Solved Concern with HiJack This log

broni · 2010/07/18

You didn't go my link, how to do it...

MICROSOFT SECURITY ESSENTIALS

* Open MSE and go to Settings > Real Time Protection.
* Then uncheck "Turn on real time protection ".
* Exit MSE when done.
Click to expand...

DugE · 2010/07/18

my bad, thanks.

broni · 2010/07/18

No problem

DugE · 2010/07/18

ComboFix 10-07-16.02 - Owner 07/18/2010 20:17:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.215 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iAlmcoin.dll
c:\windows\system32\ps2.bat
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-17 20:23 . 2010-07-17 20:23 -------- d-----w- c:\documents and settings\Owner\Application Data\SampleView
2010-07-16 15:51 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-16 15:51 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-16 01:02 . 2010-07-16 01:02 -------- d-----w- c:\program files\Common Files\Java
2010-07-16 01:00 . 2010-07-16 01:00 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-07-16 01:00 . 2010-07-16 01:00 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-07-16 00:10 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-16 00:03 . 2010-07-16 00:03 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-15 23:45 . 2010-07-15 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-07-15 23:43 . 2010-07-15 23:43 -------- d-----w- c:\program files\COMODO
2010-07-15 23:34 . 2010-07-15 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-07-15 23:32 . 2010-07-15 23:32 -------- d-----w- c:\windows\Internet Logs
2010-07-14 16:26 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-10 00:09 . 2008-04-14 08:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-09 23:08 . 2010-07-09 23:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Template
2010-07-09 23:04 . 2010-07-09 23:04 -------- d-----w- c:\program files\hp deskjet 5550 series
2010-07-09 23:01 . 2008-04-14 08:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-09 23:01 . 2008-04-14 08:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-02 17:28 . 2010-07-02 17:28 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint
2010-07-02 17:27 . 2010-07-02 17:27 -------- d-----w- c:\program files\Conduit
2010-07-02 17:27 . 2010-07-02 17:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2010-07-02 17:26 . 2010-07-02 17:26 -------- d-----w- c:\program files\CheckPoint
2010-06-28 02:09 . 2010-06-28 02:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2010-06-23 01:26 . 2010-06-23 01:26 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2010-06-22 20:55 . 2010-06-22 20:55 -------- d-----w- c:\program files\Auslogics
2010-06-22 04:32 . 2010-07-18 23:53 15 ----a-w- c:\windows\popcinfo.dat
2010-06-22 04:29 . 2010-06-22 04:29 -------- d-----w- c:\program files\PopCap Games
2010-06-19 23:18 . 2010-06-19 23:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-06-19 19:48 . 2010-07-19 03:33 51 ----a-w- c:\documents and settings\Owner\jagex__preferences3.dat
2010-06-19 19:48 . 2010-07-19 03:33 99 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-06-19 19:44 . 2010-07-19 03:33 46 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2010-06-19 19:44 . 2010-06-26 23:52 -------- d-----w- c:\windows\.jagex_cache_32
2010-06-19 19:44 . 2010-06-19 19:44 -------- d-----w- c:\windows\Sun
2010-06-19 18:57 . 2010-07-18 04:39 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-19 18:57 . 2010-06-19 18:57 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-19 18:57 . 2010-07-18 04:39 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-19 18:56 . 2010-06-19 18:56 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-06-19 18:56 . 2010-06-19 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-19 18:56 . 2010-06-19 18:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 18:54 . 2010-07-18 03:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-19 18:54 . 2010-01-11 03:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-06-19 18:54 . 2010-07-18 03:29 -------- d-----w- c:\program files\SpywareBlaster
2010-06-19 18:53 . 2010-07-12 06:07 -------- d-----w- c:\program files\CCleaner
2010-06-19 17:26 . 2010-06-19 17:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-06-19 17:25 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 17:25 . 2010-06-19 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-19 17:25 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 17:25 . 2010-06-19 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 17:23 . 2010-06-19 17:23 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23cdb735-n\msvcp71.dll
2010-06-19 17:23 . 2010-06-19 17:23 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23cdb735-n\jmc.dll
2010-06-19 17:23 . 2010-06-19 17:23 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23cdb735-n\msvcr71.dll
2010-06-19 17:23 . 2010-06-19 17:23 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44e74a3c-n\decora-sse.dll
2010-06-19 17:23 . 2010-06-19 17:23 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44e74a3c-n\decora-d3d.dll
2010-06-19 17:23 . 2010-07-16 01:01 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-19 17:22 . 2010-07-16 01:00 -------- d-----w- c:\program files\Java
2010-06-19 17:15 . 2010-06-19 17:15 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-19 17:14 . 2010-03-29 16:53 32576 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-06-19 17:14 . 2010-03-29 16:53 29984 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-06-19 17:11 . 2010-06-19 17:11 0 ----a-w- c:\windows\nsreg.dat
2010-06-19 17:11 . 2010-06-19 17:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-06-19 16:51 . 2010-06-19 16:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-19 16:40 . 2005-07-12 06:28 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2010-06-19 16:40 . 2005-07-12 06:28 6048 ----a-w- c:\windows\system32\MCC16.dll
2010-06-19 16:40 . 2010-06-19 16:41 -------- d-----w- c:\program files\Common Files\Motive
2010-06-19 16:35 . 2010-06-19 16:35 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2010-06-19 16:30 . 2004-08-20 23:50 159744 ----a-w- c:\windows\system32\igfxres.dll
2010-06-19 16:18 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2010-06-19 16:18 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2010-06-19 16:17 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2010-06-19 16:17 . 2010-01-29 15:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-06-19 16:17 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2010-06-19 16:16 . 2010-02-05 18:27 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2010-06-19 16:14 . 2009-11-27 16:07 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2010-06-19 16:14 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-06-19 16:13 . 2010-05-02 05:22 1851264 -c----w- c:\windows\system32\dllcache\win32k.sys
2010-06-19 16:13 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2010-06-19 16:13 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2010-06-19 16:13 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2010-06-19 16:13 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2010-06-19 16:13 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2010-06-19 16:12 . 2008-06-17 19:02 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2010-06-19 16:12 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2010-06-19 16:12 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2010-06-19 16:09 . 2009-06-25 08:25 147456 -c----w- c:\windows\system32\dllcache\schannel.dll
2010-06-19 16:09 . 2009-06-25 08:25 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2010-06-19 16:09 . 2009-03-21 14:06 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2010-06-19 16:08 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-06-19 16:08 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-19 16:08 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-19 16:08 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-06-19 16:07 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2010-06-19 16:02 . 2008-06-24 16:43 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2010-06-19 16:01 . 2010-02-11 12:02 226880 -c----w- c:\windows\system32\dllcache\tcpip6.sys
2010-06-19 16:01 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-06-19 16:01 . 2008-06-20 17:46 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2010-06-19 16:01 . 2008-06-20 17:46 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2010-06-19 16:01 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2010-06-19 16:01 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-19 15:59 . 2008-07-07 20:26 253952 -c----w- c:\windows\system32\dllcache\es.dll
2010-06-19 15:59 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-06-19 15:58 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-19 15:58 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-06-19 15:54 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-19 15:54 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-19 15:52 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-06-19 15:52 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-06-19 15:52 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-06-19 15:52 . 2009-08-25 09:17 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2010-06-19 15:51 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2010-06-19 15:51 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2010-06-19 15:51 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-06-19 15:47 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-19 15:43 . 2010-01-29 15:01 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-06-19 15:39 . 2010-06-19 14:28 -------- d-----w- c:\windows\ie8updates
2010-06-19 15:38 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-19 15:38 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-19 15:38 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-19 15:38 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-19 15:38 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-19 15:38 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-19 15:34 . 2010-07-14 16:29 -------- d--h--w- c:\windows\$hf_mig$
2010-06-19 15:16 . 2007-10-12 23:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-06-19 15:00 . 2010-06-19 15:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-19 14:58 . 2010-06-19 14:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 14:54 . 2010-07-09 23:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 23:06 . 2003-08-23 14:12 24960 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-09 23:04 . 2003-08-23 13:51 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-19 04:47 . 2003-08-23 12:52 79915 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-06-19 03:58 . 2010-06-19 03:58 -------- d-----w- c:\program files\microsoft frontpage
2010-06-19 03:50 . 2003-08-23 14:32 -------- d-----w- c:\program files\Microsoft Works
2010-06-19 03:30 . 2003-08-29 03:19 -------- d-----w- c:\documents and settings\Owner\Application Data\interMute
2010-06-19 03:29 . 2003-08-23 14:14 -------- d-----w- c:\program files\Common Files\Real
2010-06-19 03:27 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-19 03:22 . 2003-08-29 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-19 03:15 . 2003-08-23 13:54 -------- d-----w- c:\program files\HP
2010-06-19 03:11 . 2003-08-24 03:36 -------- d-----w- c:\program files\HP Instant Support
2010-06-19 02:53 . 2010-06-19 02:53 3532 --sha-r- c:\windows\system32\drivers\HP_DM185A-ABA a335w_YUU_Pavi_QMXM344_E34NAheBLU2_4_IGlendale motherboard_STriGem Computer Inc._V_B3.24_T031014_WXH1_L409_M504_J80_7Intel_8Pentium 4_92.49_1_N10EC8139_P_Z_K_A808624C5_U808624C2_G80862562_OIDE-CD CDRW7352.MRK
2010-06-14 14:31 . 2010-06-19 01:42 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-04 19:55 . 2010-06-04 19:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-02 12:55 . 2010-06-19 15:17 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 12:55 . 2010-06-19 15:17 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 12:55 . 2010-06-19 15:17 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-02 03:00 . 2010-06-02 03:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-02 03:00 . 2010-06-02 03:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-02 03:00 . 2010-06-02 03:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-02 03:00 . 2010-06-02 03:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-26 19:41 . 2010-06-19 15:17 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 19:41 . 2010-06-19 15:17 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 19:41 . 2010-06-19 15:17 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 19:41 . 2010-06-19 15:17 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 19:41 . 2010-06-19 15:17 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-06 10:41 . 2010-06-19 01:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2010-06-19 01:43 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2010-06-19 01:41 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-01-17 18:14 . 2010-06-19 02:36 0 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW "= "nview.dll" [2003-05-03 835654]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz "= "nwiz.exe" [2003-05-03 323584]
"PS2 "= "c:\windows\system32\ps2.exe" [2002-10-16 81920]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-04 50176]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-02 2039240]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
2003-06-19 02:19 53248 ----a-w- c:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 25240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = localhost
TCP: {0245F97A-D93A-4880-9FD5-FE161F846221} = 156.154.70.22,156.154.71.22
TCP: {474C9980-0D09-4701-9F6C-B671CBB6DA49} = 156.154.70.22,156.154.71.22
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-18 20:24
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName "= "Services en ligne "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName "= "Servicios en lÃnea "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online tjenster "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName "= "Servicios en lÃnea "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online tjÃ¤nster "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\guard32.dll
.
Completion time: 2010-07-18 20:28:03
ComboFix-quarantined-files.txt 2010-07-19 04:28

Pre-Run: 64,481,898,496 bytes free
Post-Run: 64,447,250,432 bytes free

- - End Of File - - 9C945BF9DC2E091E2D100A2843EBB355

broni · 2010/07/18

You're running two firewalls, Comodo and ZoneAlarm. One of them has to go.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\documents and settings\All Users\Application Data\Symantec

DDS::
TCP: {0245F97A-D93A-4880-9FD5-FE161F846221} = 156.154.70.22,156.154.71.22
TCP: {474C9980-0D09-4701-9F6C-B671CBB6DA49} = 156.154.70.22,156.154.71.22
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

DugE · 2010/07/18

I unstalled ZA via Add/Remove, rebooted, then installed comodo. Don't understand why ZA still showing up. Anyway here's the log:

ComboFix 10-07-16.02 - Owner 07/18/2010 20:54:52.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.247 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Catalog.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Catalog.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Catalog.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Catalog.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate

.
((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-17 20:23 . 2010-07-17 20:23 -------- d-----w- c:\documents and settings\Owner\Application Data\SampleView
2010-07-16 15:51 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-16 15:51 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-16 01:02 . 2010-07-16 01:02 -------- d-----w- c:\program files\Common Files\Java
2010-07-16 01:00 . 2010-07-16 01:00 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-07-16 01:00 . 2010-07-16 01:00 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-07-16 00:10 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-16 00:03 . 2010-07-16 00:03 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-15 23:45 . 2010-07-15 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-07-15 23:43 . 2010-07-15 23:43 -------- d-----w- c:\program files\COMODO
2010-07-15 23:34 . 2010-07-15 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-07-15 23:32 . 2010-07-15 23:32 -------- d-----w- c:\windows\Internet Logs
2010-07-14 16:26 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-10 00:09 . 2008-04-14 08:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-09 23:08 . 2010-07-09 23:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Template
2010-07-09 23:04 . 2010-07-09 23:04 -------- d-----w- c:\program files\hp deskjet 5550 series
2010-07-09 23:01 . 2008-04-14 08:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-09 23:01 . 2008-04-14 08:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-02 17:28 . 2010-07-02 17:28 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint
2010-07-02 17:27 . 2010-07-02 17:27 -------- d-----w- c:\program files\Conduit
2010-07-02 17:27 . 2010-07-02 17:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2010-07-02 17:26 . 2010-07-02 17:26 -------- d-----w- c:\program files\CheckPoint
2010-06-28 02:09 . 2010-06-28 02:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2010-06-23 01:26 . 2010-06-23 01:26 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2010-06-22 20:55 . 2010-06-22 20:55 -------- d-----w- c:\program files\Auslogics
2010-06-22 04:32 . 2010-07-18 23:53 15 ----a-w- c:\windows\popcinfo.dat
2010-06-22 04:29 . 2010-06-22 04:29 -------- d-----w- c:\program files\PopCap Games
2010-06-19 23:18 . 2010-06-19 23:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-06-19 19:48 . 2010-07-19 03:33 51 ----a-w- c:\documents and settings\Owner\jagex__preferences3.dat
2010-06-19 19:48 . 2010-07-19 03:33 99 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-06-19 19:44 . 2010-07-19 03:33 46 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2010-06-19 19:44 . 2010-06-26 23:52 -------- d-----w- c:\windows\.jagex_cache_32
2010-06-19 19:44 . 2010-06-19 19:44 -------- d-----w- c:\windows\Sun
2010-06-19 18:57 . 2010-07-18 04:39 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-19 18:57 . 2010-06-19 18:57 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-19 18:57 . 2010-07-18 04:39 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-19 18:56 . 2010-06-19 18:56 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-06-19 18:56 . 2010-06-19 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-19 18:56 . 2010-06-19 18:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 18:54 . 2010-07-18 03:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-19 18:54 . 2010-01-11 03:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-06-19 18:54 . 2010-07-18 03:29 -------- d-----w- c:\program files\SpywareBlaster
2010-06-19 18:53 . 2010-07-12 06:07 -------- d-----w- c:\program files\CCleaner
2010-06-19 17:26 . 2010-06-19 17:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-06-19 17:25 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 17:25 . 2010-06-19 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-19 17:25 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 17:25 . 2010-06-19 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 17:23 . 2010-06-19 17:23 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23cdb735-n\msvcp71.dll
2010-06-19 17:23 . 2010-06-19 17:23 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23cdb735-n\jmc.dll
2010-06-19 17:23 . 2010-06-19 17:23 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23cdb735-n\msvcr71.dll
2010-06-19 17:23 . 2010-06-19 17:23 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44e74a3c-n\decora-sse.dll
2010-06-19 17:23 . 2010-06-19 17:23 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44e74a3c-n\decora-d3d.dll
2010-06-19 17:23 . 2010-07-16 01:01 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-19 17:22 . 2010-07-16 01:00 -------- d-----w- c:\program files\Java
2010-06-19 17:15 . 2010-06-19 17:15 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-19 17:14 . 2010-03-29 16:53 32576 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-06-19 17:14 . 2010-03-29 16:53 29984 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-06-19 17:11 . 2010-06-19 17:11 0 ----a-w- c:\windows\nsreg.dat
2010-06-19 17:11 . 2010-06-19 17:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-06-19 16:51 . 2010-06-19 16:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-19 16:40 . 2005-07-12 06:28 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2010-06-19 16:40 . 2005-07-12 06:28 6048 ----a-w- c:\windows\system32\MCC16.dll
2010-06-19 16:40 . 2010-06-19 16:41 -------- d-----w- c:\program files\Common Files\Motive
2010-06-19 16:35 . 2010-06-19 16:35 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2010-06-19 16:30 . 2004-08-20 23:50 159744 ----a-w- c:\windows\system32\igfxres.dll
2010-06-19 16:18 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2010-06-19 16:18 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2010-06-19 16:17 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2010-06-19 16:17 . 2010-01-29 15:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-06-19 16:17 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2010-06-19 16:16 . 2010-02-05 18:27 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2010-06-19 16:14 . 2009-11-27 16:07 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2010-06-19 16:14 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-06-19 16:13 . 2010-05-02 05:22 1851264 -c----w- c:\windows\system32\dllcache\win32k.sys
2010-06-19 16:13 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2010-06-19 16:13 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2010-06-19 16:13 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2010-06-19 16:13 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2010-06-19 16:13 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2010-06-19 16:12 . 2008-06-17 19:02 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2010-06-19 16:12 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2010-06-19 16:12 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2010-06-19 16:09 . 2009-06-25 08:25 147456 -c----w- c:\windows\system32\dllcache\schannel.dll
2010-06-19 16:09 . 2009-06-25 08:25 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2010-06-19 16:09 . 2009-03-21 14:06 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2010-06-19 16:08 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-06-19 16:08 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-19 16:08 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-19 16:08 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-06-19 16:07 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2010-06-19 16:02 . 2008-06-24 16:43 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2010-06-19 16:01 . 2010-02-11 12:02 226880 -c----w- c:\windows\system32\dllcache\tcpip6.sys
2010-06-19 16:01 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-06-19 16:01 . 2008-06-20 17:46 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2010-06-19 16:01 . 2008-06-20 17:46 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2010-06-19 16:01 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2010-06-19 16:01 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-19 15:59 . 2008-07-07 20:26 253952 -c----w- c:\windows\system32\dllcache\es.dll
2010-06-19 15:59 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-06-19 15:58 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-19 15:58 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-06-19 15:54 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-19 15:54 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-19 15:52 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-06-19 15:52 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-06-19 15:52 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-06-19 15:52 . 2009-08-25 09:17 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2010-06-19 15:51 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2010-06-19 15:51 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2010-06-19 15:51 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-06-19 15:47 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-19 15:43 . 2010-01-29 15:01 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-06-19 15:39 . 2010-06-19 14:28 -------- d-----w- c:\windows\ie8updates
2010-06-19 15:38 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-19 15:38 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-19 15:38 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-19 15:38 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-19 15:38 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-19 15:38 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-19 15:34 . 2010-07-14 16:29 -------- d--h--w- c:\windows\$hf_mig$
2010-06-19 15:16 . 2007-10-12 23:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-06-19 15:00 . 2010-06-19 15:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-19 14:58 . 2010-06-19 14:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 14:54 . 2010-07-09 23:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 23:06 . 2003-08-23 14:12 24960 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-09 23:04 . 2003-08-23 13:51 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-19 04:47 . 2003-08-23 12:52 79915 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-06-19 03:58 . 2010-06-19 03:58 -------- d-----w- c:\program files\microsoft frontpage
2010-06-19 03:50 . 2003-08-23 14:32 -------- d-----w- c:\program files\Microsoft Works
2010-06-19 03:30 . 2003-08-29 03:19 -------- d-----w- c:\documents and settings\Owner\Application Data\interMute
2010-06-19 03:29 . 2003-08-23 14:14 -------- d-----w- c:\program files\Common Files\Real
2010-06-19 03:27 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-19 03:15 . 2003-08-23 13:54 -------- d-----w- c:\program files\HP
2010-06-19 03:11 . 2003-08-24 03:36 -------- d-----w- c:\program files\HP Instant Support
2010-06-19 02:53 . 2010-06-19 02:53 3532 --sha-r- c:\windows\system32\drivers\HP_DM185A-ABA a335w_YUU_Pavi_QMXM344_E34NAheBLU2_4_IGlendale motherboard_STriGem Computer Inc._V_B3.24_T031014_WXH1_L409_M504_J80_7Intel_8Pentium 4_92.49_1_N10EC8139_P_Z_K_A808624C5_U808624C2_G80862562_OIDE-CD CDRW7352.MRK
2010-06-14 14:31 . 2010-06-19 01:42 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-04 19:55 . 2010-06-04 19:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-02 12:55 . 2010-06-19 15:17 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 12:55 . 2010-06-19 15:17 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 12:55 . 2010-06-19 15:17 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-02 03:00 . 2010-06-02 03:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-02 03:00 . 2010-06-02 03:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-02 03:00 . 2010-06-02 03:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-02 03:00 . 2010-06-02 03:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-26 19:41 . 2010-06-19 15:17 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 19:41 . 2010-06-19 15:17 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 19:41 . 2010-06-19 15:17 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 19:41 . 2010-06-19 15:17 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 19:41 . 2010-06-19 15:17 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-06 10:41 . 2010-06-19 01:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2010-06-19 01:43 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2010-06-19 01:41 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-01-17 18:14 . 2010-06-19 02:36 0 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot@2010-07-19_04.24.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-19 04:33 . 2010-07-19 04:33 16384 c:\windows\Temp\Perflib_Perfdata_6d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW "= "nview.dll" [2003-05-03 835654]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz "= "nwiz.exe" [2003-05-03 323584]
"PS2 "= "c:\windows\system32\ps2.exe" [2002-10-16 81920]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-04 50176]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-02 2039240]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
2003-06-19 02:19 53248 ----a-w- c:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 25240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = localhost
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-18 21:01
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName "= "Services en ligne "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName "= "Servicios en lÃnea "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online tjenster "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName "= "Servicios en lÃnea "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online tjÃ¤nster "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\guard32.dll
.
Completion time: 2010-07-18 21:04:37
ComboFix-quarantined-files.txt 2010-07-19 05:04

Pre-Run: 64,446,242,816 bytes free
Post-Run: 64,435,482,624 bytes free

- - End Of File - - CFAE593A2F2B9C9B05F524A8F1CC49A8

broni · 2010/07/18

Don't understand why ZA still showing up
Click to expand...

That's fine. Maybe some registry leftover. Don't worry about it.

Combofix log looks good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

DugE · 2010/07/18

OTL logfile created on: 7/18/2010 5:58:21 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 229.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.79 Gb Total Space | 60.05 Gb Free Space | 88.57% Space Free | Partition Type: NTFS
Drive D: | 6.74 Gb Total Space | 2.42 Gb Free Space | 35.87% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYCOMPUTER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/18 17:39:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/06/01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/10/16 15:57:10 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
PRC - [2002/03/18 03:00:57 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

========== Modules (SafeList) ==========

MOD - [2010/07/18 17:39:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008/04/14 04:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/04 11:55:58 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/06/01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2005/01/31 18:20:50 | 000,071,040 | R--- | M] (Linksys, A Division of Cisco Systems, Inc ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EG1032xp.sys -- (RTL8023xp)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 21:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/08/23 05:57:23 | 000,057,216 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/06/30 23:05:36 | 000,756,444 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/05/06 14:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 07:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/03/19 21:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/02/20 15:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/12/27 10:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 16:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 13:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 16:46:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/10 00:46:44 | 000,000,000 | ---D | M]

[2010/06/19 09:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/18 09:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\extensions
[2010/07/11 22:04:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/19 09:14:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xfs6nzka.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/18 09:33:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/15 17:01:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/15 17:01:08 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/18 21:01:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/23 04:53:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/18 20:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/18 17:40:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/18 17:39:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/17 19:20:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/17 12:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/07/17 12:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/07/15 17:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/15 17:01:50 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/15 17:01:49 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/15 17:01:49 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/15 17:01:49 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/15 16:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/15 15:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010/07/15 15:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/07/15 15:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/07/15 15:32:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/07/09 15:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/07/09 15:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\hp deskjet 5550 series
[2010/07/02 09:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ForceField Shared Files
[2010/07/02 09:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2010/07/02 09:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/07/02 09:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
[2010/07/02 09:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/06/27 18:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2010/06/22 17:26:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/06/22 12:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/06/21 20:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/06/19 15:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/06/19 11:44:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/06/19 11:44:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/06/19 10:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/06/19 10:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/19 10:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/19 10:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/19 10:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/06/19 10:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/19 09:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/06/19 09:25:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/19 09:25:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/19 09:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/19 09:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/19 09:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/19 09:23:00 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/19 09:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/06/19 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2010/06/19 09:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2010/06/19 09:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/06/19 09:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/19 08:40:46 | 000,069,632 | ---- | C] (Motive Communications, Inc.) -- C:\WINDOWS\System32\MCCDevice.dll
[2010/06/19 08:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/06/19 08:35:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2010/06/19 08:05:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/19 07:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Windows Updates
[2010/06/19 07:39:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/19 07:34:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/19 07:34:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/19 07:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/19 06:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/06/19 06:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/06/19 06:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/19 06:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
[2010/06/19 06:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2010/06/19 06:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/19 06:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/19 06:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\RegSeeker
[2010/06/19 06:34:26 | 000,000,000 | ---D | C] -- C:\UnZipped
[2010/06/19 06:33:19 | 000,000,000 | ---D | C] -- C:\Tools
[2010/06/19 06:33:04 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/06/19 06:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/19 06:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/19 05:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/06/19 05:48:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/18 21:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\MahjongChamp
[2010/06/18 21:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2

DugE · 2010/07/18

[2010/06/18 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/06/18 21:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/06/18 21:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/06/18 21:09:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/06/18 21:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/18 21:06:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/18 21:05:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\unknown
[2010/06/18 21:04:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/18 21:04:14 | 000,000,000 | ---D | C] -- C:\audiograbber
[2010/06/18 20:51:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/18 20:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/18 20:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/06/18 20:44:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/18 20:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2010/06/18 20:44:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/18 20:44:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/18 20:41:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/18 20:22:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/06/18 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\messenger
[2010/06/18 20:14:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/06/18 20:14:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/06/18 20:12:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/18 20:08:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/18 20:08:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/18 19:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/06/18 19:58:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/06/18 19:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2010/06/18 19:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/06/18 19:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/06/18 19:27:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/18 18:57:34 | 000,071,040 | R--- | C] (Linksys, A Division of Cisco Systems, Inc ) -- C:\WINDOWS\System32\drivers\EG1032xp.sys
[2010/06/18 18:54:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/18 18:54:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/06/18 18:45:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/06/18 18:35:16 | 000,000,000 | ---D | C] -- C:\I386
[2010/06/18 18:24:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2010/06/18 18:24:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2010/06/18 18:24:50 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/06/18 18:24:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2010/06/18 18:24:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2010/06/18 18:24:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2010/06/18 18:24:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2010/06/18 18:24:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2010/06/18 18:24:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/06/18 18:24:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/06/18 18:24:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/06/18 18:24:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/06/18 18:24:34 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/06/18 18:24:20 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/06/18 18:22:45 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/06/18 17:43:35 | 003,374,640 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourP.exe
[2010/06/18 17:43:16 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/18 17:43:16 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/18 17:41:24 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

========== Files - Modified Within 90 Days ==========

[2010/07/18 21:01:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/18 21:01:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/18 19:33:50 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\Owner\jagex__preferences3.dat
[2010/07/18 19:33:50 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
[2010/07/18 19:33:23 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
[2010/07/18 17:39:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/18 17:36:13 | 000,001,395 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/07/18 17:36:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/18 17:36:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/18 17:36:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/18 17:36:05 | 527,482,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/18 17:35:25 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/18 17:35:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/18 17:00:08 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\teyqg7tt.exe
[2010/07/18 15:53:29 | 000,000,015 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/07/17 19:44:51 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/15 17:01:04 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/15 17:01:04 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/15 17:01:04 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/15 17:01:04 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/15 17:01:03 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/15 15:44:41 | 006,411,332 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/15 15:27:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/09 16:22:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MSDraw.ini
[2010/07/09 15:06:43 | 000,024,960 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/09 15:04:19 | 000,000,811 | ---- | M] () -- C:\WINDOWS\hpinfo.lnk
[2010/07/02 09:26:50 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/27 17:11:51 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ATF-Cleaner.lnk
[2010/06/27 17:07:34 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/21 20:29:36 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Deluxe.lnk
[2010/06/20 21:29:13 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Solitaire.lnk
[2010/06/20 15:47:27 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spider Solitaire.lnk
[2010/06/19 14:48:34 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/19 11:04:03 | 000,001,531 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hearts.lnk
[2010/06/19 11:03:55 | 000,001,533 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Freecell.lnk
[2010/06/19 11:02:25 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/06/19 11:02:20 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
[2010/06/19 09:11:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/06/19 08:40:46 | 011,321,318 | ---- | M] () -- C:\BellSouthIW.re~
[2010/06/19 08:25:17 | 000,358,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/19 08:25:17 | 000,313,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/19 08:25:17 | 000,040,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/19 08:06:10 | 000,000,517 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/19 08:06:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/19 06:32:41 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Audiograbber.lnk
[2010/06/18 21:23:30 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MahjongChamp.lnk
[2010/06/18 21:13:20 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/18 21:13:02 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/18 21:13:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/18 21:11:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/18 21:09:53 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/18 20:56:11 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2010/06/18 20:52:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/18 20:41:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/18 20:11:18 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/18 19:50:42 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/18 19:29:11 | 000,000,608 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/06/18 18:53:10 | 000,003,532 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_DM185A-ABA a335w_YUU_Pavi_QMXM344_E34NAheBLU2_4_IGlendale motherboard_STriGem Computer Inc._V_B3.24_T031014_WXH1_L409_M504_J80_7Intel_8Pentium 4_92.49_1_N10EC8139_P_Z_K_A808624C5_U808624C2_G80862562_OIDE-CD CDRW7352.MRK
[2010/06/18 18:51:32 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/18 18:51:30 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/06/18 18:47:08 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/07/18 16:56:19 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\teyqg7tt.exe
[2010/07/17 19:44:44 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/09 16:22:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2010/07/09 15:04:19 | 000,000,811 | ---- | C] () -- C:\WINDOWS\hpinfo.lnk
[2010/06/27 17:11:51 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ATF-Cleaner.lnk
[2010/06/27 17:07:34 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/21 20:32:23 | 000,000,015 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/06/21 20:29:36 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Deluxe.lnk
[2010/06/19 11:48:19 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Owner\jagex__preferences3.dat
[2010/06/19 11:48:18 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
[2010/06/19 11:44:46 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
[2010/06/19 11:04:20 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spider Solitaire.lnk
[2010/06/19 11:04:15 | 000,001,490 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Solitaire.lnk
[2010/06/19 11:04:03 | 000,001,531 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hearts.lnk
[2010/06/19 11:03:55 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Freecell.lnk
[2010/06/19 11:02:25 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/06/19 11:02:20 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
[2010/06/19 09:11:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/19 08:40:46 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2010/06/19 08:40:39 | 011,321,318 | ---- | C] () -- C:\BellSouthIW.re~
[2010/06/19 08:40:33 | 000,006,345 | R--- | C] () -- C:\WINDOWS\System32\DevMngr.vxd
[2010/06/19 08:16:48 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/06/19 06:32:41 | 000,000,573 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Audiograbber.lnk
[2010/06/18 21:23:30 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MahjongChamp.lnk
[2010/06/18 21:15:25 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/18 21:13:20 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/18 21:11:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/18 20:56:11 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2010/06/18 20:44:56 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/06/18 20:44:56 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/06/18 20:44:56 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/06/18 20:44:55 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/06/18 20:44:55 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/06/18 20:44:55 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/06/18 20:44:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/06/18 20:44:54 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/06/18 20:44:54 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/06/18 20:44:54 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/06/18 20:44:54 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/06/18 20:44:54 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/06/18 20:44:54 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/06/18 20:44:54 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/06/18 20:44:54 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/06/18 20:44:54 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/06/18 20:44:54 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/06/18 20:44:54 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/06/18 20:44:54 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/06/18 20:44:54 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/06/18 20:44:54 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/06/18 20:44:54 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/06/18 20:44:54 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/06/18 20:44:54 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/06/18 20:44:54 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/06/18 20:44:54 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/06/18 20:44:54 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/06/18 20:44:54 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/06/18 20:44:54 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/06/18 20:44:54 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/06/18 20:44:54 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/06/18 20:44:54 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/06/18 20:44:54 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/06/18 20:44:53 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/06/18 20:44:53 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/06/18 20:44:53 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/06/18 20:44:53 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/06/18 20:44:53 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/06/18 20:44:53 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/06/18 20:44:53 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/06/18 20:44:53 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/06/18 20:44:53 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/06/18 20:44:53 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/06/18 20:44:53 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/06/18 20:44:53 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/06/18 20:44:53 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/06/18 20:44:53 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/06/18 20:44:53 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/06/18 20:44:53 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/06/18 20:44:53 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/06/18 20:44:53 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/06/18 20:44:53 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/06/18 20:44:53 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/06/18 20:44:53 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/06/18 20:44:53 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/06/18 20:44:53 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/06/18 20:44:53 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/06/18 20:44:53 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/06/18 20:44:53 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/06/18 20:44:53 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/06/18 20:44:53 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/06/18 20:44:53 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/06/18 20:44:53 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/06/18 20:44:53 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/06/18 20:44:53 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/06/18 20:44:53 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/06/18 20:44:53 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/06/18 20:44:53 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/06/18 20:44:53 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/06/18 20:44:52 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/06/18 20:44:52 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/06/18 20:44:52 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/06/18 20:44:52 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/06/18 20:44:52 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm

DugE · 2010/07/18

[2010/06/18 20:44:52 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/06/18 20:44:52 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/06/18 20:44:52 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/06/18 20:44:52 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/06/18 20:44:52 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/06/18 20:44:52 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/06/18 20:44:52 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/06/18 20:44:52 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/06/18 20:42:29 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/06/18 20:42:29 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/06/18 20:42:29 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/06/18 20:14:38 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/06/18 20:14:37 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/06/18 20:14:36 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/06/18 19:50:41 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/18 18:54:21 | 000,000,196 | RHS- | C] () -- C:\BOOT.BAK
[2010/06/18 18:54:19 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2010/06/18 18:53:10 | 000,003,532 | RHS- | C] () -- C:\WINDOWS\System32\drivers\HP_DM185A-ABA a335w_YUU_Pavi_QMXM344_E34NAheBLU2_4_IGlendale motherboard_STriGem Computer Inc._V_B3.24_T031014_WXH1_L409_M504_J80_7Intel_8Pentium 4_92.49_1_N10EC8139_P_Z_K_A808624C5_U808624C2_G80862562_OIDE-CD CDRW7352.MRK
[2010/06/18 18:52:11 | 527,482,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/18 18:51:29 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/06/18 18:51:29 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/06/18 18:44:57 | 000,001,395 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/06/18 17:43:55 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2010/06/18 17:43:51 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/06/18 17:43:48 | 000,032,674 | ---- | C] () -- C:\WINDOWS\System32\winhelp.hlp
[2010/06/18 17:43:47 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2010/06/18 17:43:46 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2010/06/18 17:43:45 | 001,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2010/06/18 17:43:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm
[2010/06/18 17:43:44 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld
[2010/06/18 17:43:44 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve
[2010/06/18 17:43:44 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita
[2010/06/18 17:43:43 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu
[2010/06/18 17:43:43 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu
[2010/06/18 17:43:43 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra
[2010/06/18 17:43:43 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn
[2010/06/18 17:43:43 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve
[2010/06/18 17:43:43 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld
[2010/06/18 17:43:43 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita
[2010/06/18 17:43:43 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra
[2010/06/18 17:43:43 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn
[2010/06/18 17:43:43 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu
[2010/06/18 17:43:43 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu
[2010/06/18 17:43:41 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom
[2010/06/18 17:43:40 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/06/18 17:43:38 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\unicode.nls
[2010/06/18 17:43:37 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2010/06/18 17:43:32 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2010/06/18 17:43:32 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep
[2010/06/18 17:43:32 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep
[2010/06/18 17:43:30 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/06/18 17:43:29 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/06/18 17:43:28 | 000,046,133 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2010/06/18 17:43:23 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\sortkey.nls
[2010/06/18 17:43:23 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2010/06/18 17:43:20 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/06/18 17:43:19 | 000,011,753 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2010/06/18 17:43:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2010/06/18 17:43:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2010/06/18 17:43:18 | 000,033,464 | ---- | C] () -- C:\WINDOWS\System32\services.msc
[2010/06/18 17:43:16 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/06/18 17:43:16 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/06/18 17:43:15 | 000,003,167 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat
[2010/06/18 17:43:13 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2010/06/18 17:43:12 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/06/18 17:43:11 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs
[2010/06/18 17:43:11 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2010/06/18 17:43:11 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2010/06/18 17:43:04 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/06/18 17:43:04 | 000,058,273 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc
[2010/06/18 17:43:04 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/06/18 17:43:04 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep
[2010/06/18 17:43:01 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/18 17:43:01 | 000,006,788 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig
[2010/06/18 17:43:01 | 000,006,788 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.sig
[2010/06/18 17:43:01 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/06/18 17:43:01 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.dat
[2010/06/18 17:42:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/06/18 17:42:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.bin
[2010/06/18 17:42:56 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2010/06/18 17:42:53 | 000,032,968 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2010/06/18 17:42:53 | 000,026,209 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2010/06/18 17:42:52 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif
[2010/06/18 17:42:52 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2010/06/18 17:42:52 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2010/06/18 17:42:52 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2010/06/18 17:42:52 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2010/06/18 17:42:52 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2010/06/18 17:42:51 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/18 17:42:50 | 000,149,848 | ---- | C] () -- C:\WINDOWS\System32\noise.deu
[2010/06/18 17:42:50 | 000,049,196 | ---- | C] () -- C:\WINDOWS\System32\noise.fra
[2010/06/18 17:42:50 | 000,019,684 | ---- | C] () -- C:\WINDOWS\System32\noise.esn
[2010/06/18 17:42:50 | 000,019,618 | ---- | C] () -- C:\WINDOWS\System32\noise.ita
[2010/06/18 17:42:50 | 000,013,730 | ---- | C] () -- C:\WINDOWS\System32\noise.sve
[2010/06/18 17:42:50 | 000,013,256 | ---- | C] () -- C:\WINDOWS\System32\noise.nld
[2010/06/18 17:42:50 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2010/06/18 17:42:50 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2010/06/18 17:42:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/06/18 17:42:50 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.tha
[2010/06/18 17:42:49 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/06/18 17:42:46 | 000,102,446 | ---- | C] () -- C:\WINDOWS\System32\net.hlp
[2010/06/18 17:42:46 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/18 17:42:38 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2010/06/18 17:42:35 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2010/06/18 17:42:34 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2010/06/18 17:42:34 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2010/06/18 17:42:30 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/06/18 17:42:29 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/06/18 17:42:28 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2010/06/18 17:42:28 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2010/06/18 17:42:26 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/18 17:42:25 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/06/18 17:42:25 | 000,042,166 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc
[2010/06/18 17:42:25 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\l_intl.nls
[2010/06/18 17:42:25 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\l_except.nls
[2010/06/18 17:42:24 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls
[2010/06/18 17:42:24 | 000,001,131 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2010/06/18 17:42:22 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2010/06/18 17:42:20 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/06/18 17:42:19 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/18 17:42:18 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/18 17:42:17 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2010/06/18 17:42:16 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro
[2010/06/18 17:42:16 | 000,019,694 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2010/06/18 17:42:14 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls
[2010/06/18 17:42:14 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\geo.nls
[2010/06/18 17:42:14 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/06/18 17:42:13 | 000,152,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2010/06/18 17:42:13 | 000,135,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2010/06/18 17:42:13 | 000,032,760 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc
[2010/06/18 17:42:11 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2010/06/18 17:42:11 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2010/06/18 17:42:11 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2010/06/18 17:42:10 | 000,056,678 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc
[2010/06/18 17:42:10 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2010/06/18 17:42:10 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2010/06/18 17:42:10 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx
[2010/06/18 17:42:09 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi
[2010/06/18 17:42:09 | 000,069,886 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2010/06/18 17:42:09 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2010/06/18 17:42:09 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2010/06/18 17:42:09 | 000,010,790 | ---- | C] () -- C:\WINDOWS\System32\edit.hlp
[2010/06/18 17:42:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/06/18 17:42:08 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2010/06/18 17:42:07 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd
[2010/06/18 17:41:35 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2010/06/18 17:41:34 | 000,033,673 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc
[2010/06/18 17:41:33 | 000,041,397 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc
[2010/06/18 17:41:33 | 000,033,079 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc
[2010/06/18 17:41:32 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2010/06/18 17:41:32 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2010/06/18 17:41:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/06/18 17:41:31 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_950.nls
[2010/06/18 17:41:31 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_949.nls
[2010/06/18 17:41:31 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_936.nls
[2010/06/18 17:41:31 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_932.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_874.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_865.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_863.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_861.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_860.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_850.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_775.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/06/18 17:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_437.nls
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_500.nls
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28605.nls
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28598.nls
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28593.nls
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28592.nls
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28591.nls
[2010/06/18 17:41:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21866.nls
[2010/06/18 17:41:31 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2010/06/18 17:41:30 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\c_20261.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20905.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20866.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1258.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1257.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1256.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1255.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1254.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1253.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1252.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1251.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1250.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1026.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10079.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10000.nls
[2010/06/18 17:41:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_037.nls
[2010/06/18 17:41:29 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\ctype.nls
[2010/06/18 17:41:28 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2010/06/18 17:41:27 | 000,061,172 | ---- | C] () -- C:\WINDOWS\System32\cmmgr32.hlp
[2010/06/18 17:41:27 | 000,050,620 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2010/06/18 17:41:27 | 000,038,302 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc
[2010/06/18 17:41:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram
[2010/06/18 17:41:26 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi
[2010/06/18 17:41:26 | 000,071,859 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm
[2010/06/18 17:41:25 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2010/06/18 17:41:25 | 000,042,339 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc
[2010/06/18 17:41:25 | 000,041,762 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc
[2010/06/18 17:41:20 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2010/06/18 17:41:20 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2010/06/18 17:41:20 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2010/06/18 17:38:27 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/06/18 17:38:27 | 000,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif
[2010/06/18 17:37:41 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2010/06/18 17:37:41 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2010/06/18 17:37:41 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/06/18 17:37:40 | 000,014,710 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2010/06/18 17:37:40 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/06/18 17:37:40 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/06/18 17:37:35 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom
[2010/06/18 17:37:35 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/06/18 17:37:35 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom
[2010/06/18 17:37:28 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2010/06/18 17:37:28 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx
[2010/06/18 17:37:28 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2010/06/18 17:37:28 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx
[2003/08/28 19:35:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/28 19:19:10 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/08/23 19:36:36 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/08/23 19:33:23 | 000,026,395 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/08/23 19:32:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/08/23 19:32:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/08/23 06:25:25 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/23 06:25:15 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/23 05:46:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/23 05:19:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/23 05:11:57 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/08/23 05:11:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/08/23 05:11:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/08/23 04:57:05 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/23 04:42:24 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/23 21:56:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/07/23 21:56:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

========== LOP Check ==========

[2010/06/19 06:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/17 19:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/27 18:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2010/07/02 09:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2010/06/18 19:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2010/07/17 12:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/07/09 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2003/08/23 04:53:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/19 08:40:46 | 011,321,318 | ---- | M] () -- C:\BellSouthIW.re~
[2010/06/18 18:47:08 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2010/06/19 08:06:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2002/08/29 02:00:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2003/08/23 04:53:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/18 17:36:05 | 527,482,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 05:38:38 | 000,013,790 | ---- | M] () -- C:\hpfr5550.log
[2003/08/23 04:53:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/08/23 04:53:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/18 20:11:18 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/18 20:41:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/18 17:36:04 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/08/22 21:45:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/08/22 21:45:19 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/08/22 21:45:19 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 04:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 04:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 04:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\teyqg7tt.exe:SummaryInformation
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

DugE · 2010/07/18

OTL Extras logfile created on: 7/18/2010 5:42:26 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 249.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.79 Gb Total Space | 60.06 Gb Free Space | 88.60% Space Free | Partition Type: NTFS
Drive D: | 6.74 Gb Total Space | 2.42 Gb Free Space | 35.87% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYCOMPUTER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42948B02-7191-40CF-92AA-4E330869B28B}" = HPIZ Fix2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Bejeweled Deluxe 1.6z" = Bejeweled Deluxe 1.6z
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FreeZip" = FreeZip
"HijackThis" = HijackThis 2.0.2
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"HPTOOLKIT" = toolkit
"ie8" = Windows Internet Explorer 8
"MahjongChamp" = Mahjong Champ
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Gart Driver" = NVIDIA Gart Driver
"PS2" = PS2
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/9/2010 8:51:06 PM | Computer Name = MYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application WksWP.exe, version 7.2.620.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/10/2010 5:20:50 AM | Computer Name = MYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application WksWP.exe, version 7.2.620.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/10/2010 5:22:09 AM | Computer Name = MYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application WksWP.exe, version 7.2.620.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/10/2010 5:22:22 AM | Computer Name = MYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application WksWP.exe, version 7.2.620.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/10/2010 5:22:27 AM | Computer Name = MYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application WksWP.exe, version 7.2.620.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/15/2010 7:53:02 PM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/18/2010 9:04:37 PM | Computer Name = MYCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application MpCmdRun.exe, version 2.1.6805.0, faulting module
unknown, version 0.0.0.0, fault address 0x0002ac46.

Error - 7/18/2010 9:09:37 PM | Computer Name = MYCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application verclsid.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012b6e.

Error - 7/18/2010 9:10:52 PM | Computer Name = MYCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application verclsid.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012b6e.

Error - 7/18/2010 9:31:58 PM | Computer Name = MYCOMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 1947847289.

[ System Events ]
Error - 7/15/2010 8:57:31 PM | Computer Name = MYCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 7/15/2010 8:57:31 PM | Computer Name = MYCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 7/15/2010 8:57:31 PM | Computer Name = MYCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 7/15/2010 8:57:31 PM | Computer Name = MYCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 7/15/2010 8:57:31 PM | Computer Name = MYCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 7/16/2010 11:39:40 PM | Computer Name = MYCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 7/18/2010 7:19:59 PM | Computer Name = MYCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 7/18/2010 7:28:30 PM | Computer Name = MYCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 7/18/2010 7:30:09 PM | Computer Name = MYCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 7/18/2010 7:34:38 PM | Computer Name = MYCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

< End of report >

broni · 2010/07/18

How is your computer doing at the moment?

Your computer would greatly benefit from another 512MB of RAM.

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab  (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\teyqg7tt.exe:SummaryInformation
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

DugE · 2010/07/18

All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\Owner\Desktop\teyqg7tt.exe:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 6346 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 2402 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Java cache emptied: 120014 bytes
->FireFox cache emptied: 36485584 bytes
->Flash cache emptied: 2854 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4038 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 28337 bytes

Total Files Cleaned = 35.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 07182010_182359

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2010/07/18

You're not saying how is your computer doing....

Last scan....

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

DugE · 2010/07/18

comp improving. it maxed already at 512 ram unfortunately. doing tfc now.

broni · 2010/07/18

I see

DugE · 2010/07/19

Broni, I let Kasperty run over night and when I checked this morning it had finished but this comp had sort of hung up or something. I couldn't save the scan report but I did see that no threats had been found if you're willing to take my word for it.

broni · 2010/07/19

if you're willing to take my word for it
Click to expand...

Yes, I am...LOL

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

==============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

DugE · 2010/07/19

Amazing. Computer runs like a champ. HiJack This is very impressive now. Should I check everything and add to ignore list? That way if something new comes along it will be easier to spot. Your take?

Folders open faster than before. I like that. No more flashlight.

I had WOT installed before but lost it somehow. Reinstalled it. Good program.

I did everything in your last post and was very happy to see that I'm clean now.

I don't know how to thank you enough broni, U B Good!!!

Final question, who resolves this thread, you or me?

broni · 2010/07/19

Good job

who resolves this thread, you or me?
Click to expand...

In this particular forum. me.

I'm not sure, if I understand this:

HiJack This is very impressive now. Should I check everything and add to ignore list?
Click to expand...

Log in or Sign up

Solved Concern with HiJack This log

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

DugE Well-Known Member Thread Starter

DugE Well-Known Member Thread Starter

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Concern with HiJack This log

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

DugE Well-Known Member Thread Starter

DugE Well-Known Member Thread Starter

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches