Welcome to GeekPolice!
HomeHarddrive diagnostics ??
Page 1 of 3 • 1, 2, 3 
- daze71
Novice
-
OS : xp
Posts : 14
Rubies : 2619
Likes : 0 
daze71 on 2nd March 2011, 10:33 pm
can anyone help on this issue i have.
i have a virus called HardDrive which looks the same as harddrive diagnostics but the icon display for this virus is 4 jigsaw puzzle pieces instead of the block icon you get in your system defragger if that makes sense.
i have tried to remove with malwarebytes anti malware going through safe mode and using i explore to cancel the process but to no avail, now when i boot up even in safe mode the virus kicks in so i cannot even see my desktop and cannot use task manager (control alt delete) as it pops up that this has been disabled by my administrator even though i am logged in on that account ?
if i boot up in normal mode it gives the impression i am in safe mode but again i cannot see my desk top to run anything ?
any help on this would be very much appreciated as i'm in desparate need to get on it again to retrieve some work files ( i know i should of backed info up but its a bit too late for that)
does anyone have the activation code for this as i am thinking if i can activate it it will give me access to my desktop again ??
i am a total noobie to this sort of issue so any help would be gratefully received.
Thanks in advance for ANY help
i have a virus called HardDrive which looks the same as harddrive diagnostics but the icon display for this virus is 4 jigsaw puzzle pieces instead of the block icon you get in your system defragger if that makes sense.
i have tried to remove with malwarebytes anti malware going through safe mode and using i explore to cancel the process but to no avail, now when i boot up even in safe mode the virus kicks in so i cannot even see my desktop and cannot use task manager (control alt delete) as it pops up that this has been disabled by my administrator even though i am logged in on that account ?
if i boot up in normal mode it gives the impression i am in safe mode but again i cannot see my desk top to run anything ?
any help on this would be very much appreciated as i'm in desparate need to get on it again to retrieve some work files ( i know i should of backed info up but its a bit too late for that)
does anyone have the activation code for this as i am thinking if i can activate it it will give me access to my desktop again ??
i am a total noobie to this sort of issue so any help would be gratefully received.
Thanks in advance for ANY help
- Belahzur
Site Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218033
Likes : 18 -
Belahzur on 3rd March 2011, 2:12 am
Hello.
Download OTL by OldTimer to your Desktop.
Download OTL by OldTimer to your Desktop.
- Close all windows and double click OTL.exe
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
- You may need to use two posts to get it all.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- daze71Novice
-
OS : xp
Posts : 14
Rubies : 2619
Likes : 0 -
daze71 on 4th March 2011, 2:41 pm
hi there and thanks for the reply, thats the problem i cannot even get to my desk top even in safe mode !? and when i boot up normally it goes into like a spoof safe mode and again i cannot gain access to any programs or functions.
i was thinking if i went into the bios and pick boot from usb and have an external HDD with a copy of windows on it with up to date malware etc that i could run any programs from there ? or will having 2 copies of windows confuse the pc?
i was thinking if i went into the bios and pick boot from usb and have an external HDD with a copy of windows on it with up to date malware etc that i could run any programs from there ? or will having 2 copies of windows confuse the pc?
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218033
Likes : 18 -
Belahzur on 6th March 2011, 1:04 am
We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.
Download the OTLPE Standard REATOGO Windows Recovery Environment.
Download the OTLPE Standard REATOGO Windows Recovery Environment.
- Place a blank CD-R disc in to your CD burning drive.
- Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here - Your system should now display a REATOGO-X-PE desktop.
- Double-click on the OTLPE icon.
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start. Change the following settings
- Change Drivers to Non-Microsoft
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\_OTL\MovedFiles
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- daze71Novice
-
OS : xp
Posts : 14
Rubies : 2619
Likes : 0 -
daze71 on 7th March 2011, 3:25 pm
hi there i've burnt OTLPE to disk and booted from cd but when i double click on the OTLPE icon it asks BROWSE FOR FOLDER and the options are as follows
CHOOSE WINDOWS DIRECTORY
my computer
31/2 floppy(a)
ram disk (b)
local disk (c)
reatogo PE (x)
shared documents
FOLDER: MY COMPUTER
and its in like an apple window
when i click ok after it automatically put me on MY COMPUTER it comes up with
RUN SCANNER
NO WINDOWS INSTALLATION FOUND with just an ok button to confirm
when i click on the c drive and press ok again it comes up with
RUN SCANNER ERROR
TARGET IS NOT WINDOWS 2000 OR LATER with just an ok button to confirm
anything else i can try ??
CHOOSE WINDOWS DIRECTORY
my computer
31/2 floppy(a)
ram disk (b)
local disk (c)
reatogo PE (x)
shared documents
FOLDER: MY COMPUTER
and its in like an apple window
when i click ok after it automatically put me on MY COMPUTER it comes up with
RUN SCANNER
NO WINDOWS INSTALLATION FOUND with just an ok button to confirm
when i click on the c drive and press ok again it comes up with
RUN SCANNER ERROR
TARGET IS NOT WINDOWS 2000 OR LATER with just an ok button to confirm
anything else i can try ??
- daze71Novice
-
OS : xp
Posts : 14
Rubies : 2619
Likes : 0 -
daze71 on 8th March 2011, 10:35 am
hi there i have been playing round with the OTLPE and i pointed the scan to the windows file within the C drive but did not get the prompt to load remote registry but i got all the other prompts as you said and i have a copy of the .TXT file placed on my desktop but i cannot find the other file c:\ _OTL\ MOVEDFILES.
here is a copy the desktop file, hope this is correct.
Can you help me locate the other file as i have searched for it using the xplorer2_lite but cannot find it
OTL logfile created on: 3/8/2011 2:08:05 AM - Run
OTLPE by OldTimer - Version 3.1.45.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.74 Gb Free Space | 13.92% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet005
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/10/13 07:53:40 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/13 07:36:02 | 001,406,264 | ---- | M] (Virgin Media) [Disabled] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/09/14 09:06:50 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand] -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll -- (scan)
SRV - [2010/01/04 07:17:30 | 000,165,408 | ---- | M] (Virgin Media) [Auto] -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/01/04 07:16:30 | 000,371,920 | ---- | M] (Virgin Media) [Auto] -- C:\Program Files\Virgin Media\Security\Fws.exe -- (RP_FWS)
SRV - [2009/11/02 10:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/06/08 07:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [Disabled] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 07:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [Disabled] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2008/05/26 11:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Disabled] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2007/12/16 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/02/05 04:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 04:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/13 20:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/13 20:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/13 19:46:16 | 000,057,344 | ---- | M] () [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/04/06 11:03:28 | 000,110,592 | ---- | M] () [Disabled] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004/05/06 06:21:04 | 000,496,640 | ---- | M] () [Disabled] -- C:\WINDOWS\system32\ASWLSVC.exe -- (ASWLSVC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 8A E4 21 83 43 CB 01 [binary data]
IE - HKU\bunny_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\bunny_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\bunny_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKU\bunny_ON_C..\Run: [{AEC7D994-D065-E5EF-0607-402F9EDFD841}] C:\Documents and Settings\bunny\Application Data\Exzuy\quxou.exe ()
O4 - HKU\bunny_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\bunny_ON_C..\Run: [EPSON BX300F Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\bunny_ON_C..\Run: [FGKMiKxxbMcsY.exe] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.co.uk/SnapfishUKActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206911428_1746e6c4b56d37ba3d08446ad8b51b03&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (pdboot.exe) - C:\windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll) - C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll (ACTS)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/02 02:24:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/03/02 02:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Hard Drive
[2011/03/01 19:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Start Menu\Programs\Hard Drive
[2011/03/01 15:59:51 | 038,357,320 | ---- | C] (PC Tools ) -- C:\Documents and Settings\bunny\Desktop\8.0.0.623j-SDAFFsetup_en-RevenueWire(207).exe
[2011/03/01 13:12:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bunny\Recent
[2011/03/01 12:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Start Menu\Programs\Windows Disk
[2011/02/27 15:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Application Data\Mytu
[2011/02/27 15:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Application Data\Exzuy
[2011/02/19 04:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Desktop\pkg
[2011/02/12 06:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\AllToAVI
[2008/06/30 08:34:44 | 000,151,552 | ---- | C] ( ) -- C:\windows\rsnp2std.dll
[2008/06/30 08:34:30 | 000,077,824 | ---- | C] ( ) -- C:\windows\System32\csnp2std.dll
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/07 16:16:10 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Hard Drive.lnk
[2011/03/07 16:16:10 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Shortcut to uTorrent.lnk
[2011/03/07 16:16:10 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\bluetooth.lnk
[2011/03/07 12:04:04 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/07 11:55:01 | 000,000,236 | ---- | M] () -- C:\windows\tasks\OGALogon.job
[2011/03/07 11:54:59 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/03/02 14:59:27 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2011/03/02 02:24:08 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard Drive.lnk
[2011/03/01 22:31:43 | 000,081,191 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2011/03/01 15:59:51 | 038,357,320 | ---- | M] (PC Tools ) -- C:\Documents and Settings\bunny\Desktop\8.0.0.623j-SDAFFsetup_en-RevenueWire(207).exe
[2011/03/01 15:39:21 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Shortcut to iExplore.lnk
[2011/03/01 15:34:40 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\shell.reg
[2011/03/01 14:03:21 | 000,693,448 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/03/01 13:20:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Windows Disk.lnk
[2011/02/28 17:16:42 | 003,527,664 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\3010-0006 HDS - AVPM.zip
[2011/02/28 16:59:23 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2011/02/28 15:27:44 | 000,017,955 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\GuySmiley.jpg
[2011/02/27 15:02:35 | 000,037,680 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\4.jpg
[2011/02/27 14:50:56 | 000,006,003 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\3rd.jpg
[2011/02/25 14:42:44 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/22 15:33:48 | 000,092,014 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\all the girls.jpg
[2011/02/21 18:38:23 | 000,531,932 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/02/21 18:38:23 | 000,092,036 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/02/20 07:32:20 | 001,630,680 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Big Carp Bait Secrets[1].pdf
[2011/02/14 14:49:31 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\bunny\default.pls
[2011/02/13 09:58:01 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Virgin Media - Broadband, digital TV, phone & mobile phone plus broadband.url
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/02 02:24:08 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard Drive.lnk
[2011/03/01 19:38:45 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Hard Drive.lnk
[2011/03/01 15:39:21 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Shortcut to iExplore.lnk
[2011/03/01 15:39:21 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\shell.reg
[2011/03/01 14:02:35 | 000,693,448 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/03/01 13:20:11 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Windows Disk.lnk
[2011/02/28 17:16:39 | 003,527,664 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\3010-0006 HDS - AVPM.zip
[2011/02/28 15:28:02 | 000,017,955 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\GuySmiley.jpg
[2011/02/27 15:06:39 | 000,037,680 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\4.jpg
[2011/02/27 14:51:03 | 000,006,003 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\3rd.jpg
[2011/02/22 15:33:33 | 000,092,014 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\all the girls.jpg
[2011/02/20 07:32:19 | 001,630,680 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Big Carp Bait Secrets[1].pdf
[2011/02/17 15:56:35 | 003,079,067 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\P9131236.JPG
[2011/02/17 15:49:46 | 003,621,544 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\DSC00071.JPG
[2011/02/12 20:33:12 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Virgin Media - Broadband, digital TV, phone & mobile phone plus broadband.url
[2011/02/12 09:32:54 | 000,494,696 | ---- | C] () -- C:\Documents and Settings\bunny\My Documents\P3HUB2 Firmware1.71.mHex
[2010/12/06 08:58:56 | 002,496,715 | ---- | C] () -- C:\windows\System32\abgx360.exe
[2010/12/04 09:20:58 | 000,000,129 | ---- | C] () -- C:\windows\POSTER.INI
[2010/08/02 23:18:00 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2010/08/01 05:18:29 | 000,250,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/31 04:05:53 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2010/06/29 15:08:22 | 000,000,332 | ---- | C] () -- C:\windows\desctemp.dat
[2010/04/05 19:58:37 | 000,012,188 | -HS- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\K6sEH5Ir2Is
[2010/04/05 14:11:58 | 000,012,594 | -HS- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\GbW53PfLB
[2010/03/22 17:52:36 | 000,011,384 | -HS- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\Mh3jm32txN
[2010/02/05 18:51:56 | 000,013,304 | ---- | C] () -- C:\windows\System32\drivers\BTNetFilter.sys
[2010/02/05 18:51:56 | 000,011,860 | ---- | C] () -- C:\windows\System32\drivers\vbtenum.sys
[2010/02/01 18:05:46 | 000,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll
[2009/12/17 18:37:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/08 13:44:24 | 051,699,232 | -HS- | C] () -- C:\windows\System32\drivers\fidbox.dat
[2009/11/08 13:44:06 | 000,718,880 | -HS- | C] () -- C:\windows\System32\drivers\fidbox2.dat
[2009/10/21 08:20:08 | 000,005,504 | ---- | C] () -- C:\windows\System32\drivers\StarOpen_x86.sys
[2009/08/08 11:31:57 | 000,532,480 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Sony.dll
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/03/29 17:01:18 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2009/03/29 17:01:17 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2009/03/29 17:01:17 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2009/03/29 17:01:17 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2009/03/29 17:01:17 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2009/03/29 17:01:17 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2009/03/29 17:01:17 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2009/03/29 17:01:17 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2009/03/29 17:01:17 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2009/03/29 17:01:17 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2009/03/29 17:01:17 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2009/03/29 17:01:17 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2009/03/29 17:01:17 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2009/03/29 17:01:17 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2009/03/29 17:01:17 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2009/03/29 17:01:17 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2009/03/29 17:01:17 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2009/03/29 17:01:17 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2009/03/29 17:01:17 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2009/03/29 16:55:23 | 000,000,025 | ---- | C] () -- C:\windows\CDEBX300DEFGIPS.ini
[2008/07/15 11:16:08 | 000,000,036 | ---- | C] () -- C:\windows\marscam.ini
[2008/06/30 08:34:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2std.ini
[2008/06/30 08:34:48 | 000,024,832 | ---- | C] () -- C:\windows\System32\drivers\sncamd.sys
[2008/06/30 08:34:46 | 012,006,784 | ---- | C] () -- C:\windows\System32\drivers\snp2sxp.sys
[2008/04/09 16:01:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\bunny\default.pls
[2008/04/08 13:52:04 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/04/05 12:26:35 | 000,208,384 | ---- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/01 10:54:41 | 000,021,265 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2008/03/31 12:08:08 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/03/30 15:25:46 | 000,516,096 | ---- | C] () -- C:\windows\System32\ASWL2K.exe
[2008/03/30 15:25:46 | 000,496,640 | ---- | C] () -- C:\windows\System32\ASWLSVC.exe
[2008/03/30 15:25:46 | 000,159,827 | ---- | C] () -- C:\windows\System32\RemSvc.exe
[2006/08/23 20:03:02 | 000,442,368 | ---- | C] () -- C:\windows\System32\nvappbar.exe
[2006/08/23 20:03:02 | 000,196,608 | ---- | C] () -- C:\windows\System32\nvapi.dll
[2006/08/23 20:03:00 | 001,519,616 | ---- | C] () -- C:\windows\System32\nwiz.exe
[2006/08/23 20:03:00 | 000,425,984 | ---- | C] () -- C:\windows\System32\keystone.exe
[2006/08/23 20:02:58 | 001,662,976 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2006/08/23 20:02:58 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2006/08/23 20:02:58 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2006/08/23 20:02:58 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2006/08/23 20:02:56 | 001,470,464 | ---- | C] () -- C:\windows\System32\nview.dll
[2006/08/23 20:02:56 | 001,339,392 | ---- | C] () -- C:\windows\System32\nvdspsch.exe
[2006/08/23 20:02:56 | 000,581,632 | ---- | C] () -- C:\windows\System32\nvhwvid.dll
[2006/08/03 17:07:27 | 000,000,070 | ---- | C] () -- C:\windows\798F9493.ini
[2006/08/03 16:35:42 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2006/08/03 16:32:53 | 000,663,552 | ---- | C] () -- C:\windows\System32\libeay32_1-1-0_DDR.dll
[2006/08/03 16:32:53 | 000,532,594 | ---- | C] () -- C:\windows\System32\xerces-c_1_40_0_DDR.dll
[2006/08/03 16:32:53 | 000,524,377 | ---- | C] () -- C:\windows\System32\stlport_4_0_0_DDR.dll
[2006/08/03 16:32:53 | 000,307,329 | ---- | C] () -- C:\windows\System32\BJBase_2-2-2_DDR.dll
[2006/08/03 16:32:53 | 000,159,744 | ---- | C] () -- C:\windows\System32\ssleay32_1-1-0_DDR.dll
[2006/08/03 16:26:42 | 000,024,576 | R--- | C] () -- C:\windows\System32\AsIO.dll
[2006/08/03 16:26:42 | 000,005,685 | R--- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2006/08/03 16:26:40 | 000,005,120 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp64.sys
[2006/08/03 16:26:40 | 000,003,328 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp32.sys
[2006/08/03 16:25:30 | 000,063,232 | R--- | C] () -- C:\windows\System32\drivers\mv614x.sys
[2006/08/03 16:21:26 | 000,143,360 | R--- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2006/08/03 16:21:26 | 000,049,152 | R--- | C] () -- C:\windows\System32\ChCfg.exe
[2006/08/03 16:17:48 | 000,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2006/08/03 16:17:31 | 000,005,824 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2004/08/03 16:59:54 | 000,062,976 | ---- | C] () -- C:\windows\System32\drivers\cdrom.sys
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2003/07/29 10:03:48 | 000,073,728 | ---- | C] () -- C:\windows\System32\btsendto_ie.dll
[2003/07/29 10:02:50 | 000,065,536 | ---- | C] () -- C:\windows\System32\btsendto_wab.dll
[2003/07/29 09:56:42 | 000,065,536 | ---- | C] () -- C:\windows\System32\btprn2k.dll
[2003/07/01 06:29:10 | 000,022,183 | ---- | C] () -- C:\windows\System32\drivers\btserial.sys
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2002/01/01 12:19:20 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2002/01/01 12:12:16 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2002/01/01 11:43:31 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2002/01/01 11:41:41 | 000,196,160 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2001/08/23 07:00:00 | 000,531,932 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2001/08/23 07:00:00 | 000,092,036 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
========== LOP Check ==========
[2010/09/04 14:34:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Radialpoint
[2011/01/22 11:36:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Virgin Media
[2010/08/03 16:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Izta
[2010/08/03 14:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yrinfo
[2011/02/07 14:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Affinegy
[2011/01/14 16:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Azureus
[2010/08/28 03:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\CBL-Electronics
[2008/09/23 19:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/29 05:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Datel
[2010/12/26 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\DriverCure
[2009/05/19 21:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\EPSON
[2011/02/27 15:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Exzuy
[2008/12/09 19:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\ImgBurn
[2009/12/18 16:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\ImTOO Software Studio
[2011/03/01 13:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Inoqm
[2011/03/01 13:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Mytu
[2010/01/22 17:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\NCH Swift Sound
[2011/02/28 17:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Ofyqim
[2008/10/15 10:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\ooVoo Details
[2010/08/28 05:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Radialpoint
[2008/07/08 15:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Snapfish
[2008/07/21 20:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\TomTom
[2011/03/01 16:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\uTorrent
[2011/01/22 11:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Virgin Media
[2010/01/22 17:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\WinFF
[2011/03/07 11:55:01 | 000,000,236 | ---- | M] () -- C:\windows\Tasks\OGALogon.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2009/11/29 10:04:40 | 000,000,040 | ---- | M] ()(C:\windows\System32\????????????????????????????????????g) -- C:\windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/11/08 13:40:37 | 000,000,040 | ---- | C] ()(C:\windows\System32\????????????????????????????????????g) -- C:\windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
< End of report >
here is a copy the desktop file, hope this is correct.
Can you help me locate the other file as i have searched for it using the xplorer2_lite but cannot find it
OTL logfile created on: 3/8/2011 2:08:05 AM - Run
OTLPE by OldTimer - Version 3.1.45.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.74 Gb Free Space | 13.92% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet005
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/10/13 07:53:40 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/13 07:36:02 | 001,406,264 | ---- | M] (Virgin Media) [Disabled] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/09/14 09:06:50 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand] -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll -- (scan)
SRV - [2010/01/04 07:17:30 | 000,165,408 | ---- | M] (Virgin Media) [Auto] -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/01/04 07:16:30 | 000,371,920 | ---- | M] (Virgin Media) [Auto] -- C:\Program Files\Virgin Media\Security\Fws.exe -- (RP_FWS)
SRV - [2009/11/02 10:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/06/08 07:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [Disabled] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 07:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [Disabled] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2008/05/26 11:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Disabled] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2007/12/16 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/02/05 04:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 04:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/13 20:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/13 20:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/13 19:46:16 | 000,057,344 | ---- | M] () [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/04/06 11:03:28 | 000,110,592 | ---- | M] () [Disabled] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004/05/06 06:21:04 | 000,496,640 | ---- | M] () [Disabled] -- C:\WINDOWS\system32\ASWLSVC.exe -- (ASWLSVC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 8A E4 21 83 43 CB 01 [binary data]
IE - HKU\bunny_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\bunny_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\bunny_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKU\bunny_ON_C..\Run: [{AEC7D994-D065-E5EF-0607-402F9EDFD841}] C:\Documents and Settings\bunny\Application Data\Exzuy\quxou.exe ()
O4 - HKU\bunny_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\bunny_ON_C..\Run: [EPSON BX300F Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\bunny_ON_C..\Run: [FGKMiKxxbMcsY.exe] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.co.uk/SnapfishUKActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206911428_1746e6c4b56d37ba3d08446ad8b51b03&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (pdboot.exe) - C:\windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll) - C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll (ACTS)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/02 02:24:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/03/02 02:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Hard Drive
[2011/03/01 19:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Start Menu\Programs\Hard Drive
[2011/03/01 15:59:51 | 038,357,320 | ---- | C] (PC Tools ) -- C:\Documents and Settings\bunny\Desktop\8.0.0.623j-SDAFFsetup_en-RevenueWire(207).exe
[2011/03/01 13:12:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bunny\Recent
[2011/03/01 12:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Start Menu\Programs\Windows Disk
[2011/02/27 15:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Application Data\Mytu
[2011/02/27 15:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Application Data\Exzuy
[2011/02/19 04:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Desktop\pkg
[2011/02/12 06:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\AllToAVI
[2008/06/30 08:34:44 | 000,151,552 | ---- | C] ( ) -- C:\windows\rsnp2std.dll
[2008/06/30 08:34:30 | 000,077,824 | ---- | C] ( ) -- C:\windows\System32\csnp2std.dll
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/07 16:16:10 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Hard Drive.lnk
[2011/03/07 16:16:10 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Shortcut to uTorrent.lnk
[2011/03/07 16:16:10 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\bluetooth.lnk
[2011/03/07 12:04:04 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/07 11:55:01 | 000,000,236 | ---- | M] () -- C:\windows\tasks\OGALogon.job
[2011/03/07 11:54:59 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/03/02 14:59:27 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2011/03/02 02:24:08 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard Drive.lnk
[2011/03/01 22:31:43 | 000,081,191 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2011/03/01 15:59:51 | 038,357,320 | ---- | M] (PC Tools ) -- C:\Documents and Settings\bunny\Desktop\8.0.0.623j-SDAFFsetup_en-RevenueWire(207).exe
[2011/03/01 15:39:21 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Shortcut to iExplore.lnk
[2011/03/01 15:34:40 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\shell.reg
[2011/03/01 14:03:21 | 000,693,448 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/03/01 13:20:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Windows Disk.lnk
[2011/02/28 17:16:42 | 003,527,664 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\3010-0006 HDS - AVPM.zip
[2011/02/28 16:59:23 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2011/02/28 15:27:44 | 000,017,955 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\GuySmiley.jpg
[2011/02/27 15:02:35 | 000,037,680 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\4.jpg
[2011/02/27 14:50:56 | 000,006,003 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\3rd.jpg
[2011/02/25 14:42:44 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/22 15:33:48 | 000,092,014 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\all the girls.jpg
[2011/02/21 18:38:23 | 000,531,932 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/02/21 18:38:23 | 000,092,036 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/02/20 07:32:20 | 001,630,680 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Big Carp Bait Secrets[1].pdf
[2011/02/14 14:49:31 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\bunny\default.pls
[2011/02/13 09:58:01 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Virgin Media - Broadband, digital TV, phone & mobile phone plus broadband.url
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/02 02:24:08 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard Drive.lnk
[2011/03/01 19:38:45 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Hard Drive.lnk
[2011/03/01 15:39:21 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Shortcut to iExplore.lnk
[2011/03/01 15:39:21 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\shell.reg
[2011/03/01 14:02:35 | 000,693,448 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/03/01 13:20:11 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Windows Disk.lnk
[2011/02/28 17:16:39 | 003,527,664 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\3010-0006 HDS - AVPM.zip
[2011/02/28 15:28:02 | 000,017,955 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\GuySmiley.jpg
[2011/02/27 15:06:39 | 000,037,680 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\4.jpg
[2011/02/27 14:51:03 | 000,006,003 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\3rd.jpg
[2011/02/22 15:33:33 | 000,092,014 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\all the girls.jpg
[2011/02/20 07:32:19 | 001,630,680 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Big Carp Bait Secrets[1].pdf
[2011/02/17 15:56:35 | 003,079,067 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\P9131236.JPG
[2011/02/17 15:49:46 | 003,621,544 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\DSC00071.JPG
[2011/02/12 20:33:12 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Virgin Media - Broadband, digital TV, phone & mobile phone plus broadband.url
[2011/02/12 09:32:54 | 000,494,696 | ---- | C] () -- C:\Documents and Settings\bunny\My Documents\P3HUB2 Firmware1.71.mHex
[2010/12/06 08:58:56 | 002,496,715 | ---- | C] () -- C:\windows\System32\abgx360.exe
[2010/12/04 09:20:58 | 000,000,129 | ---- | C] () -- C:\windows\POSTER.INI
[2010/08/02 23:18:00 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2010/08/01 05:18:29 | 000,250,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/31 04:05:53 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2010/06/29 15:08:22 | 000,000,332 | ---- | C] () -- C:\windows\desctemp.dat
[2010/04/05 19:58:37 | 000,012,188 | -HS- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\K6sEH5Ir2Is
[2010/04/05 14:11:58 | 000,012,594 | -HS- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\GbW53PfLB
[2010/03/22 17:52:36 | 000,011,384 | -HS- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\Mh3jm32txN
[2010/02/05 18:51:56 | 000,013,304 | ---- | C] () -- C:\windows\System32\drivers\BTNetFilter.sys
[2010/02/05 18:51:56 | 000,011,860 | ---- | C] () -- C:\windows\System32\drivers\vbtenum.sys
[2010/02/01 18:05:46 | 000,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll
[2009/12/17 18:37:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/08 13:44:24 | 051,699,232 | -HS- | C] () -- C:\windows\System32\drivers\fidbox.dat
[2009/11/08 13:44:06 | 000,718,880 | -HS- | C] () -- C:\windows\System32\drivers\fidbox2.dat
[2009/10/21 08:20:08 | 000,005,504 | ---- | C] () -- C:\windows\System32\drivers\StarOpen_x86.sys
[2009/08/08 11:31:57 | 000,532,480 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Sony.dll
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/03/29 17:01:18 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2009/03/29 17:01:17 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2009/03/29 17:01:17 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2009/03/29 17:01:17 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2009/03/29 17:01:17 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2009/03/29 17:01:17 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2009/03/29 17:01:17 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2009/03/29 17:01:17 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2009/03/29 17:01:17 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2009/03/29 17:01:17 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2009/03/29 17:01:17 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2009/03/29 17:01:17 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2009/03/29 17:01:17 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2009/03/29 17:01:17 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2009/03/29 17:01:17 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2009/03/29 17:01:17 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2009/03/29 17:01:17 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2009/03/29 17:01:17 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2009/03/29 17:01:17 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2009/03/29 16:55:23 | 000,000,025 | ---- | C] () -- C:\windows\CDEBX300DEFGIPS.ini
[2008/07/15 11:16:08 | 000,000,036 | ---- | C] () -- C:\windows\marscam.ini
[2008/06/30 08:34:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2std.ini
[2008/06/30 08:34:48 | 000,024,832 | ---- | C] () -- C:\windows\System32\drivers\sncamd.sys
[2008/06/30 08:34:46 | 012,006,784 | ---- | C] () -- C:\windows\System32\drivers\snp2sxp.sys
[2008/04/09 16:01:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\bunny\default.pls
[2008/04/08 13:52:04 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/04/05 12:26:35 | 000,208,384 | ---- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/01 10:54:41 | 000,021,265 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2008/03/31 12:08:08 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/03/30 15:25:46 | 000,516,096 | ---- | C] () -- C:\windows\System32\ASWL2K.exe
[2008/03/30 15:25:46 | 000,496,640 | ---- | C] () -- C:\windows\System32\ASWLSVC.exe
[2008/03/30 15:25:46 | 000,159,827 | ---- | C] () -- C:\windows\System32\RemSvc.exe
[2006/08/23 20:03:02 | 000,442,368 | ---- | C] () -- C:\windows\System32\nvappbar.exe
[2006/08/23 20:03:02 | 000,196,608 | ---- | C] () -- C:\windows\System32\nvapi.dll
[2006/08/23 20:03:00 | 001,519,616 | ---- | C] () -- C:\windows\System32\nwiz.exe
[2006/08/23 20:03:00 | 000,425,984 | ---- | C] () -- C:\windows\System32\keystone.exe
[2006/08/23 20:02:58 | 001,662,976 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2006/08/23 20:02:58 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2006/08/23 20:02:58 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2006/08/23 20:02:58 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2006/08/23 20:02:56 | 001,470,464 | ---- | C] () -- C:\windows\System32\nview.dll
[2006/08/23 20:02:56 | 001,339,392 | ---- | C] () -- C:\windows\System32\nvdspsch.exe
[2006/08/23 20:02:56 | 000,581,632 | ---- | C] () -- C:\windows\System32\nvhwvid.dll
[2006/08/03 17:07:27 | 000,000,070 | ---- | C] () -- C:\windows\798F9493.ini
[2006/08/03 16:35:42 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2006/08/03 16:32:53 | 000,663,552 | ---- | C] () -- C:\windows\System32\libeay32_1-1-0_DDR.dll
[2006/08/03 16:32:53 | 000,532,594 | ---- | C] () -- C:\windows\System32\xerces-c_1_40_0_DDR.dll
[2006/08/03 16:32:53 | 000,524,377 | ---- | C] () -- C:\windows\System32\stlport_4_0_0_DDR.dll
[2006/08/03 16:32:53 | 000,307,329 | ---- | C] () -- C:\windows\System32\BJBase_2-2-2_DDR.dll
[2006/08/03 16:32:53 | 000,159,744 | ---- | C] () -- C:\windows\System32\ssleay32_1-1-0_DDR.dll
[2006/08/03 16:26:42 | 000,024,576 | R--- | C] () -- C:\windows\System32\AsIO.dll
[2006/08/03 16:26:42 | 000,005,685 | R--- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2006/08/03 16:26:40 | 000,005,120 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp64.sys
[2006/08/03 16:26:40 | 000,003,328 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp32.sys
[2006/08/03 16:25:30 | 000,063,232 | R--- | C] () -- C:\windows\System32\drivers\mv614x.sys
[2006/08/03 16:21:26 | 000,143,360 | R--- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2006/08/03 16:21:26 | 000,049,152 | R--- | C] () -- C:\windows\System32\ChCfg.exe
[2006/08/03 16:17:48 | 000,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2006/08/03 16:17:31 | 000,005,824 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2004/08/03 16:59:54 | 000,062,976 | ---- | C] () -- C:\windows\System32\drivers\cdrom.sys
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2003/07/29 10:03:48 | 000,073,728 | ---- | C] () -- C:\windows\System32\btsendto_ie.dll
[2003/07/29 10:02:50 | 000,065,536 | ---- | C] () -- C:\windows\System32\btsendto_wab.dll
[2003/07/29 09:56:42 | 000,065,536 | ---- | C] () -- C:\windows\System32\btprn2k.dll
[2003/07/01 06:29:10 | 000,022,183 | ---- | C] () -- C:\windows\System32\drivers\btserial.sys
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2002/01/01 12:19:20 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2002/01/01 12:12:16 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2002/01/01 11:43:31 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2002/01/01 11:41:41 | 000,196,160 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2001/08/23 07:00:00 | 000,531,932 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2001/08/23 07:00:00 | 000,092,036 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
========== LOP Check ==========
[2010/09/04 14:34:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Radialpoint
[2011/01/22 11:36:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Virgin Media
[2010/08/03 16:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Izta
[2010/08/03 14:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yrinfo
[2011/02/07 14:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Affinegy
[2011/01/14 16:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Azureus
[2010/08/28 03:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\CBL-Electronics
[2008/09/23 19:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/29 05:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Datel
[2010/12/26 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\DriverCure
[2009/05/19 21:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\EPSON
[2011/02/27 15:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Exzuy
[2008/12/09 19:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\ImgBurn
[2009/12/18 16:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\ImTOO Software Studio
[2011/03/01 13:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Inoqm
[2011/03/01 13:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Mytu
[2010/01/22 17:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\NCH Swift Sound
[2011/02/28 17:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Ofyqim
[2008/10/15 10:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\ooVoo Details
[2010/08/28 05:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Radialpoint
[2008/07/08 15:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Snapfish
[2008/07/21 20:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\TomTom
[2011/03/01 16:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\uTorrent
[2011/01/22 11:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Virgin Media
[2010/01/22 17:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\WinFF
[2011/03/07 11:55:01 | 000,000,236 | ---- | M] () -- C:\windows\Tasks\OGALogon.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2009/11/29 10:04:40 | 000,000,040 | ---- | M] ()(C:\windows\System32\????????????????????????????????????g) -- C:\windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/11/08 13:40:37 | 000,000,040 | ---- | C] ()(C:\windows\System32\????????????????????????????????????g) -- C:\windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
< End of report >
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218033
Likes : 18 -
Belahzur on 9th March 2011, 12:19 am
Hello.
Please run OTL.exe.
Please run OTL.exe.
- Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
IE - HKU\bunny_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\bunny_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKU\bunny_ON_C..\Run: [{AEC7D994-D065-E5EF-0607-402F9EDFD841}] C:\Documents and Settings\bunny\Application Data\Exzuy\quxou.exe ()
O4 - HKU\bunny_ON_C..\Run: [FGKMiKxxbMcsY.exe] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll) - C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll (ACTS)
[2011/03/02 02:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Hard Drive
[2011/03/01 19:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Start Menu\Programs\Hard Drive
[2011/03/01 12:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Start Menu\Programs\Windows Disk
[2011/02/27 15:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Application Data\Mytu
[2011/02/27 15:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Application Data\Exzuy - Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
- Click the red Run Fix button.
- A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTL.exe
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- daze71Novice
-
OS : xp
Posts : 14
Rubies : 2619
Likes : 0 -
daze71 on 9th March 2011, 11:46 am
followed your instructions and here you go
========== OTL ==========
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\{AEC7D994-D065-E5EF-0607-402F9EDFD841} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEC7D994-D065-E5EF-0607-402F9EDFD841}\ not found.
C:\Documents and Settings\bunny\Application Data\Exzuy\quxou.exe moved successfully.
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\FGKMiKxxbMcsY.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Session Manager\AppCertDlls\\AppSecDll:C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Hard Drive folder moved successfully.
C:\Documents and Settings\bunny\Start Menu\Programs\Hard Drive folder moved successfully.
C:\Documents and Settings\bunny\Start Menu\Programs\Windows Disk folder moved successfully.
C:\Documents and Settings\bunny\Application Data\Mytu folder moved successfully.
C:\Documents and Settings\bunny\Application Data\Exzuy folder moved successfully.
OTLPE by OldTimer - Version 3.1.45.0 log created on 03092011_114043
i hope this helps you out ! And again many thanks for the assistance
========== OTL ==========
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\{AEC7D994-D065-E5EF-0607-402F9EDFD841} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEC7D994-D065-E5EF-0607-402F9EDFD841}\ not found.
C:\Documents and Settings\bunny\Application Data\Exzuy\quxou.exe moved successfully.
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\FGKMiKxxbMcsY.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Session Manager\AppCertDlls\\AppSecDll:C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Hard Drive folder moved successfully.
C:\Documents and Settings\bunny\Start Menu\Programs\Hard Drive folder moved successfully.
C:\Documents and Settings\bunny\Start Menu\Programs\Windows Disk folder moved successfully.
C:\Documents and Settings\bunny\Application Data\Mytu folder moved successfully.
C:\Documents and Settings\bunny\Application Data\Exzuy folder moved successfully.
OTLPE by OldTimer - Version 3.1.45.0 log created on 03092011_114043
i hope this helps you out ! And again many thanks for the assistance
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218033
Likes : 18 -
Belahzur on 10th March 2011, 12:37 am
Okay, now boot into normal mode in Windows, see if it will boot properly now.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- daze71Novice
-
OS : xp
Posts : 14
Rubies : 2619
Likes : 0 -
daze71 on 10th March 2011, 2:32 am
so far so good i can boot up normally with my usual account profile and also i can boot into safe mode with the administrator account profile and also safe mode with networking with my administrator account.
however it seems that my desktop picture is of the spoof safe mode when i boot up normally and unable to change it but i suppose this is due to you having made me run a command of some sort?
i also have 2 icons of virus on my desktop of disk manager and hard drive when logging in as normal
but when i log into safe mode using administrator account i only have the harddrive icon
i presume because i semi removed the disk manager virus just prior to all this
what would be the next course of action to completely remove these 2 ?
again many thanks for the assistance
however it seems that my desktop picture is of the spoof safe mode when i boot up normally and unable to change it but i suppose this is due to you having made me run a command of some sort?
i also have 2 icons of virus on my desktop of disk manager and hard drive when logging in as normal
but when i log into safe mode using administrator account i only have the harddrive icon
i presume because i semi removed the disk manager virus just prior to all this
what would be the next course of action to completely remove these 2 ?
again many thanks for the assistance
Page 1 of 3 • 1, 2, 3
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 3
Permissions in this forum:
You can reply to topics in this forum
