010/03/30 14:47:07 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$INWU238.JPG
[2010/03/24 15:21:17 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IO2LE7T.JPG
[2010/03/30 14:49:57 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IOAMHUX.JPG
[2010/03/29 15:38:25 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IOIYOAP.JPG
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IPLG8DD.JPG
[2010/03/30 14:57:30 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IPXUGV8.JPG
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IQ4EX6J.JPG
[2010/03/29 15:38:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IQ4M5B6.JPG
[2010/03/24 15:21:19 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IQ9ZCHN.JPG
[2010/03/29 15:37:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IR8PDGQ.JPG
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IRPT0F9.JPG
[2010/03/30 14:47:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IS0NCHZ.JPG
[2010/03/30 14:57:33 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ISR4V9K.JPG
[2010/03/29 15:35:59 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IT2PPK4.JPG
[2010/03/30 14:47:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IT6N4GL.JPG
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ITUHX0S.JPG
[2010/03/30 14:47:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IU0J68U.jpg
[2010/03/24 15:03:40 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IU4W0SG.JPG
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IU9FC5E.JPG
[2010/03/29 15:38:15 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IU9KQG2.JPG
[2010/03/29 15:36:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IUCIKXP.JPG
[2010/03/30 14:47:15 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IUXUZ4L.JPG
[2010/03/29 15:40:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IV99OZC.JPG
[2010/03/29 15:44:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IVAOJAN.bmp
[2010/03/30 14:47:18 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IVBUY81.JPG
[2010/03/29 15:36:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IVOW8NR.JPG
[2010/03/30 14:50:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IVPSTYO.AVI
[2008/07/29 04:27:55 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IW6AK05.exe
[2010/03/24 15:20:56 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IWARC4D.JPG
[2010/03/29 15:36:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IWEPPW6.JPG
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IWOGVFX.JPG
[2010/03/29 15:37:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IXT9L09.JPG
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IXW6DX9.JPG
[2010/03/29 15:40:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IY1MKVM.JPG
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IYCH1PI.JPG
[2010/03/29 15:36:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IYDMNZ7.JPG
[2010/03/30 14:57:40 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IYHJGKH.JPG
[2010/03/29 15:37:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$IZMCR0X.JPG
[2009/10/12 09:38:42 | 002,233,895 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R09KIOC.JPG
[2009/10/27 06:39:52 | 002,964,626 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R0QTZIA.JPG
[2009/10/27 06:39:16 | 002,800,967 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R1YJVS7.JPG
[2009/09/05 13:10:38 | 002,440,339 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R23UDVX.JPG
[2010/03/24 09:14:02 | 003,029,542 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R2T7JIK.JPG
[2009/10/12 18:11:52 | 000,782,256 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R3BIDG3.JPG
[2009/10/12 18:10:15 | 000,840,857 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R3FXCXD.JPG
[2009/12/10 09:56:18 | 002,292,488 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R3NBJ9N.JPG
[2009/06/06 12:17:57 | 000,788,895 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R3O6AKQ.JPG
[2009/10/13 05:58:36 | 002,312,980 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R45RYDV.JPG
[2008/05/31 04:42:30 | 000,692,432 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R53XQXI.JPG
[2009/11/01 05:56:43 | 000,949,313 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R6T2PHQ.gif
[2010/03/24 09:09:42 | 001,810,216 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R6VMIRV.JPG
[2009/02/08 23:35:28 | 002,918,984 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R73SKD7.JPG
[2009/12/11 10:46:06 | 002,013,610 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R7IOUPF.JPG
[2008/06/15 04:29:30 | 000,569,654 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R7JSIOV.JPG
[2009/11/28 22:51:50 | 002,795,120 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R7OCACE.JPG
[2008/06/07 05:25:12 | 000,895,864 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R83QMJX.JPG
[2009/06/06 12:56:59 | 000,679,723 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R879Y41.JPG
[2010/03/24 09:17:18 | 001,686,443 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R8K00DJ.JPG
[2009/08/16 17:20:40 | 002,238,003 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R8MQFIN.JPG
[2009/10/13 05:58:36 | 002,312,980 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R8VIRT2.JPG
[2009/01/06 15:47:26 | 002,680,988 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R9BFVUE.JPG
[2009/09/21 02:26:19 | 000,066,434 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R9JTRDV.jpg
[2009/08/16 17:20:24 | 002,430,207 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R9Y9V7C.JPG
[2009/12/10 10:57:46 | 002,877,912 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RA8Y4GI.JPG
[2009/01/06 15:45:00 | 002,480,612 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RAMHN8X.JPG
[2008/05/31 04:42:22 | 000,856,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RAUJVEB.JPG
[2009/02/16 01:32:06 | 002,952,995 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RBDNIPV.JPG
[2009/09/05 12:54:42 | 002,194,631 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RBQ0QUZ.JPG
[2010/03/29 15:43:57 | 000,000,699 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RBZM7H3.lnk
[2009/12/09 17:33:54 | 002,771,926 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RC5RVWI.JPG
[2009/01/06 15:49:56 | 002,376,508 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RCD1QAH.JPG
[2009/08/22 18:16:14 | 002,144,350 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RCHJLYZ.JPG
[2009/10/27 05:42:48 | 002,467,671 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RCJAZCT.JPG
[2009/10/12 09:38:42 | 002,233,895 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RCY7MUZ.JPG
[2009/06/06 12:54:46 | 000,807,028 | ---- | M] () \$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RDMD5LV.JPG -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RDMD5LV.JPG
[2009/12/10 09:56:02 | 002,958,026 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RDQI9PX.JPG
[2009/06/06 12:55:52 | 000,751,993 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RDSKR7S.JPG
[2009/08/16 17:22:00 | 002,671,224 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RE0B7MO.JPG
[2009/01/06 15:44:54 | 002,556,972 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RE29XTH.JPG
[2009/10/12 18:12:52 | 000,751,612 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RFDX3FU.JPG
[2009/08/16 17:21:12 | 002,345,013 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RFGMAQR.JPG
[2009/02/16 01:33:28 | 002,917,978 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RFKRGJG.JPG
[2009/09/16 07:34:07 | 001,602,393 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RG4U5IV.gif
[2009/06/06 12:18:32 | 000,765,682 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RGSV1B2.JPG
[2009/10/21 08:11:09 | 000,425,248 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RGSX7Y2.JPG
[2009/06/06 12:17:24 | 000,985,491 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RGTODI9.JPG
[2009/02/09 06:50:50 | 002,887,834 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RH1SB75.JPG
[2008/06/08 07:35:00 | 000,900,507 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RHEL9HS.JPG
[2010/03/24 09:12:46 | 002,872,314 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RI3NIZB.JPG
[2009/12/10 10:57:22 | 003,173,503 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RI6178V.JPG
[2009/12/15 17:24:08 | 000,773,330 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RJNMUWI.JPG
[2010/03/24 09:11:54 | 002,812,114 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RKCGVNP.JPG
[2008/05/31 04:42:50 | 000,783,816 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RKIKYIN.JPG
[2010/03/24 09:12:58 | 002,889,183 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RKK6O65.JPG
[2009/08/16 17:22:12 | 002,772,011 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RKRZGSO.JPG
[2009/12/15 12:18:02 | 000,789,379 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RKZTU8L.JPG
[2009/08/16 17:19:48 | 002,240,841 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RL2FFXY.JPG
[2009/10/12 18:11:52 | 000,782,256 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RLAD22C.JPG
[2009/11/28 22:52:44 | 002,547,824 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RLGP6HM.JPG
[2009/09/22 12:16:14 | 001,048,633 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RLXV1RG.JPG
[2009/11/28 22:52:26 | 002,540,331 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RM13WCM.JPG
[2008/06/09 10:11:28 | 000,854,585 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RM96TON.JPG
[2009/02/16 01:33:14 | 003,004,583 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RMFBFTR.JPG
[2009/08/22 18:16:50 | 002,194,845 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RMVSW5U.JPG
[2010/03/24 09:00:58 | 000,537,043 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RN3GHJC.JPG
[2010/03/24 09:16:10 | 001,997,093 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RN41R3X.JPG
[2008/06/07 04:25:08 | 000,891,820 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RN442T6.JPG
[2009/12/09 17:34:06 | 002,789,057 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RN62N7X.JPG
[2009/01/06 15:47:56 | 003,037,860 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RNWU238.JPG
[2010/03/24 09:14:12 | 003,018,955 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RO2LE7T.JPG
[1979/11/30 01:00:00 | 000,966,998 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ROAMHUX.JPG
[2009/09/26 22:03:02 | 002,969,007 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$ROIYOAP.JPG
[2009/10/27 05:43:02 | 002,849,682 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RPLG8DD.JPG
[2009/02/16 01:32:24 | 003,052,192 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RPXUGV8.JPG
[2009/10/27 05:42:06 | 003,087,725 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RQ4EX6J.JPG
[2009/09/26 22:03:16 | 002,332,123 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RQ4M5B6.JPG
[2010/03/24 09:14:52 | 002,842,003 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RQ9ZCHN.JPG
[2009/10/12 18:09:25 | 000,950,812 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RR8PDGQ.JPG
[2010/03/24 15:25:52 | 000,133,780 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RRPT0F9.JPG
[2009/01/06 15:49:48 | 002,300,804 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RS0NCHZ.JPG
[2009/02/16 01:32:58 | 002,666,747 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RSR4V9K.JPG
[2009/02/08 23:35:22 | 002,996,697 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RT2PPK4.JPG
[2009/01/06 15:47:36 | 002,830,324 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RT6N4GL.JPG
[2009/10/27 05:52:46 | 002,740,188 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RTUHX0S.JPG
[2008/09/07 18:58:55 | 000,235,164 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RU0J68U.jpg
[2009/12/15 12:17:38 | 000,793,046 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RU4W0SG.JPG
[2009/10/27 06:14:10 | 002,863,329 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RU9FC5E.JPG
[2009/09/22 12:16:48 | 001,307,591 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RU9KQG2.JPG
[2009/12/11 10:46:42 | 001,818,194 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RUCIKXP.JPG
[2009/01/06 15:46:50 | 002,535,772 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RUXUZ4L.JPG
[2009/10/12 18:10:15 | 000,840,857 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RV99OZC.JPG
[2008/09/19 18:42:23 | 000,436,906 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RVAOJAN.bmp
[2009/01/06 15:45:38 | 002,804,136 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RVBUY81.JPG
[2009/12/15 03:27:12 | 000,794,540 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RVOW8NR.JPG
[2010/03/30 14:50:08 | 000,165,348 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RVPSTYO.AVI
[2010/03/24 09:08:10 | 002,272,382 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RWARC4D.JPG
[2009/12/11 10:45:56 | 001,954,563 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RWEPPW6.JPG
[2010/03/24 09:15:52 | 002,049,936 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RWOGVFX.JPG
[2009/10/12 18:12:52 | 000,751,612 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RXT9L09.JPG
[2010/03/24 09:15:40 | 001,988,631 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RXW6DX9.JPG
[2009/09/05 12:55:30 | 002,531,264 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RY1MKVM.JPG
[2009/10/27 05:55:16 | 003,357,200 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RYCH1PI.JPG
[2009/12/10 10:57:16 | 002,740,403 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RYDMNZ7.JPG
[2009/02/16 01:34:00 | 002,838,720 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RYHJGKH.JPG
[2010/03/24 09:18:56 | 001,787,437 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RZMCR0X.JPG
[2008/02/25 20:02:59 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\desktop.ini
[2009/05/02 06:23:51 | 002,915,625 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R5OZF84\HPIM0979.JPG
[2009/01/06 15:49:38 | 002,482,852 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R5OZF84\HPIM0991.JPG
[2009/01/06 15:50:16 | 002,804,032 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R5OZF84\HPIM0994.JPG
[2008/09/06 18:01:22 | 002,419,044 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R8I8GPE\arrowhead 001.JPG
[2008/08/13 05:29:36 | 000,770,872 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$R8Y80X8\HPIM0897.JPG
[2008/02/01 11:01:06 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-500\desktop.ini
[2006/11/02 09:04:17 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-31 18:44:53


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/11/16 20:31:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/11/16 20:31:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/11/16 20:31:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/01/19 03:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2008/01/19 03:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006/11/02 05:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\System32\autochk.exe
[2006/11/02 05:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: BEEP.SYS >
[2008/01/19 01:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2008/01/19 01:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006/11/02 04:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\System32\drivers\beep.sys
[2006/11/02 04:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 02:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/11/16 20:41:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/11/16 20:41:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2007/07/12 12:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys
[2007/07/12 20:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/07/12 12:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007/07/12 12:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007/07/12 12:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
[2007/07/12 20:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: IMM32.DLL >
[2008/01/19 03:34:33 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=EC17194A193CD8E90D27CFB93DFA9A2E -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
[2008/01/19 03:34:33 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=EC17194A193CD8E90D27CFB93DFA9A2E -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
[2006/11/02 05:46:05 | 000,115,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\imm32.dll
[2006/11/02 05:46:05 | 000,115,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/02/13 04:21:09 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2006/11/02 05:46:05 | 000,874,496 | ---- | M] (Microsoft Corporation) MD5=1E36AE445E4DA83B82D51FEB2D4F8772 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
[2009/02/13 03:13:01 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009/02/13 04:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008/01/19 03:34:36 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[2008/01/19 03:34:36 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[2009/02/13 03:26:37 | 000,875,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\kernel32.dll
[2009/02/13 03:26:37 | 000,875,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2006/11/02 05:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\System32\mswsock.dll
[2006/11/02 05:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2008/01/19 03:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2008/01/19 03:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NDIS.SYS >
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 03:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[2008/01/19 03:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/11/16 20:31:53 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=2620822A21B76375F5FD6E0986407CD1 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys
[2008/11/16 20:36:41 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=37430AA7A66D7A63407ADC2C0D05E9F6 -- C:\Windows\System32\drivers\ntfs.sys
[2008/11/16 20:36:41 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=37430AA7A66D7A63407ADC2C0D05E9F6 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
[2006/11/02 05:51:47 | 001,056,360 | ---- | M] (Microsoft Corporation) MD5=3F379380A4A2637F559444E338CF1B51 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16386_none_a43a67c1200088bf\ntfs.sys
[2008/01/19 03:43:40 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
[2008/01/19 03:43:40 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
[2008/11/16 20:31:52 | 001,061,432 | ---- | M] (Microsoft Corporation) MD5=B5BE45B1F554DF9E1976CBC855365E60 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys
[2008/11/16 20:36:41 | 001,061,944 | ---- | M] (Microsoft Corporation) MD5=F08824715CA6076F5E73E005AB83B9C8 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2006/11/02 08:36:25 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=957CC0F372BB5D79C477363952276859 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6000.16386_none_0c076ff411279f33\ntmssvc.dll
[2008/01/19 03:35:58 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll
[2008/01/19 03:35:58 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2008/01/19 03:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2008/01/19 03:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 05:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2007/11/29 05:06:42 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\System32\qmgr.dll
[2007/11/29 05:06:42 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2007/11/29 05:06:42 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2008/01/19 03:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2008/01/19 03:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2006/11/02 05:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\System32\spoolsv.exe
[2006/11/02 05:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TERMSRV.DLL >
[2008/01/19 03:36:39 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[2008/01/19 03:36:39 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[2006/11/02 05:46:13 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=FAD71C1E8E4047B154E899AE31EB8CAA -- C:\Windows\System32\termsrv.dll
[2006/11/02 05:46:13 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=FAD71C1E8E4047B154E899AE31EB8CAA -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/01/19 03:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2008/01/19 03:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006/11/02 05:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2006/11/02 05:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 05:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/11/29 04:59:31 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> c:\$recycle.bin\S-1-5-21-2112983565-31985329-1380142800-1000\$RVPSTYO.AVI:TOC.WMV
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

Ronnieballs
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-06-01
Gender Gender : Male
OS OS : vista
Points Points : 24113
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Ronnieballs on 2nd June 2010, 1:01 pm

Here is the Malwarebytes log
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037

6/1/2010 4:54:41 PM
mbam-log-2010-06-01 (16-54-41).txt

Scan type: Quick scan
Objects scanned: 112499
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iwmtxvua (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Dad\downloads\PerfectOptimizer.exe (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\Users\Dad\AppData\Local\wvnpsrplc\aynibiptssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Ronnieballs
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-06-01
Gender Gender : Male
OS OS : vista
Points Points : 24113
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Ronnieballs on 2nd June 2010, 1:02 pm

I only saw the OTL text note pad, I didnt get any Extras text pad,

Ronnieballs
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-06-01
Gender Gender : Male
OS OS : vista
Points Points : 24113
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Crush on 2nd June 2010, 5:33 pm

Hi,

First, please reboot your machine as Malwarebytes needs to reboot to remove some infections.


Next, I see IOBit is installed.

IObit was recently accused by Malwarebytes, for stealing the MBAM database.

See these links for more info on the situation:

Relevant link 1: [You must be registered and logged in to see this link.]

Relevant link 2: [You must be registered and logged in to see this link.]

I recommend to change your security program to something more trusted, but that option is up to you. If you would like help finding a new security program, please let me know.
=======

Next, Just a word of warning, scanning with Malwarebytes' Anti-Malware in Safe Mode will work, but removal functions are not as powerful in Safe Mode compared to Normal Mode.

Malwarebytes' Anti-Malware is designed to be at its best power when malware is running/executed.

Most malware does not run in Safe Mode, so Normal Mode is better suited. Doing a Safe Mode scan should only be done when a Normal Mode scan fails.

Malwarebytes' Anti-Malware includes a Direct Disk Access (DDA) driver which does not work in Safe Mode.

For optimal removal, Normal Mode is recommended, so it does not limit the abilities of Malwarebytes' Anti-Malware. I recommend you run another scan in Normal Mode
========

Next, the Recycle Bin is showing quite a few files that are apparent in the OTL log. I recommend you right click on your Recycle Bin and choose Empty Recycle Bin

=======
Lastly, Please run OTL.exe.


  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)




    NOTE: If you added the O6, O7 and O15 entries manually please DO NOT remove them. If you did not add them, please include them in the fix

    Those restrictions may have been set by you in one of your security programs to block Hijackers but they will interfere with any fixes we need to do here for now, so that's why I want you to "fix" those at the moment.




  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Things to include in your reply:
What you plan to do about IOBit
MBAM Log from Normal Mode Scan
Confirmation the Recycle Bin was emptied
OTL Log

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Ronnieballs on 2nd June 2010, 6:31 pm

Hello again and thanks for your time, I ran the fix and here is the log
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.2.5.2 log created on 06022010_142938

Ronnieballs
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-06-01
Gender Gender : Male
OS OS : vista
Points Points : 24113
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Ronnieballs on 2nd June 2010, 6:33 pm

I also uninstalled the IOBIT and am very interested in a better program, I rebooted my computer and also emptied the recycle bin, I am now going to run Malware bytes in normal mode, Also I see alot of IE and I use Firefox if that matters,
Thanks

Ronnieballs
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-06-01
Gender Gender : Male
OS OS : vista
Points Points : 24113
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Crush on 2nd June 2010, 6:46 pm

Ok. I look forward to seeing the MBAM log. As for an anti-virus program:

Personally, I use Avast but, any of these are good:

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It's all about personal preference

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Ronnieballs on 2nd June 2010, 6:53 pm

just got done with the scan and here is what it says
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

6/2/2010 2:51:06 PM
mbam-log-2010-06-02 (14-51-06).txt

Scan type: Quick scan
Objects scanned: 113708
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ronnieballs
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-06-01
Gender Gender : Male
OS OS : vista
Points Points : 24113
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Soft virus

Post by Crush on 2nd June 2010, 8:17 pm

Hi,

There was an error in my last script. Sorry.

Please run OTL.exe.


  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)




    NOTE: If you added the O6, O7 and O15 entries manually please DO NOT remove them. If you did not add them, please include them in the fix




  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====


Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to [You must be registered and logged in to see this link.] and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 2nd June 2010, 9:04 pm

    ========= OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.

    OTL by OldTimer - Version 3.2.5.2 log created on 06022010_170600


    Last edited by Ronnieballs on 2nd June 2010, 9:07 pm; edited 1 time in total (Reason for editing : wrong info posted)

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Crush on 2nd June 2010, 9:10 pm

    EDIT: missed the follow up post.

    How is the Kaspersky log coming along?

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 3rd June 2010, 1:10 am

    Sorry havent gotten it yet, we had a pretty decent storm roll thru and the power has been out for a couple hours I`ll post that in the morning when I get home from work...

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Crush on 3rd June 2010, 1:26 am

    sounds good Smile. I eagerly await your results

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 3rd June 2010, 4:47 pm

    ok finally got it , Thanks for waiting
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Thursday, June 3, 2010
    Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Thursday, June 03, 2010 08:47:46
    Records in database: 4196542
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

    Scan statistics:
    Objects scanned: 168436
    Threats found: 3
    Infected objects found: 3
    Suspicious objects found: 0
    Scan duration: 02:02:03


    File name / Threat / Threats count
    C:\Users\Dad\AppData\Local\Temp\argK.exe Infected: Trojan.Win32.VBKrypt.zk 1
    C:\Users\Dad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\d188a2c-24960021 Infected: Trojan-Downloader.Java.Agent.af 1
    C:\Users\Dad\Documents\LimeWire\Incomplete\T-3259657-theory of a deadman hate my li.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

    Selected area has been scanned.

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Crush on 3rd June 2010, 5:23 pm

    Hi,

    This should be it Smile

    The most current version of Limewire is reported to include spyware. LimeWire 4.9.28 is clean (Older and newer version may not be) Chances are junk was bundled with this product even if you paid for it. If you are going to use p2p file sharing, I suggest you choose a safe program from here: [You must be registered and logged in to see this link.]


    • Click Start
    • Go to Control Panel
    • Go to Add/Remove Programs
    • Find and click Remove for the following (if present):
      LimeWire



    NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
    =======
    Using Windows Explore by right-clicking the start button and left clicking Explore navigate to and find the following folders: if found, delete them


    • Folders:
      C:\Users\Dad\AppData\LocalLow\Sun\Java
      C:\Users\Dad\Documents\LimeWire\Incomplete

    ========

    Please run OTL.exe.

    • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


      :commands
      [emptytemp]


    • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTL.exe

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Please post back confirming you've done the above, and I'll follow up with some preventative measures you can take to keep this from happening again Smile

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 3rd June 2010, 6:08 pm

    Ok thats all done, here is the newest log ...
    All processes killed
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Dad
    ->Temp folder emptied: 13578548 bytes
    ->Temporary Internet Files folder emptied: 10299296 bytes
    ->FireFox cache emptied: 58197638 bytes
    ->Flash cache emptied: 3880 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 203880 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1619645 bytes
    RecycleBin emptied: 89804689 bytes

    Total Files Cleaned = 166.00 mb


    OTL by OldTimer - Version 3.2.5.2 log created on 06032010_140434

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Crush on 3rd June 2010, 6:15 pm

    Hi,

    Congratulations!! Your PC is all clean! Big Grin

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.

    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

    Cleaning

    Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    Defragmenting Your Hard Disk

    Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

    To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
    right-click My Computer, choose Manage, Storage, Disk Defragmenter.

    In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

    Repeat for multiple partitions/hard disks.

    System Restore Cleanup Instructions

    If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
    You can find instructions on how to disable and re-enable system restore here:

    [You must be registered and logged in to see this link.]

    [You must be registered and logged in to see this link.]

    Reading Tip:
    [You must be registered and logged in to see this link.]
    Keep Your System Updated

    Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

    Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

    To update Windows and office

    Go to Start > All Programs > Microsoft Update

    Alternatively, you can visit the link below to update Windows and Office products.

    [You must be registered and logged in to see this link.]

    If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

    1. Go to Start > Control Panel > Automatic Updates
    2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
    3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

    Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

    Be careful when opening attachments and downloading files.

    1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
    2. Never open emails from unknown senders.
    3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
    4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

    Surf safely

    Many security exploits on websites are directed to users of Internet Explorer and Firefox.

    If you use Firefox, try the [You must be registered and logged in to see this link.] - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

    Backup regularly

    You never know when your PC will become unstable or become so infected that you can't recover it. Follow this [You must be registered and logged in to see this link.] to learn how to backup. Follow [You must be registered and logged in to see this link.] by Microsoft to restore your backups.

    Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
    [You must be registered and logged in to see this link.]

    Avoid P2P

    I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    Prevent A Re-infection

    1. Winpatrol

    Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features [You must be registered and logged in to see this link.]

    You can get a [You must be registered and logged in to see this link.] of Winpatrol or use the [You must be registered and logged in to see this link.] for more features.

    You can read [You must be registered and logged in to see this link.] if you run into problems.

    2. Hosts File

    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    3. Spybot Search and Destroy

    Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from [You must be registered and logged in to see this link.].

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy [You must be registered and logged in to see this link.] at Bleeping Computer.

    4. SiteHound Toolbar

    [You must be registered and logged in to see this link.] is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

    ====

    Stand Up and Be Counted ---> [You must be registered and logged in to see this link.]<--- where you can make difference!

    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
    ============================================================
    See [You must be registered and logged in to see this link.] for more info about malware and prevention.
    Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site.
    Before the thread is archived, do you have any more questions?

    Happy surfing and stay clean!

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 4th June 2010, 5:31 pm

    Sorry for the delay in replying Chris, I found a warning this morning on windows defender that said I had a Trojan called spypro and that windows defender had stopped it, I hadnt been on the net since our last exchange on here. I also found and manually removed all the programs you said could be bad. I am still unable to launch several programs from my desktop short cuts and Im thinking it has to be firewalled.
    I turned off windows firewall but they still wont launch, I am looking at my super anti spyware now to see if something in there is stopping the programs from launching.....
    I really appreciate your time and patience

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Crush on 5th June 2010, 12:35 am

    Hi ronnie,

    Run CKScanner


    • Please download CKScanner by from [You must be registered and logged in to see this link.]
    • Important: - Save it to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify the file saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 5th June 2010, 5:25 pm

    Ok here is the log for that..

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files\htc\aces high ii\cache\stdshape\gcrack_1024.tca
    scanner sequence 3.AP.11
    ----- EOF -----

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Crush on 5th June 2010, 9:55 pm

    Hi Ronnie,

    That shows a cracked version of aces high ii. I recommend removing it.

    What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

    Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

    Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 6th June 2010, 10:11 am

    I deleted that game, My son downloaded it from somewhere on the net, it being a cracked game if that terminology is correct may very well be why he never could get it to play...
    Is there some way to find out where he downloaded it? I will surely report it to who ever handles such cases...Whats even worse is we payed for the download, and I eventually had to go to my bank and put a stop to them charging my account...I think the site was called hitech creations something or other . It really makes me mad that these cyber crooks use a kids game to hack a computer

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Crush on 6th June 2010, 9:47 pm

    Hi Ronnie,

    After conferring with the experts behind the scenes we feel the problem is non malware related. Try the following:


    Please visit the links [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.] first to read about this new Microsoft tool!

    Then you can download and use: [You must be registered and logged in to see this link.]
    Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!
    It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.

    Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.



    • Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.

    • Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.

    • Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.


    Let me know after you had run all the troubleshooters on your pc if it corrected your problem.

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 7th June 2010, 3:37 am

    Hi Chris, I tried to install the fixit but I got this error meassage
    an unexpected error occured.Setup cannot continue.Please exit and try again.
    Error.no connection could be made because the target machine actively refused it.127.0.1:5555.
    whatever that means lol,
    I did go and look at a new computer today and Im not sure what the guy was telling me but it had 8gig memory and a 1 tera hard drive witha quad core processor, not sure what all that is either but apparently the mfg thought pretty highly of it and had a pretty high price tag,
    Maybe I could just wipe this one clean and start over lol

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 7th June 2010, 3:39 am

    Oh after running thru all that you have told me the fake virus stuff is all gone but Im still unable to launch alot of things from my desktop like I could before I got the virus, I have even uninstalled and reinstalled the launchers,
    verything you told me to do worked like a charm

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Crush on 7th June 2010, 4:59 pm

    Hi,

    Please download ComboFix from [You must be registered and logged in to see this link.]

    [You must be registered and logged in to see this link.]


    Rename ComboFix.exe to commy.exe before you save it to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
    • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%desktopcommy.exe" /stepdel
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
    • When finished, it shall produce a log for you. Please include the contents of C:ComboFix.txt in your next reply.

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 7th June 2010, 6:04 pm

    I get a error saying c/: app failed to start, or something in that order..
    maybe that new computer is in order lol can we do the remote access thing? This is going way beyond my computer abilities lol

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Crush on 7th June 2010, 8:41 pm

    hi Ronnie,

    If you want to start fresh, you can just reformat (which is free) or purchase a new pc. Up to you Smile

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Ronnieballs on 7th June 2010, 9:49 pm

    what involved in reformatting?

    Ronnieballs
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-06-01
    Gender Gender : Male
    OS OS : vista
    Points Points : 24113
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Soft virus

    Post by Crush on 7th June 2010, 10:15 pm

    Hi Ronnie,

    Do you have access to the CD's that came with your PC?

    In reformatting you wipe the drive clean with those CD's and start fresh with a new Operating System, just like the day you bought it.

    You will lose all your programs and files but, you can back your files up to a flash drive or CD's before the reformat to ensure you can put them back on when you're ready to do so.

    I don't recommend backing up any executable files for programs. They can always be reinstalled later.

    If you let me know what you plan to do: continue with the disinfection or reformat I can direct you to the proper forum so you can get help from our other Staff and members. Currently, only pre-approved users can respond to this topic.

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42138
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum