Welcome to GeekPolice!
HomeBanker fox
Page 1 of 3
Page 1 of 3 • 1, 2, 3 
- Crush
Security Colleague -
Posts : 3882
Rubies : 20037
Likes : 0 
Crush on 4th July 2010, 4:34 pm
Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too 
and I will be helping you with your Malware issues.
A few things to keep in mind as we progress:
1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.
2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries
3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.
4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups
5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.
6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.
7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
8. If you have any questions or issues please stop and ask! We are all here to help.
IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
If you follow these instructions, everything should go smoothly.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted.
To do this click
, then click Preferences. Make sure Always notify me of replies is set to Yes
With that out of the way:
Please download and run RKill.
Download mirror 1 - Download mirror 2 - Download mirror 3
Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.
=====
Download OTL to your Desktop
and I will be helping you with your Malware issues.A few things to keep in mind as we progress:
1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.
2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries
3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.
4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups
5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.
6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.
7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
8. If you have any questions or issues please stop and ask! We are all here to help.
IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
If you follow these instructions, everything should go smoothly
.Please subscribe to this thread to get immediate notification of replies as soon as they are posted.
To do this click
, then click Preferences. Make sure Always notify me of replies is set to YesWith that out of the way:
Please download and run RKill.
Download mirror 1 - Download mirror 2 - Download mirror 3
- Save it to your Desktop.
- Double click the RKill desktop icon.
- It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
- Please post its log in your next reply.
- After it has run successfully, delete RKill.
Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.
=====
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
- Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
- Shaun6994Novice
-
OS : Windows xp
Posts : 13
Rubies : 3031
Likes : 0 -
Shaun6994 on 5th July 2010, 12:08 am
OTL logfile created on: 7/4/2010 6:46:45 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 666 1527 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.01 Gb Total Space | 4.16 Gb Free Space | 21.87% Space Free | Partition Type: NTFS
Drive D: | 35.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 298.01 Gb Total Space | 297.05 Gb Free Space | 99.68% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMANDA-3524341E
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/04 18:43:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/07/04 18:43:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/08/23 08:56:26 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/08/07 15:38:30 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)
========== Driver Services (SafeList) ==========
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/23 08:57:10 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/23 08:57:10 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/05/17 18:15:18 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/08/01 06:10:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/06/09 15:10:58 | 000,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005/05/27 04:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 04:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/25 06:30:12 | 002,352,448 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/12 18:45:52 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/04 07:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 F1 F1 20 D2 1B CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ajkaormx] C:\Documents and Settings\Amanda Martin\Local Settings\Application Data\qpjokeqad\nsrkxurtssd.exe File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://www.arkansashighways.com/Road/acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/27 19:01:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/02/05 17:05:44 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
========== Files/Folders - Created Within 90 Days ==========
[2010/07/04 18:43:49 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/04 18:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/07/04 18:39:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/07/04 18:39:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/07/04 18:38:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/07/04 18:38:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/07/04 18:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/07/04 18:38:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/07/04 18:38:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/07/04 18:38:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/07/04 18:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2010/07/03 23:31:42 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/07/03 23:31:41 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/07/03 23:31:41 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/07/03 23:31:07 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/03 23:30:42 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/03 23:30:42 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/07/03 23:30:06 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/03 23:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/03 23:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/03 23:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/07/03 21:51:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/03 21:51:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/03 21:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/03 21:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/21 22:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/21 22:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/21 22:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/21 22:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/16 11:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/13 14:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/13 14:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/13 14:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/13 14:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/19 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/07/04 18:48:20 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/04 18:43:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/04 18:43:09 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2010/07/04 18:42:45 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2010/07/04 18:41:18 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/07/04 18:38:45 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/04 18:38:16 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/04 18:36:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/04 18:34:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/04 18:19:12 | 061,649,149 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/04 17:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 13:19:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/04 12:36:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 23:30:22 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/03 21:51:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/03 21:29:40 | 000,244,486 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/30 11:44:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/23 03:06:38 | 000,531,002 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:06:38 | 000,462,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:06:38 | 000,078,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 22:58:10 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/21 22:48:50 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/14 17:31:02 | 000,005,538 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/06/13 14:58:47 | 000,021,396 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/13 14:26:20 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 21:50:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 17:22:12 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/10 03:56:02 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 03:37:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 17:47:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/05 07:48:07 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/10 00:35:02 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/04 18:43:09 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2010/07/04 18:42:45 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2010/07/04 18:41:18 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/07/04 18:38:16 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/04 18:38:15 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/04 18:38:15 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MySpaceIM.lnk
[2010/07/04 18:38:12 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/04 18:38:12 | 000,290,816 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2010/07/03 23:31:42 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/07/03 23:31:42 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/07/03 23:31:42 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/07/03 23:31:42 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/07/03 23:31:41 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/07/03 23:31:07 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/03 23:30:42 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/07/03 23:30:42 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/03 23:30:22 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/03 23:30:06 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/07/03 21:51:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/21 22:35:38 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/21 22:22:18 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/13 17:05:30 | 000,005,538 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/06/13 14:58:47 | 000,021,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/13 14:26:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/13 14:23:11 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/12 17:22:12 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 17:22:12 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/10 00:35:02 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/29 17:25:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/10/29 17:25:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/04/06 15:33:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/31 20:04:41 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/31 19:55:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/30 19:16:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/03/30 19:16:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/03/30 19:13:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2006/03/27 19:32:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2006/03/27 19:26:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2006/03/27 19:26:53 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2006/03/27 19:13:52 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/08 05:57:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/07/08 05:57:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/07/08 05:57:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/07/08 05:57:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/07/08 05:57:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/07/08 05:57:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== LOP Check ==========
[2009/08/21 17:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/02/23 13:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCITHBLVXG
[2008/10/27 10:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/10/27 10:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2010/02/03 12:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/02/03 12:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/01/30 00:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2010/07/04 18:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/13 14:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\*. /mp /s >
< c:\$recycle.bin\*.* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 08:10:20
< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 07:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: BEEP.SYS >
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 07:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2004/08/04 07:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll
< MD5 for: PROQUOTA.EXE >
[2004/08/04 07:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe
< MD5 for: QMGR.DLL >
[2004/08/04 07:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SFCFILES.DLL >
[2004/08/04 07:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll
< MD5 for: SPOOLSV.EXE >
[2004/08/04 07:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 07:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TERMSRV.DLL >
[2004/08/04 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll
< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 07:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 07:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E3FBF9D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE73B0FE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 666 1527 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.01 Gb Total Space | 4.16 Gb Free Space | 21.87% Space Free | Partition Type: NTFS
Drive D: | 35.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 298.01 Gb Total Space | 297.05 Gb Free Space | 99.68% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMANDA-3524341E
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/04 18:43:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/07/04 18:43:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/08/23 08:56:26 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/08/07 15:38:30 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)
========== Driver Services (SafeList) ==========
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/23 08:57:10 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/23 08:57:10 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/05/17 18:15:18 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/08/01 06:10:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/06/09 15:10:58 | 000,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005/05/27 04:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 04:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/25 06:30:12 | 002,352,448 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/12 18:45:52 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/04 07:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 F1 F1 20 D2 1B CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ajkaormx] C:\Documents and Settings\Amanda Martin\Local Settings\Application Data\qpjokeqad\nsrkxurtssd.exe File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://www.arkansashighways.com/Road/acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/27 19:01:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/02/05 17:05:44 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
========== Files/Folders - Created Within 90 Days ==========
[2010/07/04 18:43:49 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/04 18:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/07/04 18:39:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/07/04 18:39:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/07/04 18:38:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/07/04 18:38:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/07/04 18:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/07/04 18:38:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/07/04 18:38:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/07/04 18:38:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/07/04 18:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2010/07/03 23:31:42 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/07/03 23:31:41 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/07/03 23:31:41 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/07/03 23:31:07 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/03 23:30:42 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/03 23:30:42 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/07/03 23:30:06 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/03 23:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/03 23:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/03 23:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/07/03 21:51:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/03 21:51:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/03 21:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/03 21:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/21 22:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/21 22:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/21 22:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/21 22:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/16 11:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/13 14:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/13 14:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/13 14:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/13 14:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/19 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/07/04 18:48:20 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/04 18:43:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/04 18:43:09 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2010/07/04 18:42:45 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2010/07/04 18:41:18 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/07/04 18:38:45 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/04 18:38:16 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/04 18:36:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/04 18:34:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/04 18:19:12 | 061,649,149 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/04 17:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 13:19:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/04 12:36:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 23:30:22 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/03 21:51:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/03 21:29:40 | 000,244,486 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/30 11:44:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/23 03:06:38 | 000,531,002 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:06:38 | 000,462,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:06:38 | 000,078,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 22:58:10 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/21 22:48:50 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/14 17:31:02 | 000,005,538 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/06/13 14:58:47 | 000,021,396 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/13 14:26:20 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 21:50:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 17:22:12 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/10 03:56:02 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 03:37:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 17:47:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/05 07:48:07 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/10 00:35:02 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/04 18:43:09 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2010/07/04 18:42:45 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2010/07/04 18:41:18 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/07/04 18:38:16 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/04 18:38:15 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/04 18:38:15 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MySpaceIM.lnk
[2010/07/04 18:38:12 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/04 18:38:12 | 000,290,816 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2010/07/03 23:31:42 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/07/03 23:31:42 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/07/03 23:31:42 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/07/03 23:31:42 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/07/03 23:31:41 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/07/03 23:31:07 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/03 23:30:42 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/07/03 23:30:42 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/03 23:30:22 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/03 23:30:06 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/07/03 21:51:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/21 22:35:38 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/21 22:22:18 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/13 17:05:30 | 000,005,538 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/06/13 14:58:47 | 000,021,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/13 14:26:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/13 14:23:11 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/12 17:22:12 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 17:22:12 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/10 00:35:02 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/29 17:25:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/10/29 17:25:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/04/06 15:33:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/31 20:04:41 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/31 19:55:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/30 19:16:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/03/30 19:16:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/03/30 19:13:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2006/03/27 19:32:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2006/03/27 19:26:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2006/03/27 19:26:53 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2006/03/27 19:13:52 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/08 05:57:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/07/08 05:57:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/07/08 05:57:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/07/08 05:57:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/07/08 05:57:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/07/08 05:57:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== LOP Check ==========
[2009/08/21 17:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/02/23 13:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCITHBLVXG
[2008/10/27 10:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/10/27 10:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2010/02/03 12:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/02/03 12:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/01/30 00:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2010/07/04 18:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/13 14:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\*. /mp /s >
< c:\$recycle.bin\*.* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 08:10:20
< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 07:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: BEEP.SYS >
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 07:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2004/08/04 07:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll
< MD5 for: PROQUOTA.EXE >
[2004/08/04 07:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe
< MD5 for: QMGR.DLL >
[2004/08/04 07:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SFCFILES.DLL >
[2004/08/04 07:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll
< MD5 for: SPOOLSV.EXE >
[2004/08/04 07:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 07:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TERMSRV.DLL >
[2004/08/04 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll
< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 07:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 07:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E3FBF9D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE73B0FE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
- CrushSecurity Colleague
-
Posts : 3882
Rubies : 20037
Likes : 0 -
Crush on 5th July 2010, 12:21 am
Please run OTL.exe.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======
Please download ComboFix
from BleepingComputer.com
Alternate link: GeeksToGo.com
Rename ComboFix.exe to commy.exe before you save it to your Desktop
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ajkaormx] C:\Documents and Settings\Amanda Martin\Local Settings\Application Data\qpjokeqad\nsrkxurtssd.exe File not found
:Files
C:\Documents and Settings\Amanda Martin\Local Settings\Application Data\qpjokeqad
:Commands
[emptytemp]
[emptyflash]
[purity] - Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
- Click the red Run Fix button.
- A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======
Please download ComboFix
from BleepingComputer.comAlternate link: GeeksToGo.com
Rename ComboFix.exe to commy.exe before you save it to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
- Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Shaun6994Novice
-
OS : Windows xp
Posts : 13
Rubies : 3031
Likes : 0 -
Shaun6994 on 5th July 2010, 1:42 am
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ajkaormx deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Amanda Martin\Local Settings\Application Data\qpjokeqad not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 1614532 bytes
->Temporary Internet Files folder emptied: 4913599 bytes
->Flash cache emptied: 633 bytes
User: All Users
User: Amanda Martin
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Guest
->Temp folder emptied: 63937655 bytes
->Temporary Internet Files folder emptied: 3336450 bytes
->Java cache emptied: 47983041 bytes
->Flash cache emptied: 23972 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 312794 bytes
->Flash cache emptied: 401 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 721799 bytes
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 3526325 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105115614 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51635316 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 272.00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Amanda Martin
User: Default User
->Flash cache emptied: 0 bytes
User: Guest
->Flash cache emptied: 0 bytes
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
User: TEMP
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.7.1 log created on 07042010_201803
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2303.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2323.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF23A2.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF23C2.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UJ4FUHQD\like[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8VDRER48\banker-fox-t22492[1].htm moved successfully.
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\CAMJ8TUZ.1250830666&ga_sid=1250830666&ga_hid=293031250&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\CAU391F7.1250830640&ga_sid=1250830640&ga_hid=787807625&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\click2,VaUDABDCCQAjGCoAAAAAALgLDAAAAAAAAgAmaA8AAAAAAP8AAAAFFYyuAQAAAAAA6hcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;dcopt=rcl;mtfIFPath=nofile;ord=1250819063 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\click2,VaUDABPCCQCIzSQAAAAAAEgMCgAAAAAAAgAZcwYAAAAAAP8AAAAGAYyuAQAAAAAAQVcOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250834153 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\click2,VaUDABPCCQCnzyYAAAAAAACZDAAAAAAAAgBSaQYAAAAAAP8AAAAGCoyuAQAAAAAA5dURAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865242 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\sid=1250806186&ga_hid=1239676682&ga_fc=1&u_tz=-300&u_his=9&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&biw=1135&bih=699&eid=36814002&fu=0&ifi=1&dtd=109 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CA4KCJ9F.1250828647&ga_sid=1250828647&ga_hid=1232396494&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CAU3SL2J.1250806210&ga_sid=1250806210&ga_hid=2121581190&ga_fc=0&u_tz=-300&u_his=11&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CAYJC1YZ.1250828462&ga_sid=1250828462&ga_hid=788281634&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CAYLU78V.1250830687&ga_sid=1250830687&ga_hid=217881234&ga_fc=0&u_tz=-300&u_his=9&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\ZE2.1250828686&ga_sid=1250828686&ga_hid=1694104760&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&eid=36814001&fu=0&ifi=1&dtd=32 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CA8S3NGX.1250806186&ga_sid=1250806186&ga_hid=1061774283&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=157 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CACL2R0L.1250829473&ga_sid=1250829473&ga_hid=1627657733&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CAMBPG6L.1250828462&ga_sid=1250828462&ga_hid=838882809&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CAU4UEOT.1250806222&ga_sid=1250806222&ga_hid=1832474563&ga_fc=0&u_tz=-300&u_his=11&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CAZSMETV.1250806492&ga_sid=1250806492&ga_hid=733086799&ga_fc=0&u_tz=-300&u_his=18&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\click2,VaUDAA3CCQCkkCwAAAAAANMLDAAAAAAAAgGqaAoAAAAAAP8AAAAFGJJ-BgAAAAAADRgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwJAIAAAAAAAIAAgAAAAAAJK9CO[1].htm not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\click2,VaUDABPCCQBuihkAAAAAADceCwAAAAAAAgBGaQYAAAAAAP8AAAAGCoyuAQAAAAAAZtkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865227 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CA41EV0P.1250806485&ga_sid=1250806485&ga_hid=1426896901&ga_fc=0&u_tz=-300&u_his=0&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CA6RKTE7.1250830640&ga_sid=1250830640&ga_hid=1232742146&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CA8K8LAV.1250806501&ga_sid=1250806501&ga_hid=1596915356&ga_fc=0&u_tz=-300&u_his=18&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CANN08LR.1250806447&ga_sid=1250806447&ga_hid=696511805&ga_fc=0&u_tz=-300&u_his=17&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CASDYNCT.1250809299&ga_sid=1250809299&ga_hid=1525839612&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CAX9RWI5.1250830668&ga_sid=1250830668&ga_hid=1833542710&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\click2,VaUDABPCCQAn5iEAAAAAAGCrCQAAAAAAAgBCaAYAAAAAAP8AAAAFFYyuAQAAAAAAkNMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[1].php%3Fen%3Dcp1252,;ord=1250819119 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\click2,VaUDABPCCQBTJyoAAAAAAIzjCgAAAAAAAABuaQYAAAAAAA0AAgAGCoyuAQAAAAAABlMOAAAAAAC8hw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865289 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\derboard%26rnd%3D417897132%26puid%3D49288996%26neg%3D0%26ega%3D23%26ged%3D0%3A0%3AODNhNTdiMmI5OWQzNDFkZgUyBtBZ5yDC9hL3L-dzIMA09qichZfgF8iGIAD5Z36imIN4hd3H3o_-xESXcpumtw1EZ_qaVX&r=0 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\_sid=1250828864&ga_hid=1586885045&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&biw=1135&bih=699&eid=36814002&fu=0&ifi=1&dtd=63 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CA2LA7CT.1250829120&ga_sid=1250829120&ga_hid=495624659&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CA9XPZK8.1250809230&ga_sid=1250809230&ga_hid=756719191&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CAAT6ZMF.1250830684&ga_sid=1250830684&ga_hid=36561804&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=32 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CAYEZQ82.1250830928&ga_sid=1250830928&ga_hid=1504369483&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\click2,VaUDABLCCQDJkCwAAAAAANMLDAAAAAAAAgElcyEAAAAAAP8AAAAGAYyuAQAAAAAADRgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwJAIAAAAAAAIAAgAAAAAA2ZmIO[1].htm not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\click2,VaUDABPCCQAn5iEAAAAAAGCrCQAAAAAAAgA-aAYAAAAAAP8AAAAFFYyuAQAAAAAAkNMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250819116 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\click2,VaUDABPCCQBTJyoAAAAAAIzjCgAAAAAAAgCOaAYAAAAAAP8AAAAFFYyuAQAAAAAABlMOAAAAAAC8hw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250819258 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\93FZP5CM\CA0KKLZM.1250828864&ga_sid=1250828864&ga_hid=665954124&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\93FZP5CM\CAL6MTLN.1250829473&ga_sid=1250829473&ga_hid=2107507751&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\93FZP5CM\click2,VaUDABPCCQAErSUAAAAAABSQDAAAAAAAAADNcgYAAAAAAAAAAgAFGIyuAQAAAAAA1MgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250829938 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\865.1250809230&ga_sid=1250809230&ga_hid=1980109597&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&eid=36815003&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\a_sid=1250828462&ga_hid=360527956&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&biw=1135&bih=699&eid=36814002&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CA416BGT.1250806423&ga_sid=1250806423&ga_hid=1514695532&ga_fc=0&u_tz=-300&u_his=14&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CATP83DC.1250830705&ga_sid=1250830705&ga_hid=2048132438&ga_fc=0&u_tz=-300&u_his=10&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CAXWCN9E.1250806404&ga_sid=1250806404&ga_hid=1366164476&ga_fc=0&u_tz=-300&u_his=13&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CAY1AR67.1250830675&ga_sid=1250830675&ga_hid=569875764&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CAY7016F.1250828662&ga_sid=1250828662&ga_hid=1957131009&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\click2,VaUDABDCCQAjGCoAAAAAALgLDAAAAAAAAgAqaA8AAAAAAP8AAAAFFYyuAQAAAAAA6hcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;dcopt=rcl;mtfIFPath=nofile;ord=1250819089 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CA5QDAQI.1250806429&ga_sid=1250806429&ga_hid=1000345660&ga_fc=0&u_tz=-300&u_his=15&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CA8P8L43.1250828864&ga_sid=1250828864&ga_hid=1460223133&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CA8T67KL.1250828614&ga_sid=1250828614&ga_hid=251382505&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CAVQ332A.1250806401&ga_sid=1250806401&ga_hid=638914665&ga_fc=0&u_tz=-300&u_his=12&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CAX3KV5F.1250828653&ga_sid=1250828653&ga_hid=1350487902&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABDCCQAjGCoAAAAAALgLDAAAAAAAAAA2aA8AAAAAAAEAAgAFFYyuAQAAAAAA6hcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;dcopt=rcl;mtfIFPath=nofile;ord=1250819109 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABPCCQAErSUAAAAAABSQDAAAAAAAAADVcgYAAAAAAAQABAAFGIyuAQAAAAAA1MgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250830045 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABPCCQAErSUAAAAAABSQDAAAAAAAAgDBcgYAAAAAAP8AAAAFGIyuAQAAAAAA1MgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250829932 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABPCCQBuihkAAAAAADceCwAAAAAAAgBCaQYAAAAAAP8AAAAGCoyuAQAAAAAAZtkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865224 not found!
Registry entries deleted on Reboot...
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ajkaormx deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Amanda Martin\Local Settings\Application Data\qpjokeqad not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 1614532 bytes
->Temporary Internet Files folder emptied: 4913599 bytes
->Flash cache emptied: 633 bytes
User: All Users
User: Amanda Martin
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Guest
->Temp folder emptied: 63937655 bytes
->Temporary Internet Files folder emptied: 3336450 bytes
->Java cache emptied: 47983041 bytes
->Flash cache emptied: 23972 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 312794 bytes
->Flash cache emptied: 401 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 721799 bytes
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 3526325 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105115614 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51635316 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 272.00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Amanda Martin
User: Default User
->Flash cache emptied: 0 bytes
User: Guest
->Flash cache emptied: 0 bytes
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
User: TEMP
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.7.1 log created on 07042010_201803
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2303.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2323.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF23A2.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF23C2.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UJ4FUHQD\like[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8VDRER48\banker-fox-t22492[1].htm moved successfully.
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\CAMJ8TUZ.1250830666&ga_sid=1250830666&ga_hid=293031250&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\CAU391F7.1250830640&ga_sid=1250830640&ga_hid=787807625&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\click2,VaUDABDCCQAjGCoAAAAAALgLDAAAAAAAAgAmaA8AAAAAAP8AAAAFFYyuAQAAAAAA6hcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;dcopt=rcl;mtfIFPath=nofile;ord=1250819063 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\click2,VaUDABPCCQCIzSQAAAAAAEgMCgAAAAAAAgAZcwYAAAAAAP8AAAAGAYyuAQAAAAAAQVcOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250834153 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\click2,VaUDABPCCQCnzyYAAAAAAACZDAAAAAAAAgBSaQYAAAAAAP8AAAAGCoyuAQAAAAAA5dURAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865242 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\sid=1250806186&ga_hid=1239676682&ga_fc=1&u_tz=-300&u_his=9&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&biw=1135&bih=699&eid=36814002&fu=0&ifi=1&dtd=109 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CA4KCJ9F.1250828647&ga_sid=1250828647&ga_hid=1232396494&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CAU3SL2J.1250806210&ga_sid=1250806210&ga_hid=2121581190&ga_fc=0&u_tz=-300&u_his=11&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CAYJC1YZ.1250828462&ga_sid=1250828462&ga_hid=788281634&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CAYLU78V.1250830687&ga_sid=1250830687&ga_hid=217881234&ga_fc=0&u_tz=-300&u_his=9&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\ZE2.1250828686&ga_sid=1250828686&ga_hid=1694104760&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&eid=36814001&fu=0&ifi=1&dtd=32 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CA8S3NGX.1250806186&ga_sid=1250806186&ga_hid=1061774283&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=157 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CACL2R0L.1250829473&ga_sid=1250829473&ga_hid=1627657733&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CAMBPG6L.1250828462&ga_sid=1250828462&ga_hid=838882809&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CAU4UEOT.1250806222&ga_sid=1250806222&ga_hid=1832474563&ga_fc=0&u_tz=-300&u_his=11&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CAZSMETV.1250806492&ga_sid=1250806492&ga_hid=733086799&ga_fc=0&u_tz=-300&u_his=18&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\click2,VaUDAA3CCQCkkCwAAAAAANMLDAAAAAAAAgGqaAoAAAAAAP8AAAAFGJJ-BgAAAAAADRgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwJAIAAAAAAAIAAgAAAAAAJK9CO[1].htm not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\click2,VaUDABPCCQBuihkAAAAAADceCwAAAAAAAgBGaQYAAAAAAP8AAAAGCoyuAQAAAAAAZtkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865227 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CA41EV0P.1250806485&ga_sid=1250806485&ga_hid=1426896901&ga_fc=0&u_tz=-300&u_his=0&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CA6RKTE7.1250830640&ga_sid=1250830640&ga_hid=1232742146&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CA8K8LAV.1250806501&ga_sid=1250806501&ga_hid=1596915356&ga_fc=0&u_tz=-300&u_his=18&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CANN08LR.1250806447&ga_sid=1250806447&ga_hid=696511805&ga_fc=0&u_tz=-300&u_his=17&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CASDYNCT.1250809299&ga_sid=1250809299&ga_hid=1525839612&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CAX9RWI5.1250830668&ga_sid=1250830668&ga_hid=1833542710&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\click2,VaUDABPCCQAn5iEAAAAAAGCrCQAAAAAAAgBCaAYAAAAAAP8AAAAFFYyuAQAAAAAAkNMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[1].php%3Fen%3Dcp1252,;ord=1250819119 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\click2,VaUDABPCCQBTJyoAAAAAAIzjCgAAAAAAAABuaQYAAAAAAA0AAgAGCoyuAQAAAAAABlMOAAAAAAC8hw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865289 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\derboard%26rnd%3D417897132%26puid%3D49288996%26neg%3D0%26ega%3D23%26ged%3D0%3A0%3AODNhNTdiMmI5OWQzNDFkZgUyBtBZ5yDC9hL3L-dzIMA09qichZfgF8iGIAD5Z36imIN4hd3H3o_-xESXcpumtw1EZ_qaVX&r=0 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\_sid=1250828864&ga_hid=1586885045&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&biw=1135&bih=699&eid=36814002&fu=0&ifi=1&dtd=63 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CA2LA7CT.1250829120&ga_sid=1250829120&ga_hid=495624659&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CA9XPZK8.1250809230&ga_sid=1250809230&ga_hid=756719191&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CAAT6ZMF.1250830684&ga_sid=1250830684&ga_hid=36561804&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=32 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CAYEZQ82.1250830928&ga_sid=1250830928&ga_hid=1504369483&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\click2,VaUDABLCCQDJkCwAAAAAANMLDAAAAAAAAgElcyEAAAAAAP8AAAAGAYyuAQAAAAAADRgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwJAIAAAAAAAIAAgAAAAAA2ZmIO[1].htm not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\click2,VaUDABPCCQAn5iEAAAAAAGCrCQAAAAAAAgA-aAYAAAAAAP8AAAAFFYyuAQAAAAAAkNMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250819116 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\click2,VaUDABPCCQBTJyoAAAAAAIzjCgAAAAAAAgCOaAYAAAAAAP8AAAAFFYyuAQAAAAAABlMOAAAAAAC8hw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250819258 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\93FZP5CM\CA0KKLZM.1250828864&ga_sid=1250828864&ga_hid=665954124&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\93FZP5CM\CAL6MTLN.1250829473&ga_sid=1250829473&ga_hid=2107507751&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\93FZP5CM\click2,VaUDABPCCQAErSUAAAAAABSQDAAAAAAAAADNcgYAAAAAAAAAAgAFGIyuAQAAAAAA1MgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250829938 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\865.1250809230&ga_sid=1250809230&ga_hid=1980109597&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&eid=36815003&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\a_sid=1250828462&ga_hid=360527956&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&biw=1135&bih=699&eid=36814002&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CA416BGT.1250806423&ga_sid=1250806423&ga_hid=1514695532&ga_fc=0&u_tz=-300&u_his=14&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CATP83DC.1250830705&ga_sid=1250830705&ga_hid=2048132438&ga_fc=0&u_tz=-300&u_his=10&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CAXWCN9E.1250806404&ga_sid=1250806404&ga_hid=1366164476&ga_fc=0&u_tz=-300&u_his=13&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CAY1AR67.1250830675&ga_sid=1250830675&ga_hid=569875764&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CAY7016F.1250828662&ga_sid=1250828662&ga_hid=1957131009&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\click2,VaUDABDCCQAjGCoAAAAAALgLDAAAAAAAAgAqaA8AAAAAAP8AAAAFFYyuAQAAAAAA6hcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;dcopt=rcl;mtfIFPath=nofile;ord=1250819089 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CA5QDAQI.1250806429&ga_sid=1250806429&ga_hid=1000345660&ga_fc=0&u_tz=-300&u_his=15&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CA8P8L43.1250828864&ga_sid=1250828864&ga_hid=1460223133&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CA8T67KL.1250828614&ga_sid=1250828614&ga_hid=251382505&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CAVQ332A.1250806401&ga_sid=1250806401&ga_hid=638914665&ga_fc=0&u_tz=-300&u_his=12&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CAX3KV5F.1250828653&ga_sid=1250828653&ga_hid=1350487902&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABDCCQAjGCoAAAAAALgLDAAAAAAAAAA2aA8AAAAAAAEAAgAFFYyuAQAAAAAA6hcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;dcopt=rcl;mtfIFPath=nofile;ord=1250819109 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABPCCQAErSUAAAAAABSQDAAAAAAAAADVcgYAAAAAAAQABAAFGIyuAQAAAAAA1MgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250830045 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABPCCQAErSUAAAAAABSQDAAAAAAAAgDBcgYAAAAAAP8AAAAFGIyuAQAAAAAA1MgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250829932 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABPCCQBuihkAAAAAADceCwAAAAAAAgBCaQYAAAAAAP8AAAAGCoyuAQAAAAAAZtkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865224 not found!
Registry entries deleted on Reboot...
- Shaun6994Novice
-
OS : Windows xp
Posts : 13
Rubies : 3031
Likes : 0 -
Shaun6994 on 5th July 2010, 4:32 pm
ComboFix 10-07-04.02 - Administrator 07/04/2010 21:00:57.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1779 [GMT -5:00]
Running from: c:\documents and settings\Administrator\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ybeeg.bak1
c:\windows\system32\ybeeg.bak2
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.
2010-07-05 01:39 . 2010-07-05 01:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-07-05 01:18 . 2010-07-05 01:18 -------- d-----w- C:\_OTL
2010-07-05 00:25 . 2010-07-05 00:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-04 23:39 . 2010-07-04 23:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-04 23:39 . 2010-07-04 23:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-04 23:34 . 2010-07-04 23:34 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-07-04 23:34 . 2010-07-04 23:34 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-04 23:33 . 2010-07-04 23:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-07-04 04:31 . 2010-01-27 18:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-04 04:31 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-04 04:31 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-07-04 04:31 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-04 04:31 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-04 04:31 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-04 04:31 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-04 04:30 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-04 04:30 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-04 04:30 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-04 04:29 . 2010-07-04 04:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-04 04:29 . 2010-07-05 01:35 -------- d-----w- c:\program files\Spyware Doctor
2010-07-04 04:29 . 2010-07-04 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-04 02:51 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 02:51 . 2010-07-04 02:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 02:51 . 2010-07-04 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 02:51 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 23:00 . 2010-07-03 23:00 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-06-22 03:33 . 2010-06-22 03:33 -------- d-----w- c:\program files\iPod
2010-06-22 03:32 . 2010-06-22 03:35 -------- d-----w- c:\program files\iTunes
2010-06-22 03:27 . 2010-06-22 03:27 -------- d-----w- c:\program files\Bonjour
2010-06-22 03:23 . 2010-06-22 03:23 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-22 03:21 . 2010-06-22 03:22 -------- d-----w- c:\program files\Safari
2010-06-22 03:20 . 2010-06-22 03:20 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 13:00 . 2010-06-29 20:07 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-06-16 16:44 . 2010-06-16 16:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-15 17:31 . 2010-06-15 00:23 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-13 19:58 . 2010-06-13 19:58 21396 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-13 19:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-13 19:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-13 19:28 . 2010-06-13 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-13 19:23 . 2010-06-13 19:23 -------- d-----w- c:\program files\Apple Software Update
2010-06-13 19:22 . 2010-04-20 01:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-06-13 19:22 . 2010-04-20 01:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-06-13 19:21 . 2010-06-22 03:33 -------- d-----w- c:\program files\Common Files\Apple
2010-06-13 19:21 . 2010-06-15 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-10 03:16 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 01:35 . 2009-01-21 20:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-04 00:30 . 2009-05-17 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-22 16:12 . 2006-03-31 00:14 -------- d-----w- c:\program files\Lx_cats
2010-06-15 17:31 . 2007-01-07 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-13 19:26 . 2008-10-12 22:10 -------- d-----w- c:\program files\QuickTime
2010-06-13 19:24 . 2008-10-12 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-05 23:44 . 2009-03-27 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 19:02 . 2007-09-30 15:06 -------- d-----w- c:\documents and settings\Guest\Application Data\FaxCtr
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-10 05:34 . 2006-06-04 03:56 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-24 2750976]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-05 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-15 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 13:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/3/2010 11:30 PM 218592]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/17/2009 6:15 PM 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/17/2009 6:15 PM 335240]
.
Contents of the 'Scheduled Tasks' folder
2010-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2010-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 22:45]
2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 22:47]
2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 22:47]
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-04 21:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-117609710-492894223-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,68,9b,30,3c,62,4b,85,e2,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,68,9b,30,3c,62,4b,85,e2,ff,\
.
Completion time: 2010-07-04 21:14:36
ComboFix-quarantined-files.txt 2010-07-05 02:14
Pre-Run: 4,684,902,400 bytes free
Post-Run: 4,648,443,904 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - BAAE4A077B132C259FC1A13A676BA1AD
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1779 [GMT -5:00]
Running from: c:\documents and settings\Administrator\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ybeeg.bak1
c:\windows\system32\ybeeg.bak2
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.
2010-07-05 01:39 . 2010-07-05 01:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-07-05 01:18 . 2010-07-05 01:18 -------- d-----w- C:\_OTL
2010-07-05 00:25 . 2010-07-05 00:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-04 23:39 . 2010-07-04 23:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-04 23:39 . 2010-07-04 23:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-04 23:34 . 2010-07-04 23:34 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-07-04 23:34 . 2010-07-04 23:34 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-04 23:33 . 2010-07-04 23:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-07-04 04:31 . 2010-01-27 18:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-04 04:31 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-04 04:31 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-07-04 04:31 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-04 04:31 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-04 04:31 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-04 04:31 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-04 04:30 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-04 04:30 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-04 04:30 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-04 04:29 . 2010-07-04 04:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-04 04:29 . 2010-07-05 01:35 -------- d-----w- c:\program files\Spyware Doctor
2010-07-04 04:29 . 2010-07-04 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-04 02:51 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 02:51 . 2010-07-04 02:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 02:51 . 2010-07-04 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 02:51 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 23:00 . 2010-07-03 23:00 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-06-22 03:33 . 2010-06-22 03:33 -------- d-----w- c:\program files\iPod
2010-06-22 03:32 . 2010-06-22 03:35 -------- d-----w- c:\program files\iTunes
2010-06-22 03:27 . 2010-06-22 03:27 -------- d-----w- c:\program files\Bonjour
2010-06-22 03:23 . 2010-06-22 03:23 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-22 03:21 . 2010-06-22 03:22 -------- d-----w- c:\program files\Safari
2010-06-22 03:20 . 2010-06-22 03:20 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 13:00 . 2010-06-29 20:07 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-06-16 16:44 . 2010-06-16 16:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-15 17:31 . 2010-06-15 00:23 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-13 19:58 . 2010-06-13 19:58 21396 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-13 19:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-13 19:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-13 19:28 . 2010-06-13 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-13 19:23 . 2010-06-13 19:23 -------- d-----w- c:\program files\Apple Software Update
2010-06-13 19:22 . 2010-04-20 01:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-06-13 19:22 . 2010-04-20 01:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-06-13 19:21 . 2010-06-22 03:33 -------- d-----w- c:\program files\Common Files\Apple
2010-06-13 19:21 . 2010-06-15 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-10 03:16 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 01:35 . 2009-01-21 20:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-04 00:30 . 2009-05-17 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-22 16:12 . 2006-03-31 00:14 -------- d-----w- c:\program files\Lx_cats
2010-06-15 17:31 . 2007-01-07 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-13 19:26 . 2008-10-12 22:10 -------- d-----w- c:\program files\QuickTime
2010-06-13 19:24 . 2008-10-12 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-05 23:44 . 2009-03-27 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 19:02 . 2007-09-30 15:06 -------- d-----w- c:\documents and settings\Guest\Application Data\FaxCtr
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-10 05:34 . 2006-06-04 03:56 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-24 2750976]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-05 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-15 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 13:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/3/2010 11:30 PM 218592]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/17/2009 6:15 PM 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/17/2009 6:15 PM 335240]
.
Contents of the 'Scheduled Tasks' folder
2010-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2010-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 22:45]
2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 22:47]
2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 22:47]
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-04 21:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-117609710-492894223-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,68,9b,30,3c,62,4b,85,e2,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,68,9b,30,3c,62,4b,85,e2,ff,\
.
Completion time: 2010-07-04 21:14:36
ComboFix-quarantined-files.txt 2010-07-05 02:14
Pre-Run: 4,684,902,400 bytes free
Post-Run: 4,648,443,904 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - BAAE4A077B132C259FC1A13A676BA1AD
- CrushSecurity Colleague
-
Posts : 3882
Rubies : 20037
Likes : 0 -
Crush on 5th July 2010, 4:45 pm
How are things running now?
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, you may close the window
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
Page 1 of 3 • 1, 2, 3
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 3
Permissions in this forum:
You cannot reply to topics in this forum
