Warning you're computer is infected with spyware.... Please help

View previous topic View next topic Go down

Warning you're computer is infected with spyware.... Please help

Post by Ballybritish on Thu 10 Mar 2011, 8:37 am

I get a warning across my screen sawing that my computer is infected with spyware. Please help with removing this. Thanks
I ran olt.exe (in safe mode) and attached please find the log files
OTL logfile created on: 09/03/2011 21:26:40 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = H:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 542.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): H:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive D: | 1.89 Gb Total Space | 1.48 Gb Free Space | 78.27% Space Free | Partition Type: FAT32
Drive H: | 149.04 Gb Total Space | 122.44 Gb Free Space | 82.15% Space Free | Partition Type: NTFS

Computer Name: ASUS-C5EB048F73 | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/09 20:46:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/09 20:46:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- H:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- H:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- H:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/27 13:39:04 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/03/05 09:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Stopped] -- H:\WINDOWS\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
SRV - [2006/11/09 23:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- H:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- H:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/30 06:24:58 | 000,057,344 | ---- | M] ( ) [Auto | Stopped] -- H:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/11/17 13:01:18 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- H:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/09/10 12:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 16:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2008/11/04 08:52:38 | 000,114,472 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008/11/04 08:52:38 | 000,108,328 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008/11/04 08:52:38 | 000,086,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/11/04 08:52:38 | 000,015,016 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/11/04 08:52:36 | 000,109,736 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008/11/04 08:52:36 | 000,104,616 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2005/11/22 06:44:22 | 003,804,416 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/06/28 10:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/03/30 08:24:00 | 000,230,400 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/09/30 06:24:58 | 001,395,376 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/09/30 06:24:58 | 000,653,600 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/09/30 06:24:58 | 000,100,240 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/09/30 06:24:58 | 000,014,520 | ---- | M] ( ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/09/30 06:24:58 | 000,013,216 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/09/30 06:24:56 | 000,229,720 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: H:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 19:34:21 | 000,000,000 | ---D | M]

[2009/12/15 22:35:09 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/12/15 22:35:09 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/02/28 12:00:00 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [REGSHAVE] H:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SoundMan] H:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] H:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [nLfGpBa06521] H:\Documents and Settings\All Users\Application Data\nLfGpBa06521\nLfGpBa06521.exe ()
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = H:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = H:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit UK)
O4 - Startup: H:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk = H:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: H:\Documents and Settings\User\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = H:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: H:\Documents and Settings\User\Start Menu\Programs\Startup\Office Startup.lnk = H:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Google Sidewiki... - H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.202.127.200 88.202.127.201
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (H:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - H:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: H:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0791270e-d202-11df-b7d3-0017317350fd}\Shell - "" = AutoRun
O33 - MountPoints2\{0791270e-d202-11df-b7d3-0017317350fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0791270e-d202-11df-b7d3-0017317350fd}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{141f4d5c-0483-11e0-b860-0017317350fd}\Shell - "" = AutoRun
O33 - MountPoints2\{141f4d5c-0483-11e0-b860-0017317350fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{141f4d5c-0483-11e0-b860-0017317350fd}\Shell\AutoRun\command - "" = J:\LGAutoRun.exe
O33 - MountPoints2\{76de6068-43dd-11e0-b965-0017317350fd}\Shell - "" = AutoRun
O33 - MountPoints2\{76de6068-43dd-11e0-b965-0017317350fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76de6068-43dd-11e0-b965-0017317350fd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{c2b5ba1e-5389-11df-b6eb-0017317350fd}\Shell - "" = AutoRun
O33 - MountPoints2\{c2b5ba1e-5389-11df-b6eb-0017317350fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2b5ba1e-5389-11df-b6eb-0017317350fd}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - H:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - H:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: AVG Antivirus 2011 - hkey= - key= - H:\Program Files\AVG Antivirus 2011\avg.exe (ComponentOne LLC)
MsConfig - StartUpReg: InputSet - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - H:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - H:\WINDOWS\system32\Rundll32.exe H:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - H:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - H:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - H:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - H:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - H:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - H:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - H:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - H:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - H:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - H:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - H:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - H:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - H:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - H:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/03/09 20:46:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\User\Desktop\OTL.exe
[2011/03/09 20:17:18 | 000,000,000 | ---D | C] -- H:\WINDOWS\pss
[2011/03/05 21:33:02 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\nLfGpBa06521
[2011/03/01 13:29:00 | 000,000,000 | ---D | C] -- H:\Documents and Settings\User\Application Data\U3
[2011/02/26 18:49:05 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/02/10 13:26:25 | 000,000,000 | ---D | C] -- H:\Bank Recs
[2011/01/06 04:44:59 | 000,381,440 | ---- | C] (PCHDD) -- H:\Documents and Settings\All Users\Application Data\nETmBvhgfFfSw.exe
[2011/01/06 04:44:47 | 000,423,424 | ---- | C] (INet) -- H:\Documents and Settings\All Users\Application Data\GnGHPNcKObIR.dll
[2007/01/29 11:53:26 | 000,014,976 | ---- | C] ( ) -- H:\WINDOWS\System32\drivers\winddx.sys
[2007/01/29 11:49:26 | 000,013,216 | ---- | C] ( ) -- H:\WINDOWS\System32\drivers\slwdmsup.sys
[2007/01/29 11:49:25 | 001,395,376 | ---- | C] ( ) -- H:\WINDOWS\System32\drivers\mtlstrm.sys
[2007/01/29 11:49:25 | 000,653,600 | ---- | C] ( ) -- H:\WINDOWS\System32\drivers\slntamr.sys
[2007/01/29 11:49:25 | 000,229,720 | ---- | C] ( ) -- H:\WINDOWS\System32\drivers\mtlmnt5.sys
[2007/01/29 11:49:25 | 000,100,240 | ---- | C] ( ) -- H:\WINDOWS\System32\drivers\slnthal.sys
[2007/01/29 11:49:25 | 000,014,520 | ---- | C] ( ) -- H:\WINDOWS\System32\drivers\RecAgent.sys
[2007/01/29 11:49:24 | 000,057,344 | ---- | C] ( ) -- H:\WINDOWS\System32\slserv.exe
[5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/09 20:46:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\User\Desktop\OTL.exe
[2011/03/09 20:32:19 | 001,006,747 | ---- | M] () -- H:\Documents and Settings\User\Desktop\rkill.exe
[2011/03/09 19:56:06 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2011/03/09 19:53:06 | 000,000,420 | -H-- | M] () -- H:\WINDOWS\tasks\User_Feed_Synchronization-{4DA55123-34AA-4845-BA13-0632A797E5AF}.job
[2011/03/09 19:52:41 | 000,000,882 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/09 19:06:03 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2011/03/07 18:56:00 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/05 21:33:55 | 000,000,098 | ---- | M] () -- H:\Documents and Settings\User\My Documents\setup
[2011/03/05 21:21:04 | 002,387,968 | -H-- | M] () -- H:\ffastun0.ffx
[2011/03/05 21:21:04 | 000,671,744 | -H-- | M] () -- H:\ffastun.ffl
[2011/03/05 21:21:04 | 000,237,568 | -H-- | M] () -- H:\ffastun.ffo
[2011/03/05 21:21:04 | 000,005,248 | -H-- | M] () -- H:\ffastun.ffa
[2011/03/02 15:50:01 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/28 18:21:54 | 000,000,069 | ---- | M] () -- H:\WINDOWS\NeroDigital.ini
[2011/02/25 14:44:35 | 000,270,698 | ---- | M] () -- H:\M & S Construction payroll backup 11.zip
[2011/02/24 22:33:53 | 000,006,084 | ---- | M] () -- H:\Documents and Settings\User\Application Data\wklnhst.dat
[2011/02/15 13:19:42 | 000,036,352 | ---- | M] () -- H:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 10:00:42 | 000,001,729 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/10 20:06:10 | 000,241,536 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 19:45:28 | 000,001,374 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2011/02/09 22:28:20 | 000,002,523 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 9.lnk
[2011/02/09 19:45:06 | 000,048,236 | -H-- | M] () -- H:\WINDOWS\System32\mlfcache.dat
[5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/09 20:32:11 | 001,006,747 | ---- | C] () -- H:\Documents and Settings\User\Desktop\rkill.exe
[2011/03/05 21:33:55 | 000,000,098 | ---- | C] () -- H:\Documents and Settings\User\My Documents\setup
[2011/02/09 19:45:06 | 000,048,236 | -H-- | C] () -- H:\WINDOWS\System32\mlfcache.dat
[2011/01/11 13:16:53 | 000,007,409 | ---- | C] () -- H:\WINDOWS\extend.dat
[2010/04/29 12:23:18 | 000,071,262 | ---- | C] () -- H:\WINDOWS\Huawei ModemsUninstall.exe
[2010/04/29 12:23:15 | 000,010,240 | ---- | C] () -- H:\WINDOWS\System32\drivers\mdvrmng.sys
[2009/02/13 20:30:50 | 000,000,072 | ---- | C] () -- H:\WINDOWS\JascCmdFile.INI
[2009/02/04 22:45:26 | 000,036,352 | ---- | C] () -- H:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/10 13:25:54 | 000,000,027 | ---- | C] () -- H:\WINDOWS\CDE DX4400DEFGIPS.ini
[2008/04/16 15:14:18 | 000,000,069 | ---- | C] () -- H:\WINDOWS\NeroDigital.ini
[2008/03/20 17:28:33 | 000,000,022 | ---- | C] () -- H:\WINDOWS\exchng.ini
[2008/03/20 17:25:30 | 000,000,611 | ---- | C] () -- H:\WINDOWS\ODBC.INI
[2008/01/04 21:04:12 | 000,000,127 | ---- | C] () -- H:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2007/12/18 14:49:13 | 001,239,436 | ---- | C] () -- H:\Program Files\minivigor128_32bit_V2.6.zip
[2007/11/26 11:38:00 | 000,000,227 | ---- | C] () -- H:\WINDOWS\RtlRack.ini
[2007/10/28 14:39:47 | 000,000,088 | ---- | C] () -- H:\WINDOWS\MSREGUSR.INI
[2007/03/14 13:06:42 | 000,000,036 | ---- | C] () -- H:\WINDOWS\Tiny_Run.ini
[2007/02/04 11:36:04 | 000,001,265 | ---- | C] () -- H:\WINDOWS\disney.ini
[2007/02/02 16:16:41 | 000,000,000 | ---- | C] () -- H:\WINDOWS\MSDraw.ini
[2007/01/29 12:03:03 | 000,111,932 | ---- | C] () -- H:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/01/29 12:03:03 | 000,031,053 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern131.dat
[2007/01/29 12:03:03 | 000,027,417 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern121.dat
[2007/01/29 12:03:03 | 000,026,154 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern1.dat
[2007/01/29 12:03:03 | 000,024,903 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern3.dat
[2007/01/29 12:03:03 | 000,021,390 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern5.dat
[2007/01/29 12:03:03 | 000,020,148 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern2.dat
[2007/01/29 12:03:03 | 000,011,811 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern4.dat
[2007/01/29 12:03:03 | 000,004,943 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern6.dat
[2007/01/29 12:03:03 | 000,001,146 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/01/29 12:03:03 | 000,001,139 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/01/29 12:03:03 | 000,001,139 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/01/29 12:03:03 | 000,001,136 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/01/29 12:03:03 | 000,001,129 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/01/29 12:03:03 | 000,001,129 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/01/29 12:03:03 | 000,001,120 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/01/29 12:03:03 | 000,001,107 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/01/29 12:03:03 | 000,001,104 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/01/29 12:03:03 | 000,000,097 | ---- | C] () -- H:\WINDOWS\System32\PICSDK.ini
[2007/01/29 11:53:26 | 000,540,672 | ---- | C] () -- H:\WINDOWS\System32\SLLights.dll
[2007/01/29 11:53:26 | 000,380,928 | ---- | C] () -- H:\WINDOWS\System32\slmh.exe
[2007/01/29 11:53:26 | 000,221,184 | ---- | C] () -- H:\WINDOWS\System32\amr_cpl.dll
[2007/01/29 11:53:26 | 000,180,224 | ---- | C] () -- H:\WINDOWS\System32\minirec.exe
[2007/01/29 11:53:26 | 000,151,552 | ---- | C] () -- H:\WINDOWS\System32\SLMOHServ.dll
[2007/01/29 11:53:26 | 000,077,824 | ---- | C] () -- H:\WINDOWS\SmCfg.exe
[2007/01/29 11:49:25 | 000,212,992 | ---- | C] () -- H:\WINDOWS\System32\slextspk.dll
[2007/01/29 11:49:24 | 000,180,224 | ---- | C] () -- H:\WINDOWS\System32\SLGen.dll
[2007/01/29 11:29:48 | 000,006,084 | ---- | C] () -- H:\Documents and Settings\User\Application Data\wklnhst.dat
[2006/12/14 12:25:10 | 000,040,960 | R--- | C] () -- H:\WINDOWS\System32\ChCfg.exe
[2006/12/14 12:24:49 | 000,157,184 | R--- | C] () -- H:\WINDOWS\System32\RtlCPAPI.dll
[2006/12/14 12:24:43 | 000,000,164 | R--- | C] () -- H:\WINDOWS\avrack.ini
[2006/12/14 11:24:13 | 000,005,810 | R--- | C] () -- H:\WINDOWS\System32\drivers\ASACPI.sys
[2006/12/14 11:24:11 | 000,015,585 | ---- | C] () -- H:\WINDOWS\Ascd_tmp.ini
[2006/12/14 11:24:08 | 000,005,824 | ---- | C] () -- H:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/12/13 17:38:57 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat
[2006/12/13 17:34:25 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat
[2006/12/13 17:21:29 | 000,004,346 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
[2006/12/13 17:20:20 | 000,241,536 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 12:00:00 | 013,107,200 | ---- | C] () -- H:\WINDOWS\System32\oembios.bin
[2006/02/28 12:00:00 | 000,673,088 | ---- | C] () -- H:\WINDOWS\System32\mlang.dat
[2006/02/28 12:00:00 | 000,380,658 | ---- | C] () -- H:\WINDOWS\System32\perfh009.dat
[2006/02/28 12:00:00 | 000,272,128 | ---- | C] () -- H:\WINDOWS\System32\perfi009.dat
[2006/02/28 12:00:00 | 000,218,003 | ---- | C] () -- H:\WINDOWS\System32\dssec.dat
[2006/02/28 12:00:00 | 000,052,880 | ---- | C] () -- H:\WINDOWS\System32\perfc009.dat
[2006/02/28 12:00:00 | 000,046,258 | ---- | C] () -- H:\WINDOWS\System32\mib.bin
[2006/02/28 12:00:00 | 000,028,626 | ---- | C] () -- H:\WINDOWS\System32\perfd009.dat
[2006/02/28 12:00:00 | 000,004,569 | ---- | C] () -- H:\WINDOWS\System32\secupd.dat
[2006/02/28 12:00:00 | 000,004,461 | ---- | C] () -- H:\WINDOWS\System32\oembios.dat
[2006/02/28 12:00:00 | 000,001,804 | ---- | C] () -- H:\WINDOWS\System32\dcache.bin
[2006/02/28 12:00:00 | 000,000,741 | ---- | C] () -- H:\WINDOWS\System32\noise.dat
[2005/05/31 13:49:32 | 000,066,048 | ---- | C] () -- H:\WINDOWS\System32\talpdf32.dll
[2004/09/30 06:24:58 | 000,036,864 | ---- | C] () -- H:\WINDOWS\slrundll.exe
[2004/09/30 06:24:56 | 000,061,440 | ---- | C] () -- H:\WINDOWS\System32\coinst.dll
[1996/12/04 00:00:00 | 000,022,016 | ---- | C] () -- H:\WINDOWS\System32\ODBCSTF.DLL
[1996/12/04 00:00:00 | 000,022,016 | ---- | C] () -- H:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/04 00:00:00 | 000,012,288 | ---- | C] () -- H:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/12/13 17:36:38 | 000,000,067 | -HS- | M] () -- H:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/12/18 14:49:26 | 001,239,436 | ---- | M] () -- H:\Program Files\minivigor128_32bit_V2.6.zip

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/02/23 14:40:01 | 000,000,272 | -HS- | M] () -- H:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/12/13 17:44:49 | 000,000,119 | -HS- | M] () -- H:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/12/13 17:44:48 | 000,000,079 | ---- | M] () -- H:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/03/09 20:46:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\User\Desktop\OTL.exe
[2011/03/09 20:32:19 | 001,006,747 | ---- | M] () -- H:\Documents and Settings\User\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/02/17 16:42:14 | 035,124,856 | ---- | M] ( ) -- H:\Documents and Settings\User\My Documents\AdbeRdr90_en_US.exe
[2008/02/08 21:31:49 | 059,196,712 | ---- | M] (Apple Inc.) -- H:\Documents and Settings\User\My Documents\iTunesSetup.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/12/13 17:44:48 | 000,000,122 | -HS- | M] () -- H:\Documents and Settings\User\Favorites\Desktop.ini
[2007/11/27 13:49:38 | 000,000,400 | ---- | M] () -- H:\Documents and Settings\User\Favorites\My Documents.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- H:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- H:\WINDOWS\system32\dxtrans.dll
[2010/12/20 23:59:19 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- H:\WINDOWS\system32\iepeers.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/12/13 17:19:25 | 000,094,208 | ---- | M] () -- H:\WINDOWS\system32\config\default.sav
[2006/12/13 17:19:25 | 000,634,880 | ---- | M] () -- H:\WINDOWS\system32\config\software.sav
[2006/12/13 17:19:25 | 000,905,216 | ---- | M] () -- H:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/02/28 12:00:00 | 000,009,029 | ---- | M] () -- H:\WINDOWS\system32\ansi.sys
[2006/02/28 12:00:00 | 000,027,097 | ---- | M] () -- H:\WINDOWS\system32\country.sys
[2006/02/28 12:00:00 | 000,004,768 | ---- | M] () -- H:\WINDOWS\system32\himem.sys
[2006/02/28 12:00:00 | 000,042,809 | ---- | M] () -- H:\WINDOWS\system32\key01.sys
[2006/02/28 12:00:00 | 000,042,537 | ---- | M] () -- H:\WINDOWS\system32\keyboard.sys
[2006/02/28 12:00:00 | 000,027,866 | ---- | M] () -- H:\WINDOWS\system32\ntdos.sys
[2006/02/28 12:00:00 | 000,029,146 | ---- | M] () -- H:\WINDOWS\system32\ntdos404.sys
[2006/02/28 12:00:00 | 000,029,370 | ---- | M] () -- H:\WINDOWS\system32\ntdos411.sys
[2006/02/28 12:00:00 | 000,029,274 | ---- | M] () -- H:\WINDOWS\system32\ntdos412.sys
[2006/02/28 12:00:00 | 000,029,146 | ---- | M] () -- H:\WINDOWS\system32\ntdos804.sys
[2006/02/28 12:00:00 | 000,033,840 | ---- | M] () -- H:\WINDOWS\system32\ntio.sys
[2006/02/28 12:00:00 | 000,034,560 | ---- | M] () -- H:\WINDOWS\system32\ntio404.sys
[2006/02/28 12:00:00 | 000,035,648 | ---- | M] () -- H:\WINDOWS\system32\ntio411.sys
[2006/02/28 12:00:00 | 000,035,424 | ---- | M] () -- H:\WINDOWS\system32\ntio412.sys
[2006/02/28 12:00:00 | 000,034,560 | ---- | M] () -- H:\WINDOWS\system32\ntio804.sys
[2008/04/13 18:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\system32\watchdog.sys
[2010/12/31 13:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 00:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 00:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 00:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 00:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 00:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 00:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 00:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 00:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 00:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 00:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 00:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 00:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 00:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 00:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 00:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- H:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2006/12/13 17:19:26 | 000,000,210 | -HS- | M] () -- H:\boot.ini
[2011/03/05 21:21:04 | 000,005,248 | -H-- | M] () -- H:\ffastun.ffa
[2011/03/05 21:21:04 | 000,671,744 | -H-- | M] () -- H:\ffastun.ffl
[2011/03/05 21:21:04 | 000,237,568 | -H-- | M] () -- H:\ffastun.ffo
[2011/03/05 21:21:04 | 002,387,968 | -H-- | M] () -- H:\ffastun0.ffx
[2007/03/15 12:49:39 | 000,000,686 | ---- | M] () -- H:\ini2.txt
[2010/11/08 09:15:52 | 025,942,016 | ---- | M] () -- H:\M & S Construction (Backup 08 Nov 2010 09 14 AM).QBB
[2010/02/02 15:42:09 | 005,350,244 | ---- | M] () -- H:\M & S Construction payroll backup 09.zip
[2010/11/05 12:18:42 | 003,133,219 | ---- | M] () -- H:\M & S Construction payroll backup 10.zip
[2011/02/25 14:44:35 | 000,270,698 | ---- | M] () -- H:\M & S Construction payroll backup 11.zip
[2006/02/28 12:00:00 | 000,047,564 | RHS- | M] () -- H:\NTDETECT.COM
[2009/02/23 14:33:03 | 000,250,048 | RHS- | M] () -- H:\ntldr
[2011/03/09 19:56:00 | 1598,029,824 | -HS- | M] () -- H:\pagefile.sys
[2011/03/09 20:33:51 | 000,000,463 | ---- | M] () -- H:\rkill.log
[2008/01/09 15:58:58 | 000,177,620 | ---- | M] () -- H:\wpayback.zip

< %PROGRAMFILES%\*. >
[2010/04/29 12:22:43 | 000,000,000 | ---D | M] -- H:\Program Files\3 Mobile Broadband
[2009/02/18 17:10:17 | 000,000,000 | ---D | M] -- H:\Program Files\Adobe
[2007/01/29 11:32:51 | 000,000,000 | ---D | M] -- H:\Program Files\Ahead
[2009/02/04 11:44:27 | 000,000,000 | ---D | M] -- H:\Program Files\Apple Software Update
[2008/02/08 17:31:28 | 000,000,000 | ---D | M] -- H:\Program Files\Audible
[2010/12/28 19:15:16 | 000,000,000 | ---D | M] -- H:\Program Files\AVG
[2011/02/07 02:00:38 | 000,000,000 | ---D | M] -- H:\Program Files\AVG Antivirus 2011
[2006/12/14 12:24:45 | 000,000,000 | ---D | M] -- H:\Program Files\AvRack
[2011/02/02 16:06:53 | 000,000,000 | ---D | M] -- H:\Program Files\Bonjour
[2007/12/03 20:40:47 | 000,000,000 | ---D | M] -- H:\Program Files\Britannica 2005
[2009/02/02 13:53:53 | 000,000,000 | ---D | M] -- H:\Program Files\Canon
[2009/02/18 17:08:02 | 000,000,000 | ---D | M] -- H:\Program Files\Common Files
[2006/12/13 17:34:14 | 000,000,000 | ---D | M] -- H:\Program Files\ComPlus Applications
[2008/02/08 17:32:14 | 000,000,000 | ---D | M] -- H:\Program Files\Creative
[2006/12/21 10:57:09 | 000,000,000 | ---D | M] -- H:\Program Files\CyberLink
[2007/02/04 11:37:19 | 000,000,000 | ---D | M] -- H:\Program Files\Disney Interactive
[2007/12/18 14:50:14 | 000,000,000 | ---D | M] -- H:\Program Files\DrayTek ISDN Tools
[2008/07/10 13:31:07 | 000,000,000 | ---D | M] -- H:\Program Files\EPSON
[2010/11/04 19:34:42 | 000,000,000 | ---D | M] -- H:\Program Files\FinePixViewer
[2010/02/16 11:20:57 | 000,000,000 | ---D | M] -- H:\Program Files\Google
[2007/01/29 12:05:20 | 000,000,000 | ---D | M] -- H:\Program Files\Grisoft
[2010/04/29 12:23:19 | 000,000,000 | ---D | M] -- H:\Program Files\Huawei Modems
[2010/04/29 12:22:43 | 000,000,000 | -H-D | M] -- H:\Program Files\InstallShield Installation Information
[2006/12/14 11:36:01 | 000,000,000 | ---D | M] -- H:\Program Files\Intel
[2011/02/25 21:00:01 | 000,000,000 | ---D | M] -- H:\Program Files\Internet Explorer
[2008/01/04 20:18:05 | 000,000,000 | ---D | M] -- H:\Program Files\Intuit
[2011/02/02 16:11:20 | 000,000,000 | ---D | M] -- H:\Program Files\iPod
[2011/02/02 16:12:26 | 000,000,000 | ---D | M] -- H:\Program Files\iTunes
[2009/02/13 20:20:57 | 000,000,000 | ---D | M] -- H:\Program Files\Jasc Software Inc
[2009/03/06 17:40:47 | 000,000,000 | ---D | M] -- H:\Program Files\Java
[2010/12/10 17:30:39 | 000,000,000 | ---D | M] -- H:\Program Files\LG Electronics
[2009/12/15 22:33:05 | 000,000,000 | ---D | M] -- H:\Program Files\LimeWire
[2009/07/06 19:16:27 | 000,000,000 | ---D | M] -- H:\Program Files\Mars
[2006/12/14 12:28:55 | 000,000,000 | ---D | M] -- H:\Program Files\Marvell
[2009/02/23 16:28:15 | 000,000,000 | ---D | M] -- H:\Program Files\Messenger
[2006/12/13 17:37:17 | 000,000,000 | ---D | M] -- H:\Program Files\microsoft frontpage
[2008/03/20 17:26:24 | 000,000,000 | ---D | M] -- H:\Program Files\Microsoft Office
[2009/02/13 23:00:37 | 000,000,000 | ---D | M] -- H:\Program Files\Microsoft Publisher
[2007/01/29 11:28:52 | 000,000,000 | ---D | M] -- H:\Program Files\Microsoft Works
[2007/10/28 14:38:19 | 000,000,000 | ---D | M] -- H:\Program Files\Mindscape
[2007/12/18 14:49:47 | 000,000,000 | ---D | M] -- H:\Program Files\minivigor128_32bit_V2.6
[2010/08/24 19:31:42 | 000,000,000 | ---D | M] -- H:\Program Files\Movie Maker
[2007/06/15 19:44:44 | 000,000,000 | ---D | M] -- H:\Program Files\MSN
[2006/12/13 17:33:32 | 000,000,000 | ---D | M] -- H:\Program Files\MSN Gaming Zone
[2007/05/29 18:47:19 | 000,000,000 | ---D | M] -- H:\Program Files\MSXML 4.0
[2008/02/08 17:30:26 | 000,000,000 | ---D | M] -- H:\Program Files\Music Manager
[2009/02/23 14:37:14 | 000,000,000 | ---D | M] -- H:\Program Files\NetMeeting
[2006/12/13 17:33:41 | 000,000,000 | ---D | M] -- H:\Program Files\Online Services
[2010/12/16 08:59:47 | 000,000,000 | ---D | M] -- H:\Program Files\Outlook Express
[2009/07/08 18:28:10 | 000,000,000 | ---D | M] -- H:\Program Files\PIXELA
[2011/02/02 15:56:38 | 000,000,000 | ---D | M] -- H:\Program Files\QuickTime
[2006/12/14 12:24:43 | 000,000,000 | ---D | M] -- H:\Program Files\Realtek AC97
[2006/12/14 12:24:45 | 000,000,000 | ---D | M] -- H:\Program Files\Realtek Sound Manager
[2009/07/08 18:23:55 | 000,000,000 | ---D | M] -- H:\Program Files\REGSHAVE
[2008/01/09 16:12:29 | 000,000,000 | ---D | M] -- H:\Program Files\thes2007
[2008/09/12 13:07:15 | 000,000,000 | ---D | M] -- H:\Program Files\thes2008
[2010/02/02 15:35:17 | 000,000,000 | ---D | M] -- H:\Program Files\thes2009
[2006/12/13 17:44:40 | 000,000,000 | -H-D | M] -- H:\Program Files\Uninstall Information
[2009/02/23 14:37:09 | 000,000,000 | ---D | M] -- H:\Program Files\Windows Media Player
[2008/03/20 17:27:44 | 000,000,000 | ---D | M] -- H:\Program Files\Windows Messaging
[2009/02/23 14:37:08 | 000,000,000 | ---D | M] -- H:\Program Files\Windows NT
[2006/12/13 17:35:48 | 000,000,000 | -H-D | M] -- H:\Program Files\WindowsUpdate
[2006/12/13 17:37:17 | 000,000,000 | ---D | M] -- H:\Program Files\xerox
[2007/12/03 20:21:06 | 000,000,000 | -H-D | M] -- H:\Program Files\Zero G Registry

< %appdata%\*.* >
[2006/12/13 17:21:00 | 000,000,062 | -HS- | M] () -- H:\Documents and Settings\User\Application Data\desktop.ini
[2011/02/24 22:33:53 | 000,006,084 | ---- | M] () -- H:\Documents and Settings\User\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/23 14:28:22 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/02/23 14:28:22 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/23 14:28:22 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/02/23 14:28:22 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/02/23 14:28:22 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/02/23 14:28:22 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- H:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- H:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- H:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- H:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- H:\WINDOWS\system32\eventlog.dll
[2006/02/28 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- H:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- H:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- H:\WINDOWS\system32\netlogon.dll
[2006/02/28 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- H:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- H:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- H:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- H:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/02/23 14:28:22 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/02/23 14:28:22 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2006/02/28 12:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- H:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 18:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- H:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 18:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- H:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-10 19:45:36

< >

========== Files - Unicode (All) ==========
[2011/02/28 14:31:17 | 000,000,017 | ---- | M] ()(H:\WINDOWS\System32\??) -- H:\WINDOWS\System32\텘ʓ
[2011/02/28 14:31:17 | 000,000,017 | ---- | C] ()(H:\WINDOWS\System32\??) -- H:\WINDOWS\System32\텘ʓ

< End of report >


Ballybritish

Unborn
Unborn

Posts : 1
Joined : 2011-03-10
Operating System : Windows xp

View user profile

Back to top Go down

Re: Warning you're computer is infected with spyware.... Please help

Post by Pancake on Thu 10 Mar 2011, 8:52 am

Hi.Welcome to the forum

Please run all these programs..

Download the TDSSKiller.exe and extract to your Desktop.

Execute TDSSKiller.exe by doubleclicking on it. You may be prompted to restart your machine. Type Y at the prompt.
Once complete, a log will be produced at root. It will be named
UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_27.1.2010_15.31.43_log.txt.

Attach that log here please.

====================================================

Please download Malwarebytes' Anti-Malware from one of these places:
Majorgeeks or Besttechie

Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.

===============================================

Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.
You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]
Please include the C:\ComboFix.txt in your next reply for further review.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper







Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum