Solved I have Malware

[Resolved] I have Malware

I can't not run any malware or security program. The malware will not let me use alt control delete or run programs form the run box. The only program I could get to run was hijackthis I am posting the scan log. I cannot get on the internet with this computer . Please help


[HJT log removed by Broni]

 

I know what I should do when I post on this BBS but how could I scan with Malwarebyts if the malware on my computer would not let me run any antivirus or malware program or let me go on the internet. I boot up in the safe mode in reinstalled a new download of malwarebyts and it would not run. So I did a restore form a restore point and the malware is gone. I did a scan with malwarebyts it found nothing a also scan with Microsoft Security Essentials It did not find anything.

 

I am scaning today

I am scaning my computer today i will post scan soon

 

The log files you need

I am posting the logs you need

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-04 15:33:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e rev.
Running: ieqfzf1e.exe; Driver: C:\DOCUME~1\john\LOCALS~1\Temp\axrcipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9FEE380, 0x346307, 0xE8000020]
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB9C87900]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\LastGood 0 bytes
File C:\WINDOWS\LastGood\INF 0 bytes
File C:\WINDOWS\LastGood\INF\oem119.inf 0 bytes
File C:\WINDOWS\LastGood\INF\oem119.PNF 0 bytes
File C:\WINDOWS\KB2718704.log 3897 bytes

---- EOF - GMER 1.0.15 ----

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by john at 15:48:10 on 2012-06-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1843 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\SensorsView\sview.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\coupons.com couponbar\tbcore3.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - c:\program files\coupons.com couponbar\tbcore3.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DVDTray] c:\program files\ahead\odd toolkit\DVDTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\john\startm~1\programs\startup\sensor~1.lnk - c:\program files\sensorsview\sview.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {072CB141-B793-11D1-89B6-0020182C1446} - file://d:\utilities\IntraLaunch.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://creatives3.lakefield.net:85/SysCamInst.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://212.129.168.37:81/kxhcm10.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://74.171.128.39:8080/program/SonySncRz25View.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://tmc.baycountyfl.gov:2301/activex/AMC.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{374977FD-6CC6-49EA-8948-D5D99F8C6DBB} : DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 MpKsl18537b2b;MpKsl18537b2b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48b86d2c-852e-44b9-83f4-8979b76d14ae}\MpKsl18537b2b.sys [2012-6-4 29904]
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2005-2-7 1984]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2005-6-18 140416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\drivers\xpad.sys --> c:\windows\system32\drivers\xpad.sys [?]
.
=============== Created Last 30 ================
.
2012-06-04 16:37:47 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48b86d2c-852e-44b9-83f4-8979b76d14ae}\MpKsl18537b2b.sys
2012-06-03 22:50:30 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48b86d2c-852e-44b9-83f4-8979b76d14ae}\offreg.dll
2012-06-03 22:35:26 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48b86d2c-852e-44b9-83f4-8979b76d14ae}\mpengine.dll
2012-06-03 22:24:33 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-03 22:21:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-03 22:21:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-03 22:20:20 -------- d-----w- c:\program files\Mplayer
2012-05-06 22:44:13 -------- d-----w- C:\FINANCE
.
==================== Find3M ====================
.
2012-05-05 17:17:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 17:17:41 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 17:04:00 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2012-03-21 01:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2007-03-28 19:57:53 18895728 ------w- c:\program files\Install_Messenger.exe
2005-07-28 15:35:16 959653376 ------w- c:\program files\ragnarok_setup.exe
2004-03-11 19:27:22 40960 ------w- c:\program files\Uninstall_CDS.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile( "\\.\PHYSICALDRIVE0 "): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8AB46AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000065[0x8ABDD4D0]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP1T0L0-e[0x8AB48D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 15:49:11.42 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/4/2005 1:26:06 AM
System Uptime: 6/4/2012 11:36:13 AM (4 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 8IPE1000-G
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 3014/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 29.444 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP555: 3/6/2012 7:30:03 PM - System Checkpoint
RP556: 3/7/2012 11:54:20 AM - Software Distribution Service 3.0
RP557: 3/8/2012 4:47:31 PM - System Checkpoint
RP558: 3/9/2012 12:52:21 AM - Software Distribution Service 3.0
RP559: 3/10/2012 9:43:50 AM - Software Distribution Service 3.0
RP560: 3/11/2012 12:05:38 PM - Software Distribution Service 3.0
RP561: 3/12/2012 12:44:06 PM - Software Distribution Service 3.0
RP562: 3/13/2012 5:51:00 PM - Software Distribution Service 3.0
RP563: 3/14/2012 11:46:17 AM - Software Distribution Service 3.0
RP564: 3/15/2012 6:12:00 PM - Software Distribution Service 3.0
RP565: 3/16/2012 10:48:34 PM - Software Distribution Service 3.0
RP566: 3/18/2012 10:35:27 AM - Software Distribution Service 3.0
RP567: 3/19/2012 5:34:57 PM - System Checkpoint
RP568: 3/20/2012 5:38:18 PM - Software Distribution Service 3.0
RP569: 3/21/2012 6:44:15 PM - Software Distribution Service 3.0
RP570: 3/23/2012 6:14:43 PM - Software Distribution Service 3.0
RP571: 3/24/2012 3:18:24 PM - Removed HP Deskjet 6500
RP572: 3/25/2012 11:26:05 AM - Software Distribution Service 3.0
RP573: 3/26/2012 1:10:05 PM - Software Distribution Service 3.0
RP574: 3/28/2012 10:04:34 AM - Software Distribution Service 3.0
RP575: 3/29/2012 11:46:52 AM - Software Distribution Service 3.0
RP576: 3/30/2012 11:48:20 AM - System Checkpoint
RP577: 3/30/2012 4:53:02 PM - Software Distribution Service 3.0
RP578: 3/31/2012 8:40:00 PM - System Checkpoint
RP579: 4/1/2012 11:09:57 AM - Software Distribution Service 3.0
RP580: 4/2/2012 11:23:19 AM - System Checkpoint
RP581: 4/3/2012 10:21:16 AM - Software Distribution Service 3.0
RP582: 4/4/2012 10:33:37 AM - Software Distribution Service 3.0
RP583: 4/5/2012 10:55:30 AM - Software Distribution Service 3.0
RP584: 4/6/2012 6:00:43 PM - System Checkpoint
RP585: 4/7/2012 7:04:02 PM - System Checkpoint
RP586: 4/8/2012 11:14:11 AM - Software Distribution Service 3.0
RP587: 4/9/2012 4:49:03 PM - Software Distribution Service 3.0
RP588: 4/10/2012 5:58:02 PM - Software Distribution Service 3.0
RP589: 4/11/2012 6:01:00 PM - System Checkpoint
RP590: 4/12/2012 6:04:26 PM - Software Distribution Service 3.0
RP591: 4/12/2012 6:16:52 PM - Software Distribution Service 3.0
RP592: 4/13/2012 6:23:42 PM - System Checkpoint
RP593: 4/14/2012 12:56:54 PM - Software Distribution Service 3.0
RP594: 4/15/2012 7:12:22 PM - System Checkpoint
RP595: 4/16/2012 5:58:24 PM - Software Distribution Service 3.0
RP596: 4/17/2012 6:02:07 PM - Software Distribution Service 3.0
RP597: 4/18/2012 6:12:38 PM - Software Distribution Service 3.0
RP598: 4/19/2012 9:18:40 PM - System Checkpoint
RP599: 4/20/2012 12:31:53 PM - Software Distribution Service 3.0
RP600: 4/21/2012 11:04:30 PM - Software Distribution Service 3.0
RP601: 4/22/2012 1:43:34 AM - Software Distribution Service 3.0
RP602: 4/23/2012 8:03:11 AM - Software Distribution Service 3.0
RP603: 4/24/2012 12:06:15 PM - Software Distribution Service 3.0
RP604: 4/25/2012 5:06:01 PM - Software Distribution Service 3.0
RP605: 4/26/2012 6:42:59 PM - System Checkpoint
RP606: 4/27/2012 6:39:48 AM - Software Distribution Service 3.0
RP607: 4/28/2012 9:26:30 AM - Software Distribution Service 3.0
RP608: 4/29/2012 9:53:08 AM - Software Distribution Service 3.0
RP609: 4/30/2012 5:22:42 PM - System Checkpoint
RP610: 4/30/2012 7:39:47 PM - Software Distribution Service 3.0
RP611: 5/2/2012 10:11:00 AM - Software Distribution Service 3.0
RP612: 5/3/2012 5:43:28 PM - System Checkpoint
RP613: 5/4/2012 9:43:17 AM - Software Distribution Service 3.0
RP614: 5/5/2012 10:39:05 AM - Software Distribution Service 3.0
RP615: 5/6/2012 2:17:11 PM - Software Distribution Service 3.0
RP616: 5/7/2012 6:12:03 PM - System Checkpoint
RP617: 5/8/2012 11:32:51 AM - Software Distribution Service 3.0
RP618: 5/9/2012 6:20:35 PM - System Checkpoint
RP619: 5/10/2012 8:51:39 AM - Software Distribution Service 3.0
RP620: 5/10/2012 12:50:20 PM - Software Distribution Service 3.0
RP621: 5/11/2012 10:17:22 AM - Software Distribution Service 3.0
RP622: 5/12/2012 4:35:55 PM - System Checkpoint
RP623: 5/12/2012 10:52:22 PM - Software Distribution Service 3.0
RP624: 5/14/2012 9:34:10 AM - Software Distribution Service 3.0
RP625: 5/15/2012 7:54:18 PM - Software Distribution Service 3.0
RP626: 5/16/2012 10:57:41 PM - Software Distribution Service 3.0
RP627: 5/18/2012 9:58:06 AM - Software Distribution Service 3.0
RP628: 5/19/2012 10:42:33 AM - Software Distribution Service 3.0
RP629: 5/20/2012 11:26:54 AM - Software Distribution Service 3.0
RP630: 5/21/2012 6:03:31 PM - System Checkpoint
RP631: 5/22/2012 9:05:04 AM - Software Distribution Service 3.0
RP632: 5/22/2012 10:29:15 AM - Software Distribution Service 3.0
RP633: 5/22/2012 10:40:52 AM - Software Distribution Service 3.0
RP634: 5/22/2012 11:14:42 AM - Software Distribution Service 3.0
RP635: 5/22/2012 11:52:19 AM - Software Distribution Service 3.0
RP636: 5/22/2012 5:26:28 PM - Software Distribution Service 3.0
RP637: 5/22/2012 6:57:00 PM - Software Distribution Service 3.0
RP638: 5/23/2012 9:57:01 AM - Software Distribution Service 3.0
RP639: 5/24/2012 10:30:55 AM - Software Distribution Service 3.0
RP640: 5/25/2012 10:40:59 AM - Software Distribution Service 3.0
RP641: 5/26/2012 6:23:28 PM - System Checkpoint
RP642: 5/27/2012 11:21:18 AM - Software Distribution Service 3.0
RP643: 5/28/2012 11:31:34 AM - System Checkpoint
RP644: 5/29/2012 9:50:38 AM - Software Distribution Service 3.0
RP645: 5/30/2012 10:07:22 AM - Software Distribution Service 3.0
RP646: 5/31/2012 10:33:08 AM - Software Distribution Service 3.0
RP647: 6/1/2012 10:45:20 AM - Software Distribution Service 3.0
RP648: 6/2/2012 12:01:15 PM - Software Distribution Service 3.0
RP649: 6/3/2012 5:19:31 PM - Restore Operation
RP650: 6/3/2012 5:35:21 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Active@ UNDELETE
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
AIM 7

 

What did miss ?

 

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
john :: HOMEMADE [limited]

6/5/2012 12:03:24 PM
mbam-log-2012-06-05 (12-03-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 301149
Time elapsed: 9 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/4/2005 1:26:06 AM
System Uptime: 6/4/2012 11:36:13 AM (4 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 8IPE1000-G
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 3014/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 29.444 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP555: 3/6/2012 7:30:03 PM - System Checkpoint
RP556: 3/7/2012 11:54:20 AM - Software Distribution Service 3.0
RP557: 3/8/2012 4:47:31 PM - System Checkpoint
RP558: 3/9/2012 12:52:21 AM - Software Distribution Service 3.0
RP559: 3/10/2012 9:43:50 AM - Software Distribution Service 3.0
RP560: 3/11/2012 12:05:38 PM - Software Distribution Service 3.0
RP561: 3/12/2012 12:44:06 PM - Software Distribution Service 3.0
RP562: 3/13/2012 5:51:00 PM - Software Distribution Service 3.0
RP563: 3/14/2012 11:46:17 AM - Software Distribution Service 3.0
RP564: 3/15/2012 6:12:00 PM - Software Distribution Service 3.0
RP565: 3/16/2012 10:48:34 PM - Software Distribution Service 3.0
RP566: 3/18/2012 10:35:27 AM - Software Distribution Service 3.0
RP567: 3/19/2012 5:34:57 PM - System Checkpoint
RP568: 3/20/2012 5:38:18 PM - Software Distribution Service 3.0
RP569: 3/21/2012 6:44:15 PM - Software Distribution Service 3.0
RP570: 3/23/2012 6:14:43 PM - Software Distribution Service 3.0
RP571: 3/24/2012 3:18:24 PM - Removed HP Deskjet 6500
RP572: 3/25/2012 11:26:05 AM - Software Distribution Service 3.0
RP573: 3/26/2012 1:10:05 PM - Software Distribution Service 3.0
RP574: 3/28/2012 10:04:34 AM - Software Distribution Service 3.0
RP575: 3/29/2012 11:46:52 AM - Software Distribution Service 3.0
RP576: 3/30/2012 11:48:20 AM - System Checkpoint
RP577: 3/30/2012 4:53:02 PM - Software Distribution Service 3.0
RP578: 3/31/2012 8:40:00 PM - System Checkpoint
RP579: 4/1/2012 11:09:57 AM - Software Distribution Service 3.0
RP580: 4/2/2012 11:23:19 AM - System Checkpoint
RP581: 4/3/2012 10:21:16 AM - Software Distribution Service 3.0
RP582: 4/4/2012 10:33:37 AM - Software Distribution Service 3.0
RP583: 4/5/2012 10:55:30 AM - Software Distribution Service 3.0
RP584: 4/6/2012 6:00:43 PM - System Checkpoint
RP585: 4/7/2012 7:04:02 PM - System Checkpoint
RP586: 4/8/2012 11:14:11 AM - Software Distribution Service 3.0
RP587: 4/9/2012 4:49:03 PM - Software Distribution Service 3.0
RP588: 4/10/2012 5:58:02 PM - Software Distribution Service 3.0
RP589: 4/11/2012 6:01:00 PM - System Checkpoint
RP590: 4/12/2012 6:04:26 PM - Software Distribution Service 3.0
RP591: 4/12/2012 6:16:52 PM - Software Distribution Service 3.0
RP592: 4/13/2012 6:23:42 PM - System Checkpoint
RP593: 4/14/2012 12:56:54 PM - Software Distribution Service 3.0
RP594: 4/15/2012 7:12:22 PM - System Checkpoint
RP595: 4/16/2012 5:58:24 PM - Software Distribution Service 3.0
RP596: 4/17/2012 6:02:07 PM - Software Distribution Service 3.0
RP597: 4/18/2012 6:12:38 PM - Software Distribution Service 3.0
RP598: 4/19/2012 9:18:40 PM - System Checkpoint
RP599: 4/20/2012 12:31:53 PM - Software Distribution Service 3.0
RP600: 4/21/2012 11:04:30 PM - Software Distribution Service 3.0
RP601: 4/22/2012 1:43:34 AM - Software Distribution Service 3.0
RP602: 4/23/2012 8:03:11 AM - Software Distribution Service 3.0
RP603: 4/24/2012 12:06:15 PM - Software Distribution Service 3.0
RP604: 4/25/2012 5:06:01 PM - Software Distribution Service 3.0
RP605: 4/26/2012 6:42:59 PM - System Checkpoint
RP606: 4/27/2012 6:39:48 AM - Software Distribution Service 3.0
RP607: 4/28/2012 9:26:30 AM - Software Distribution Service 3.0
RP608: 4/29/2012 9:53:08 AM - Software Distribution Service 3.0
RP609: 4/30/2012 5:22:42 PM - System Checkpoint
RP610: 4/30/2012 7:39:47 PM - Software Distribution Service 3.0
RP611: 5/2/2012 10:11:00 AM - Software Distribution Service 3.0
RP612: 5/3/2012 5:43:28 PM - System Checkpoint
RP613: 5/4/2012 9:43:17 AM - Software Distribution Service 3.0
RP614: 5/5/2012 10:39:05 AM - Software Distribution Service 3.0
RP615: 5/6/2012 2:17:11 PM - Software Distribution Service 3.0
RP616: 5/7/2012 6:12:03 PM - System Checkpoint
RP617: 5/8/2012 11:32:51 AM - Software Distribution Service 3.0
RP618: 5/9/2012 6:20:35 PM - System Checkpoint
RP619: 5/10/2012 8:51:39 AM - Software Distribution Service 3.0
RP620: 5/10/2012 12:50:20 PM - Software Distribution Service 3.0
RP621: 5/11/2012 10:17:22 AM - Software Distribution Service 3.0
RP622: 5/12/2012 4:35:55 PM - System Checkpoint
RP623: 5/12/2012 10:52:22 PM - Software Distribution Service 3.0
RP624: 5/14/2012 9:34:10 AM - Software Distribution Service 3.0
RP625: 5/15/2012 7:54:18 PM - Software Distribution Service 3.0
RP626: 5/16/2012 10:57:41 PM - Software Distribution Service 3.0
RP627: 5/18/2012 9:58:06 AM - Software Distribution Service 3.0
RP628: 5/19/2012 10:42:33 AM - Software Distribution Service 3.0
RP629: 5/20/2012 11:26:54 AM - Software Distribution Service 3.0
RP630: 5/21/2012 6:03:31 PM - System Checkpoint
RP631: 5/22/2012 9:05:04 AM - Software Distribution Service 3.0
RP632: 5/22/2012 10:29:15 AM - Software Distribution Service 3.0
RP633: 5/22/2012 10:40:52 AM - Software Distribution Service 3.0
RP634: 5/22/2012 11:14:42 AM - Software Distribution Service 3.0
RP635: 5/22/2012 11:52:19 AM - Software Distribution Service 3.0
RP636: 5/22/2012 5:26:28 PM - Software Distribution Service 3.0
RP637: 5/22/2012 6:57:00 PM - Software Distribution Service 3.0
RP638: 5/23/2012 9:57:01 AM - Software Distribution Service 3.0
RP639: 5/24/2012 10:30:55 AM - Software Distribution Service 3.0
RP640: 5/25/2012 10:40:59 AM - Software Distribution Service 3.0
RP641: 5/26/2012 6:23:28 PM - System Checkpoint
RP642: 5/27/2012 11:21:18 AM - Software Distribution Service 3.0
RP643: 5/28/2012 11:31:34 AM - System Checkpoint
RP644: 5/29/2012 9:50:38 AM - Software Distribution Service 3.0
RP645: 5/30/2012 10:07:22 AM - Software Distribution Service 3.0
RP646: 5/31/2012 10:33:08 AM - Software Distribution Service 3.0
RP647: 6/1/2012 10:45:20 AM - Software Distribution Service 3.0
RP648: 6/2/2012 12:01:15 PM - Software Distribution Service 3.0
RP649: 6/3/2012 5:19:31 PM - Restore Operation
RP650: 6/3/2012 5:35:21 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Active@ UNDELETE
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
AIM 7
AIO_Scan
AOL Uninstaller (Choose which Products to Remove)
AppGraffiti
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATT-RC Self Support Tool
AutoUpdate
AXIS Media Control Embedded
Belarc Advisor 7.1
BellSouth FastAccess DSL Help Center
Block Master
Bonjour
BroadJump Client Foundation
Coupon Printer for Windows
CouponBar
Critical Update for Windows Media Player 11 (KB959772)
Cucusoft DVD to iPod/PSP + iPod/PSP Video Converter Suite 2.8.3
DivX
DivX Player
DJ_AIO_Software_min
Download Updater (AOL LLC)
Duplicate File Finder
DVD Solution
Enable S3 for USB Device
ERUNT 1.1j
ESET Online Scanner v3
Ethereal 0.99.0
Form Fill (Windows Live Toolbar)
Free Games Offer, Desktop Shortcut
Garmin City Navigator North America NT 2010.10 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Half-Life(R) 2
Hero Editor V0.96
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet All-In-One Software 9.0
HP Update
InterActual Player
iPod for Windows 2005-10-12
IrfanView (remove only)
iTunes
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java Auto Updater
Java(TM) 6 Update 29
LAME v3.98.2 for Audacity
LightScribe 1.4.109.1
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.61.0.1400
Map Button (Windows Live Toolbar)
Marvell Miniport Driver
Masque Bingo with Bonus Keno
Masque Blackjack and Spanish 21
Masque Slots featuring WMS Gaming II
Masque Video Poker Strategy Pro
Masque World Class Poker
Matroska Pack - Lazy Man's MKV 0.9.9
Medi@Show
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Nero Suite
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org Installer 1.0
PaperPort
Popup Blocker (Windows Live Toolbar)
Power2Go 3.0
PowerDirector
PowerDVD
PowerProducer
Quake III Arena
QuickTime
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Saver2
Scan
Secunia PSI (2.0.0.4003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SensorsView 1.2
Smart Menus (Windows Live Toolbar)
SoftV92 Data Fax Modem
THE Rename
TI Connect 1.5
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visioneer OneTouch 9320
WebFldrs XP
WinAce Archiver
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 3.1
WOT for Internet Explorer
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
6/4/2012 11:36:53 AM, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 000FEA6A477B has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
6/3/2012 6:16:31 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 6:16:31 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
6/3/2012 5:24:33 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.127.1045.0;1.127.1045.0 Engine version: 1.1.8403.0
6/3/2012 5:14:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/3/2012 5:12:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
6/3/2012 5:12:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/3/2012 5:12:58 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/3/2012 5:12:58 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/3/2012 5:12:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/3/2012 5:12:58 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/3/2012 5:12:58 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/3/2012 5:12:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/3/2012 12:49:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Fips intelppm MpFilter
6/3/2012 12:48:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/3/2012 11:39:01 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 11:39:01 AM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 11:39:01 AM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 11:39:01 AM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 11:39:01 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 11:39:01 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 11:39:01 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 11:39:01 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 11:39:01 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:43:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
6/3/2012 10:43:51 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2012 5:28:03 PM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The system cannot find the file specified.
5/31/2012 5:28:03 PM, error: Service Control Manager [7000] - The Ati HotKey Poller service failed to start due to the following error: The system cannot find the file specified.
5/31/2012 5:25:12 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================

 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-04 15:37:08
-----------------------------
15:37:08.250 OS Version: Windows 5.1.2600 Service Pack 3
15:37:08.250 Number of processors: 2 586 0x401
15:37:08.250 ComputerName: HOMEMADE UserName: john
15:37:09.281 Initialize success
15:37:38.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:37:38.890 Disk 0 Vendor: Size: 0MB BusType: 0
15:37:38.984 Disk 0 MBR read successfully
15:37:38.984 Disk 0 MBR scan
15:37:38.984 Disk 0 Windows XP default MBR code
15:37:38.984 Disk 0 MBR hidden
15:37:38.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
15:37:39.234 Disk 0 scanning C:\WINDOWS\system32\drivers
15:38:51.390 Service scanning
15:38:58.406 Service MpKsl18537b2b C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{48B86D2C-852E-44B9-83F4-8979B76D14AE}\MpKsl18537b2b.sys **LOCKED** 32
15:39:02.218 Service WINIO D:\WINIO.sys **LOCKED** 21
15:39:03.437 Modules scanning
15:40:26.609 Disk 0 trace - called modules:
15:40:26.656 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:40:26.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab46ab8]
15:40:26.656 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000065[0x8abdd4d0]
15:40:26.671 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ab48d98]
15:40:26.671 Scan finished successfully
15:40:45.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\john\Desktop\MBR.dat "
15:40:45.343 The log file has been saved successfully to "C:\Documents and Settings\john\Desktop\aswMBR.txt "

 

this what you need

 

this is it


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

the files you wanted

ComboFix 12-06-05.03 - john 06/05/2012 17:04:59.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1959 [GMT -5:00]
Running from: c:\documents and settings\john\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\evelyn\Application Data\Toolbar4
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\arrow_refresh.png
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\basis.xml
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cog.png
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\computer_delete.png
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\dataLoader.js
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\icons3.bmp
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\info.txt
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\login.png
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\logo.png
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\search.png
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\TbHelper2.exe
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\todays_deals.png
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\uninstall.exe
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\update.exe
c:\documents and settings\evelyn\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\version.txt
c:\documents and settings\john\Application Data\Toolbar4
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0b9a7a3e0c1c165779dd33b229048b21
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0c74e33c6b89503129478a0eae095b4d
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0e1466e34ff25e57fa813d21ebfe7cf6
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0fb67f15ee619bf63699876db03ab661
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\1eac0d48548907dd2955f853c8069069
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\24234224fe547fa5f61335a325f858b5
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\323af8f156d5bb22bb38cd2ce83959de
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\36402215e280142e9fec69a27ce97d32
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\3739298d2bc9d6b94dadd7b19b48ecb3
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\476905aa92e1c9a617bd41ce5318660f
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4d2e45ddaef75a6d2c9afdbc763c3752
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4e2d5ba12b0ed08ba8960c3e874a01cb
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5192a89f761039a8f133e9c0e6f074cd
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\560ff84a7533e0f37b61b702a5403538
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\59a443f04bf13d1170b3dfc61f51b928
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5bc8ebf64906d196c815a3f28ee7be81
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5e4a0304a53d72265f5f470649d2f616
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5fceefa5d8207202cd84891c2e491f65
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\753df778c49000ceb420710ab27250f3
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\7aab54a686f169a739561ca08b97d70b
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\829a174ff56578e2e86c6ea74ceac599
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8ab60027ede7a5409caf6d1f39cee25f
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9222ff6c3153356869fc34c2bec05e71
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\97be6f9cdebaa8074491269ce024994b
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9ac01b227ded0862f1cacbfb3aa57c30
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a03f31127270e5ec9c753d5978824827
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a0c60a9410bfbe84abdf5e97d0c4c25b
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\aa65030026dd406f81e1d2f100fe7920
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b4129101a6dd1056cc66cb8ee0ed07cb
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b576b7d306b9484794e87c4894171e9c
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b8cb931520574f1fbe2d6a417ab188a3
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cadd36508a4b8f2e96e6251f59441e6d
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cf00f968a680ae7de4f426758f29e399
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d210e926e7fc2fc8277b03dcf0f51bf7
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d968ef76cba81bea577eec984bdb0fcf
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\dd63f857ccdda3776635728c6e9c9da5
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\df93d78ff74b9089b7e56bad7abf8d54
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e0274c4eebf32d7d1bf0e38726e4ea71
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e676561c84d9a41ec2ac1b9379b89748
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fdcfc40763b6755ae687e945adb4dba4
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fe98d58b0232c74e3b47d141e87aaa18
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\merchant_notification
c:\documents and settings\john\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\include_files\879ecc39d0be00e1ba71e4872c078138
c:\documents and settings\john\Local Settings\Application Data\assembly\tmp
G:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 16:12 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3ECEA7-0C11-4BCA-B513-97B170658B0C}\mpengine.dll
2012-06-03 22:35 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-03 22:21 . 2012-06-03 22:21 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-03 22:20 . 2012-06-03 22:20 -------- d-----w- c:\program files\Mplayer
2012-05-06 22:44 . 2012-05-06 22:44 -------- d-----w- C:\FINANCE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-05 17:17 . 2012-03-31 17:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 17:17 . 2011-12-13 01:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2004-08-04 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2011-12-08 00:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 17:04 . 2010-03-21 06:22 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2012-03-21 01:44 . 2011-04-18 19:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2007-03-28 19:57 . 2007-03-28 19:56 18895728 ------w- c:\program files\Install_Messenger.exe
2005-07-28 15:35 . 2005-07-28 15:29 959653376 ------w- c:\program files\ragnarok_setup.exe
2004-03-11 19:27 . 2005-02-12 21:30 40960 ------w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl "= "c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-23 180269]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DVDTray "= "c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-13 57393]
"OneTouch Monitor "= "c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2004-01-20 110592]
"IndexSearch "= "c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-13 40960]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz "= "nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"HP Software Update "= "c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\john\Start Menu\Programs\Startup\
SensorsView.lnk - c:\program files\SensorsView\sview.exe [2006-1-24 967680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager "=c:\program files\Yahoo!\Messenger\ypager.exe -quiet
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" /background
"MsnMsgr "= "c:\program files\MSN Messenger\MsnMsgr.Exe" /background
"ctfmon.exe "=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Quake III Arena\\quake3.exe "=
"c:\\Program Files\\Valve\\Steam\\Steam.exe "=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\Warcraft III\\War3.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\WINDOWS\\system32\\dplaysvr.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\darkneox102\\counter-strike source\\hl2.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724
"7000:TCP "= 7000:TCP:Blizzard Downloader: 7000
.
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2/7/2005 11:42 AM 1984]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 12:54 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 12:37 PM 257696]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [6/18/2005 11:28 AM 140416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 12:54 PM 135664]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]
S3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\Drivers\xpad.sys --> c:\windows\system32\Drivers\xpad.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:17]
.
2012-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 17:21]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 17:54]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 17:54]
.
2012-06-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-06-05 c:\windows\Tasks\User_Feed_Synchronization-{8FED1F4D-9412-47D5-83B7-D9F95F0BC470}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
DPF: {072CB141-B793-11D1-89B6-0020182C1446} - file://d:\utilities\IntraLaunch.CAB
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://creatives3.lakefield.net:85/SysCamInst.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://212.129.168.37:81/kxhcm10.ocx
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://tmc.baycountyfl.gov:2301/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\Coupons.com CouponBar\tbcore3.dll
WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\Coupons.com CouponBar\tbcore3.dll
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-05 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile( "\\.\PHYSICALDRIVE0 "): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,a0,d0,da,bf,18,ae,44,a7,84,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,a0,d0,da,bf,18,ae,44,a7,84,8b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-06-05 17:16:13
ComboFix-quarantined-files.txt 2012-06-05 22:16
.
Pre-Run: 31,327,379,456 bytes free
Post-Run: 31,295,975,424 bytes free
.
- - End Of File - - 2FC0583E5FC2F2F56B6ECA3127EA4C37



his log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/05/2012 at 17:23:32.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 06/05/2012 at 17:23:36.

 

part one

OTL logfile created on: 6/5/2012 7:15:29 PM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\john\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 75.63% Memory free
3.10 Gb Paging File | 2.69 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 29.16 Gb Free Space | 26.09% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 691.98 Gb Free Space | 74.29% Space Free | Partition Type: NTFS

Computer Name: HOMEMADE | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/05 19:04:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 01:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/05/10 03:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/24 20:05:01 | 000,967,680 | ---- | M] (STV Software) -- C:\Program Files\SensorsView\sview.exe
PRC - [2004/09/03 03:58:48 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe
PRC - [2003/10/31 20:42:40 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2012/05/05 12:17:42 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 19:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2005/08/02 16:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [1998/10/06 09:36:26 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\drivers\papycpu.sys -- (papycpu)
SRV - [1998/10/06 09:36:26 | 000,001,888 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\xpad.sys -- (XPAD)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINIO.sys -- (WINIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\john\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/09/26 10:53:00 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/09/26 10:52:00 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/09/26 10:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/03 16:19:18 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/06/27 19:28:55 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/08/02 16:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/11/26 08:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/04 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (bkn50USB)
DRV - [2004/05/14 10:24:10 | 000,622,172 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/23 22:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/12/05 05:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/26 17:25:14 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/08/26 17:24:06 | 000,675,840 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/08/26 17:22:34 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/16 15:58:30 | 000,013,056 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [1998/10/06 09:36:26 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\WINDOWS\system32\drivers\papycpu.sys -- (papycpu)
DRV - [1998/10/06 09:36:26 | 000,001,888 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {09971cee-01b8-42bc-9d91-456b1faad6be}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\..\SearchScopes,DefaultScope = {6EDC192B-5EA7-4678-BBAB-817AFB4C485B}
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\..\SearchScopes\{6EDC192B-5EA7-4678-BBAB-817AFB4C485B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DVXA_en
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\..\SearchScopes\{EFE2B336-DBD7-4FB8-AEC2-E0F828769AEC}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\john\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\john\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\john\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Brushed = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: WOT = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14_0\
CHR - Extension: YouTube = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Poppit = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\john\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/05 17:12:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\john\Start Menu\Programs\Startup\SensorsView.lnk = C:\Program Files\SensorsView\sview.exe (STV Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1708537768-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {072CB141-B793-11D1-89B6-0020182C1446} file://D:\Utilities\IntraLaunch.CAB (IntraLaunch.MainControl)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://creatives3.lakefield.net:85/SysCamInst.cab (Panasonic Network Camera)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://212.129.168.37:81/kxhcm10.ocx (KXHCM10 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} http://74.171.128.39:8080/program/SonySncRz25View.cab (Sony SNC-RZ25 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://tmc.baycountyfl.gov:2301/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{374977FD-6CC6-49EA-8948-D5D99F8C6DBB}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/04 02:23:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink DVD Solution\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.444p - C:\Program Files\t@b\0.949\686\tabdec.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mpng - C:\Program Files\t@b\0.949\686\tabdec.dll File not found
Drivers32: vidc.mvjp - C:\Program Files\t@b\0.949\686\tabdec.dll File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/05 19:15:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/05 19:04:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\OTL.exe
[2012/06/05 17:01:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/05 17:01:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/05 17:01:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/05 17:01:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/05 17:01:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/05 16:50:51 | 004,538,040 | R--- | C] (Swearware) -- C:\Documents and Settings\john\Desktop\ComboFix.exe
[2012/06/05 14:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john\Desktop\bootkit_remover
[2012/06/04 15:46:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\john\Desktop\dds.scr
[2012/06/04 15:35:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\john\Desktop\aswMBR.exe
[2012/06/03 17:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mplayer.com
[2012/06/03 17:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mplayer
[2012/05/17 10:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john\My Documents\dexter
[2012/05/11 11:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john\Desktop\miss links
[2012/05/11 11:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john\Desktop\microsoft

========== Files - Modified Within 30 Days ==========

[2012/06/05 19:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/05 19:17:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8FED1F4D-9412-47D5-83B7-D9F95F0BC470}.job
[2012/06/05 19:04:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\OTL.exe
[2012/06/05 18:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/05 17:21:58 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\john\Desktop\rkill.com
[2012/06/05 17:12:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/05 16:51:01 | 004,538,040 | R--- | M] (Swearware) -- C:\Documents and Settings\john\Desktop\ComboFix.exe
[2012/06/05 14:55:48 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2012/06/05 14:03:35 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\john\Desktop\bootkit_remover.zip
[2012/06/05 11:10:52 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/05 11:01:08 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/05 11:01:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/05 11:00:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/05 11:00:40 | 2683,883,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/04 15:46:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\john\Desktop\dds.scr
[2012/06/04 15:40:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\john\Desktop\MBR.dat
[2012/06/04 15:35:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\john\Desktop\aswMBR.exe
[2012/06/03 20:52:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\john\Desktop\ieqfzf1e.exe
[2012/06/03 10:55:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/06/03 01:09:22 | 000,000,960 | ---- | M] () -- C:\Documents and Settings\john\Application Data\result.db
[2012/06/01 22:34:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/24 15:10:56 | 000,163,353 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/24 14:30:49 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\john\Desktop\My Home.url
[2012/05/18 17:20:09 | 000,191,769 | ---- | M] () -- C:\Documents and Settings\john\My Documents\pspbrwse.jbf
[2012/05/11 15:14:25 | 000,140,288 | ---- | M] () -- C:\Documents and Settings\john\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/11 11:31:33 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\john\Desktop\Windows XP Commands.url
[2012/05/11 11:27:46 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\john\Desktop\CABLESTOGO Value Series High Speed HDMI Cable with Ethernet - 6.5 ft Desktop Accessories Dell.url
[2012/05/11 11:22:05 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\john\Desktop\Online social secutry.url
[2012/05/10 14:07:30 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 13:14:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/10 13:02:50 | 000,444,770 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/10 13:02:50 | 000,072,454 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

 

part two


[2012/06/05 17:22:04 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\john\Desktop\rkill.com
[2012/06/05 17:01:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/05 17:01:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/05 17:01:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/05 17:01:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/05 17:01:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/05 14:03:44 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\john\Desktop\bootkit_remover.zip
[2012/06/04 15:40:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\john\Desktop\MBR.dat
[2012/06/03 20:52:10 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\john\Desktop\ieqfzf1e.exe
[2012/06/03 17:34:42 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/03 17:24:25 | 2683,883,520 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/03 01:09:22 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\john\Application Data\result.db
[2012/03/24 12:05:30 | 000,122,771 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2012/03/24 12:05:30 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2011/12/09 20:22:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7Vx4dw.com.b
[2011/12/09 20:20:18 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vl6CF72D.dat
[2011/12/05 14:41:41 | 000,100,926 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/05 14:41:41 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat

========== LOP Check ==========

[2009/11/11 20:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/10/17 12:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\badczido
[2010/06/05 15:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/05/02 14:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/12/30 22:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Masque
[2008/05/01 21:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/12/17 16:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/08/06 13:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/08 21:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/12/18 18:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/25 14:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/11 20:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\acccore
[2011/06/10 09:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\AppGraffiti
[2011/04/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\Catalina Marketing Corp
[2010/06/28 12:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\E-centives
[2009/04/05 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\Ethereal
[2010/12/25 14:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\imeshmediabartb
[2011/01/04 15:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\Masque
[2011/06/10 09:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\PCPowerSpeed
[2011/06/10 09:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\RebateInformer
[2010/04/10 13:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\ScanSoft
[2010/10/14 09:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\Windows Desktop Search
[2010/10/14 12:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\evelyn\Application Data\Windows Search
[2006/05/02 20:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\allTunes
[2011/06/11 10:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\AppGraffiti
[2009/04/03 23:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\Ethereal
[2010/11/26 17:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\GARMIN
[2011/04/24 12:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\Jasc
[2010/12/30 22:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\Masque
[2008/08/06 13:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\ScanSoft
[2012/05/11 11:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\SProxy
[2010/10/13 21:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\Windows Search
[2009/08/30 10:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/12/09 20:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AppGraffiti
[2012/06/05 19:17:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8FED1F4D-9412-47D5-83B7-D9F95F0BC470}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/02/04 02:23:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/07/23 11:36:46 | 023,501,010 | ---- | M] () -- C:\BellSouthIW.re~
[2006/01/23 14:42:48 | 000,002,281 | ---- | M] () -- C:\BitTornado-0.3.7-w32install.exe.torrent
[2009/07/18 15:17:52 | 000,000,370 | ---- | M] () -- C:\BnetLog.txt
[2010/01/20 20:55:40 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/10 23:24:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2006/01/23 14:44:31 | 002,658,841 | ---- | M] () -- C:\burst-3.1.0b.exe
[2011/12/11 12:34:42 | 001,210,429 | ---- | M] () -- C:\caisslog.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2012/06/05 17:16:14 | 000,019,896 | ---- | M] () -- C:\ComboFix.txt
[2005/02/04 02:23:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/06/13 12:45:06 | 000,000,068 | ---- | M] () -- C:\DVDPATH.TXT
[2012/06/05 11:00:40 | 2683,883,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 15:06:42 | 000,318,026 | ---- | M] () -- C:\hpfr6500.log
[2007/03/28 20:42:59 | 000,002,147 | ---- | M] () -- C:\info.txt
[2011/05/14 12:53:08 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2005/02/04 02:23:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/11 20:18:14 | 000,001,333 | -H-- | M] () -- C:\IPH.PH
[2007/03/12 09:51:10 | 000,004,361 | ---- | M] () -- C:\iPod_log.txt
[2008/11/24 21:26:09 | 000,022,750 | ---- | M] () -- C:\JavaRa.log
[2010/05/21 22:58:13 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/02/04 02:23:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/07 11:43:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/05 11:00:33 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2012/06/05 17:23:36 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2007/08/06 21:19:17 | 021,425,280 | ---- | M] (McAfee, Inc.) -- C:\sdat5091.exe
[2011/12/05 11:07:25 | 000,001,128 | ---- | M] () -- C:\settings.dat
[2009/08/17 23:53:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/10/20 19:32:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/12/29 12:22:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/03/07 00:42:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/06 00:06:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/07 01:57:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/03/07 17:45:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/03/08 01:37:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/03/09 11:57:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/03/09 20:19:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/03/10 09:49:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/03/11 00:04:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/03/12 19:05:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/03/13 00:42:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/03/13 22:54:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/14 14:28:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/03/14 14:54:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/06/11 00:08:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/07/11 12:06:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/17 16:30:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/17 23:53:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/10/20 19:32:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/12/29 12:22:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/03/07 00:42:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/06 00:06:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/07 01:57:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/03/07 17:45:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/03/08 01:37:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/03/09 11:57:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/03/09 20:19:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/03/10 09:49:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/03/11 00:04:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/03/12 19:05:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/03/13 00:42:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/03/13 22:54:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/03/14 14:28:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/03/14 14:54:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/06/11 00:08:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/07/11 12:06:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/08/17 16:30:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/08/08 19:05:42 | 000,000,358 | ---- | M] () -- C:\SuperDAT.log
[2007/01/30 15:07:42 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/02/04 02:23:32 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2001/11/20 14:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2005/02/10 22:59:53 | 000,073,795 | ---- | M] () -- C:\WINDOWS\3dmatrixcore_ss01.jpg

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2004/05/18 12:50:58 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\My Yahoo!.url
[2004/05/18 12:49:54 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo! Bookmarks.url
[2004/05/18 17:26:04 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo! Mail.url
[2004/05/18 17:13:06 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo!.url

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/03/28 14:57:53 | 018,895,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Install_Messenger.exe
[2005/07/29 20:39:07 | 014,651,330 | ---- | M] () -- C:\Program Files\OldeEnglish.org_-_Deadpuppies.mov
[2005/07/28 10:35:16 | 959,653,376 | ---- | M] () -- C:\Program Files\ragnarok_setup.exe
[2004/03/11 14:27:22 | 000,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/02/03 20:06:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/02/03 20:06:15 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/02/03 20:06:15 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/07 11:55:45 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/11/01 20:23:55 | 000,000,234 | ---- | M] () -- C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\ATT.NET - Email, News, Sports, Entertainment and Games.url
[2005/02/04 02:35:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/04 15:35:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\john\Desktop\aswMBR.exe
[2008/11/23 14:21:50 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\john\Desktop\ATF-Cleaner.exe
[2012/06/05 16:51:01 | 004,538,040 | R--- | M] (Swearware) -- C:\Documents and Settings\john\Desktop\ComboFix.exe
[2012/06/03 20:52:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\john\Desktop\ieqfzf1e.exe
[2012/06/05 19:04:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\OTL.exe
[2011/12/11 18:51:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/05 19:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/01 22:34:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2004/08/04 07:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/06/03 10:55:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/06/05 11:01:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/05 18:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/05 11:10:52 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/05 17:16:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/06/05 19:17:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8FED1F4D-9412-47D5-83B7-D9F95F0BC470}.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >
[2005/12/19 16:10:27 | 000,010,240 | -HS- | M] () -- C:\WINDOWS\Java\Thumbs.db

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2005/02/21 23:40:56 | 040,370,273 | ---- | M] (BVRP Software ) -- C:\Documents and Settings\john\My Documents\(Win) Motorola Mobile Phone Tools Deluxe 3.11.exe
[2008/01/23 11:10:18 | 045,943,224 | ---- | M] (NVIDIA Corporation ) -- C:\Documents and Settings\john\My Documents\169.21_forceware_winxp_32bit_english_whql.exe
[2006/02/23 21:38:26 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\john\My Documents\cwshredder.exe
[2011/05/26 09:11:50 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\john\My Documents\drivedetect.exe
[2011/05/26 09:13:17 | 017,977,016 | ---- | M] () -- C:\Documents and Settings\john\My Documents\SeaToolsforWindowsSetup-1205.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2001/08/03 18:29:18 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\Usbscan.sys

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/02/04 02:35:07 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\john\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/08/01 22:15:41 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\john\Cookies\desktop.ini
[2012/06/05 19:04:18 | 000,114,688 | -HS- | M] () -- C:\Documents and Settings\john\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >