Security Warning...Application cannot be executed.

{F9152AEC-3462-4632-8087-EEE3C3CDDA24} [HKLM] -> C:\Program Files\Google\Google Earth\plugin\ie\5.2.0.5920\plugin_ax.dll [GEPluginCoClass Object] -> [2010/04/02 07:29:32 | 005,102,064 | ---- | M | MD5 = 1E8DE6D80C8175AF22F0C10FB95C01D3] (Google)
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2007/10/24 10:30:13 | 000,000,000 | ---D | M]
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" -> [1] -> File not found
\\"AntiVirusDisableNotify" -> [0] -> File not found
\\"FirewallDisableNotify" -> [0] -> File not found
\\"UpdatesDisableNotify" -> [0] -> File not found
\\"AntiVirusOverride" -> [0] -> File not found
\\"FirewallOverride" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
myrm -> 2 = Trusted sites (Not a Default Protocol) ->
myui -> 2 = Trusted sites (Not a Default Protocol) ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{075473F5-846A-448B-BCB3-104AA1760205} -> Roxio Data Module
{08234a0d-cf39-4dca-99f0-0c5cb496da81} -> MSN Toolbar
{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} -> Windows Live ID Sign-in Assistant
{08C0729E-3E50-11DF-9D81-005056806466} -> Google Earth
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Roxio DLA
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{21657574-BD54-48A2-9450-EB03B2C7FC29} -> Roxio MyDVD Plus
{2656D0AB-9EA4-4C58-A117-635F3CED8B93} -> Microsoft UI Engine
{26792CA7-D87A-4DBE-896B-C2F66B344511} -> Roxio CinePlayer
{26A24AE4-039D-4CA4-87B4-2F83216020FF} -> Java(TM) 6 Update 20
{30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Roxio Update Manager
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{5EE7D259-D137-4438-9A5F-42F432EC0421} -> VC80CRTRedist - 8.0.50727.4053
{61BEA823-ECAF-49F1-8378-A59B3B8AD247} -> Microsoft Default Manager
{6517CFDF-B7A4-77B6-2371-C76608D3C976} -> Monopoly
{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} -> Roxio Express Labeler
{7E369B27-13E2-41A5-9879-358EE1C8B5AD} -> Broadcom NetXtreme Ethernet Controller
{8215AC14-BFC2-4ECC-96D6-1030202F8BDF} -> Visual C++ 8.0 x86 Runtime Setup Package
{8F971101-FCBD-4293-B917-D5A14FD1DAF9} -> City Navigator North America v7
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} -> InterVideo WinDVD
{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7} -> MSN Toolbar Platform
{A83C6C34-3007-422A-9E56-A74996BCCDBD} -> LogMeIn
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AB708C9B-97C8-4AC9-899B-DBF226AC9382} -> Roxio Audio Module
{AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2
{B12665F4-4E93-4AB4-B7FC-37053B524629} -> Roxio Copy Module
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Plus Web Player
{CE386A4E-D0DA-4208-8235-BCE43275C694} -> LightScribe 1.4.142.1
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639} -> Microsoft Search Enhancement Pack
{FB64BF25-3593-4E4E-AA85-84AEF1D1475F} -> Broadcom Management Programs
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Shockwave Player -> Adobe Shockwave Player
avast5 -> avast! Free Antivirus
DjVu -> Lizardtech DjVu Control (autoinstall)
Google Chrome -> Google Chrome
Google Updater -> Google Updater
HDMI -> Intel(R) Graphics Media Accelerator Driver
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
Monopoly -> Monopoly (remove only)
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
Virtools3DLifePlayer -> Virtools 3D Life Player
Xerox_Phaser_8510_8560 -> Xerox Phaser 8510_8560 Scan Driver
Xerox_Support_Centre -> Xerox Support Centre
Yahoo! Companion -> Yahoo! ¤u¨ã¦C
Yahoo! Extras -> Yahoo! Browser Services
Yahoo! Search Defender -> Yahoo! Search Protection
Yahoo! Software Update -> Yahoo! Software Update
YInstHelper -> Yahoo! Install Manager
< Uninstall List [HKEY_USERS\S-1-5-21-559306488-779710043-2358232105-1136\] > -> HKEY_USERS\S-1-5-21-559306488-779710043-2358232105-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 5/14/2010 4:10:45 PM Computer Name = RICH | Source = Userenv | ID = 1054 -> Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Application [ Error ] 5/14/2010 4:10:51 PM Computer Name = RICH | Source = AutoEnrollment | ID = 15 -> Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
Application [ Error ] 5/15/2010 9:08:28 AM Computer Name = RICH | Source = Userenv | ID = 1054 -> Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Application [ Error ] 5/15/2010 9:09:29 AM Computer Name = RICH | Source = AutoEnrollment | ID = 15 -> Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
Application [ Error ] 5/15/2010 9:12:23 AM Computer Name = RICH | Source = Userenv | ID = 1521 -> Description = Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The network path was not found.
Application [ Error ] 5/15/2010 9:12:26 AM Computer Name = RICH | Source = Userenv | ID = 1054 -> Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Application [ Error ] 5/15/2010 12:01:01 PM Computer Name = RICH | Source = Userenv | ID = 1054 -> Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Application [ Error ] 5/15/2010 12:01:51 PM Computer Name = RICH | Source = Userenv | ID = 1521 -> Description = Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The network path was not found.
Application [ Error ] 5/15/2010 12:01:52 PM Computer Name = RICH | Source = Userenv | ID = 1054 -> Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Application [ Error ] 5/15/2010 12:02:01 PM Computer Name = RICH | Source = AutoEnrollment | ID = 15 -> Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
System [ Error ] 5/15/2010 11:26:23 AM Computer Name = RICH | Source = Print | ID = 6161 -> Description = The document http://myrtlebeach.craigslist.org/bfs/1737727565.html owned by keskyr failed to print on printer HP LaserJet 4200 PS. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RICH. Win32 error code returned by the print processor: 259 (0x103).
System [ Error ] 5/15/2010 11:26:38 AM Computer Name = RICH | Source = Print | ID = 45 -> Description = Document failed to print due to GDI/Driver error in rendering.
System [ Error ] 5/15/2010 11:26:38 AM Computer Name = RICH | Source = Print | ID = 6161 -> Description = The document http://myrtlebeach.craigslist.org/bfs/1737727565.html owned by keskyr failed to print on printer HP LaserJet 4200 PS. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RICH. Win32 error code returned by the print processor: 31 (0x1f).
System [ Error ] 5/15/2010 11:40:33 AM Computer Name = RICH | Source = Print | ID = 45 -> Description = Document failed to print due to GDI/Driver error in rendering.
System [ Error ] 5/15/2010 11:40:33 AM Computer Name = RICH | Source = Print | ID = 6161 -> Description = The document http://myrtlebeach.craigslist.org/bfs/1740398482.html owned by keskyr failed to print on printer HP LaserJet 4200 PS. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RICH. Win32 error code returned by the print processor: 31 (0x1f).
System [ Error ] 5/15/2010 12:01:01 PM Computer Name = RICH | Source = NETLOGON | ID = 5719 -> Description = No Domain Controller is available for domain REDAPPLEGROUP due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
System [ Error ] 5/15/2010 12:01:03 PM Computer Name = RICH | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.
System [ Error ] 5/15/2010 12:01:03 PM Computer Name = RICH | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.
System [ Error ] 5/15/2010 12:16:03 PM Computer Name = RICH | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time.
System [ Error ] 5/15/2010 12:46:03 PM Computer Name = RICH | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time.

[Files/Folders - Created Within 90 Days]
OTS.exe -> C:\Documents and Settings\keskyr\Desktop\OTS.exe -> [2010/05/15 11:43:16 | 000,640,000 | ---- | C | MD5 = C7A61D4B69CF0E784AAB1E2105529300] (OldTimer Tools)
RECYCLER -> C:\RECYCLER -> [2010/05/14 16:18:56 | 000,000,000 | -HSD | C]
aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2010/05/14 16:17:36 | 000,164,048 | ---- | C | MD5 = D78B644816DB540E103D0B0766FD9967] (ALWIL Software)
aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2010/05/14 16:17:36 | 000,019,024 | ---- | C | MD5 = 1B6ED99291DDF5D2501554CC5757AAB6] (ALWIL Software)
aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2010/05/14 16:17:35 | 000,023,376 | ---- | C | MD5 = 3E2B6112D2766F87EDA8466FDE86A986] (ALWIL Software)
aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2010/05/14 16:17:34 | 000,046,672 | ---- | C | MD5 = 606D731008D98B6EF946730C597C1642] (ALWIL Software)
aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2010/05/14 16:17:32 | 000,100,432 | ---- | C | MD5 = 81432B1A4B31036C822EB967DECF613C] (ALWIL Software)
aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2010/05/14 16:17:32 | 000,094,800 | ---- | C | MD5 = 5FFE0C6A55930B77686535C070DB408C] (ALWIL Software)
aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2010/05/14 16:17:31 | 000,028,880 | ---- | C | MD5 = A5246ED2586AA807AF0BCF63165A71CC] (ALWIL Software)
aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2010/05/14 16:17:19 | 000,165,032 | ---- | C | MD5 = EE3A0274471DE1ED924E6C5935080495] (ALWIL Software)
avastSS.scr -> C:\WINDOWS\System32\avastSS.scr -> [2010/05/14 16:17:19 | 000,038,848 | ---- | C | MD5 = C3A7AC3D7C71DF622E2828A35ECB84A5] (ALWIL Software)
Alwil Software -> C:\Program Files\Alwil Software -> [2010/05/14 16:17:13 | 000,000,000 | ---D | C]
Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/05/14 16:17:13 | 000,000,000 | ---D | C]
temp -> C:\WINDOWS\temp -> [2010/05/14 16:01:26 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010/05/14 15:56:13 | 000,000,000 | RHSD | C]
ComboFix -> C:\ComboFix -> [2010/05/14 15:54:09 | 000,000,000 | ---D | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/05/14 15:51:52 | 000,212,480 | ---- | C | MD5 = B1A9CF0B6F80611D31987C247EC630B4] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/05/14 15:51:52 | 000,161,792 | ---- | C | MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/05/14 15:51:52 | 000,136,704 | ---- | C | MD5 = B7517DB073B28F5696A1E5528ABEB5D0] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/05/14 15:51:52 | 000,031,232 | ---- | C | MD5 = AE72E8619CB31D84DA25E2435E55003C] (NirSoft)
ERDNT -> C:\WINDOWS\ERDNT -> [2010/05/14 15:51:46 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/05/14 15:49:50 | 000,000,000 | ---D | C]
Sun -> C:\WINDOWS\Sun -> [2010/05/03 15:33:58 | 000,000,000 | ---D | C]
Microsoft -> C:\Program Files\Microsoft -> [2010/05/03 15:33:15 | 000,000,000 | ---D | C]
MSN Toolbar -> C:\Program Files\MSN Toolbar -> [2010/05/03 15:33:05 | 000,000,000 | ---D | C]
MSN Toolbar Installer -> C:\Program Files\MSN Toolbar Installer -> [2010/05/03 15:32:26 | 000,000,000 | ---D | C]
Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2010/05/03 15:32:12 | 000,000,000 | ---D | C]
Java -> C:\Program Files\Common Files\Java -> [2010/05/03 15:32:12 | 000,000,000 | ---D | C]
Java -> C:\Program Files\Java -> [2010/05/03 15:31:24 | 000,000,000 | ---D | C]
Sun -> C:\Documents and Settings\keskyr\Application Data\Sun -> [2010/05/03 15:30:44 | 000,000,000 | ---D | C]
Downloads -> C:\Documents and Settings\keskyr\My Documents\Downloads -> [2010/02/19 17:15:22 | 000,000,000 | ---D | C]
DivX Shared -> C:\Program Files\Common Files\DivX Shared -> [2010/02/19 17:02:31 | 000,000,000 | ---D | C]
DivX -> C:\Program Files\DivX -> [2010/02/19 17:02:30 | 000,000,000 | ---D | C]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files/Folders - Modified Within 90 Days]
Microsoft Office Word 2003.lnk -> C:\Documents and Settings\keskyr\Desktop\Microsoft Office Word 2003.lnk -> [2010/05/15 12:41:17 | 000,002,497 | ---- | M | MD5 = 564A32048A4A209B0F426D1132334D3A] ()
Microsoft Office Excel 2003.lnk -> C:\Documents and Settings\keskyr\Desktop\Microsoft Office Excel 2003.lnk -> [2010/05/15 12:41:10 | 000,002,495 | ---- | M | MD5 = 7A93125EE6759A179B4D08F97C154C55] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/05/15 12:05:05 | 000,314,838 | ---- | M | MD5 = 9E23F5BF3E45AF00AF9CBFDCE7E8BB18] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/05/15 12:05:05 | 000,041,040 | ---- | M | MD5 = 47D7B2E4A39C57441FCEB80EBE3BBE45] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/05/15 12:05:04 | 000,360,124 | ---- | M | MD5 = FC971EF8975BBFB168369952EDE97C36] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/05/15 12:02:01 | 000,013,646 | ---- | M | MD5 = 9B20FFF4DA943DD1F7D89826900D2AEE] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/05/15 12:01:53 | 000,000,882 | ---- | M | MD5 = C8BEA87B856C83FD5367BCFF58A5794F] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/05/15 12:00:52 | 000,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/05/15 12:00:46 | 000,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
NTUSER.DAT -> C:\Documents and Settings\keskyr\NTUSER.DAT -> [2010/05/15 11:59:52 | 003,145,728 | -H-- | M | Unable to obtain MD5] ()
ntuser.ini -> C:\Documents and Settings\keskyr\ntuser.ini -> [2010/05/15 11:59:52 | 000,000,368 | -HS- | M | MD5 = 1185511F66B849412D478704A5E24CF8] ()
IconCache.db -> C:\Documents and Settings\keskyr\Local Settings\Application Data\IconCache.db -> [2010/05/15 11:59:38 | 003,767,822 | -H-- | M | MD5 = 1B3B27D50DD3F02E6BE4285D3336155B] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/05/15 11:58:00 | 000,000,886 | ---- | M | MD5 = E80F230A1F23607EEF34CB3483AB74A7] ()
OTS.exe -> C:\Documents and Settings\keskyr\Desktop\OTS.exe -> [2010/05/15 11:43:17 | 000,640,000 | ---- | M | MD5 = C7A61D4B69CF0E784AAB1E2105529300] (OldTimer Tools)
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2010/05/14 16:17:33 | 000,002,626 | ---- | M | MD5 = 9868202B27D747DD709F5A59DD680C50] ()
system.ini -> C:\WINDOWS\system.ini -> [2010/05/14 16:00:23 | 000,000,227 | ---- | M | MD5 = F4D021E764F6FA554606F4A735A3151B] ()
boot.ini -> C:\boot.ini -> [2010/05/14 15:56:18 | 000,000,281 | RHS- | M | MD5 = 5730631551AE7CA5D64E9FA67EB963EB] ()
mfebcdata -> C:\WINDOWS\mfebcdata -> [2010/05/14 15:29:09 | 000,008,212 | ---- | M | MD5 = 38AE53CFC0D5C8D3784BC7F142CE22D6] ()
avastSS.scr -> C:\WINDOWS\System32\avastSS.scr -> [2010/05/06 16:59:57 | 000,038,848 | ---- | M | MD5 = C3A7AC3D7C71DF622E2828A35ECB84A5] (ALWIL Software)
aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2010/05/06 16:59:36 | 000,165,032 | ---- | M | MD5 = EE3A0274471DE1ED924E6C5935080495] (ALWIL Software)
aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2010/05/06 16:39:23 | 000,046,672 | ---- | M | MD5 = 606D731008D98B6EF946730C597C1642] (ALWIL Software)
aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2010/05/06 16:39:00 | 000,164,048 | ---- | M | MD5 = D78B644816DB540E103D0B0766FD9967] (ALWIL Software)
aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2010/05/06 16:34:27 | 000,023,376 | ---- | M | MD5 = 3E2B6112D2766F87EDA8466FDE86A986] (ALWIL Software)
aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2010/05/06 16:33:59 | 000,100,432 | ---- | M | MD5 = 81432B1A4B31036C822EB967DECF613C] (ALWIL Software)
aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2010/05/06 16:33:55 | 000,094,800 | ---- | M | MD5 = 5FFE0C6A55930B77686535C070DB408C] (ALWIL Software)
aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2010/05/06 16:33:47 | 000,019,024 | ---- | M | MD5 = 1B6ED99291DDF5D2501554CC5757AAB6] (ALWIL Software)
aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2010/05/06 16:33:29 | 000,028,880 | ---- | M | MD5 = A5246ED2586AA807AF0BCF63165A71CC] (ALWIL Software)
ntuser.dat -> C:\Documents and Settings\All Users\ntuser.dat -> [2010/05/01 09:39:17 | 000,262,144 | ---- | M | MD5 = 4E4836FBF4ADAF5F10A81F470A4769F7] ()
Google Chrome.lnk -> C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk -> [2010/04/29 13:58:37 | 000,001,813 | ---- | M | MD5 = AD110A053F6D2EFF7211E40A7BDA2421] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/04/26 15:58:12 | 000,256,512 | ---- | M | MD5 = F1FBA6185A6A2BC6456970914875078E] ()
spider.sav -> C:\Documents and Settings\keskyr\My Documents\spider.sav -> [2010/04/23 10:20:18 | 000,000,572 | ---- | M | MD5 = C6C3D62277C2261E79CB25E337B7CEB8] ()
Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/04/22 14:00:23 | 000,001,915 | ---- | M | MD5 = 07E96F1FB1C08FD03676172DC87A55D6] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/04/15 16:32:41 | 000,001,374 | ---- | M | MD5 = 3A04244CC251A6E99737F2A17B0AFC18] ()
urlmon.dll -> C:\WINDOWS\System32\dllcache\urlmon.dll -> [2010/03/11 08:38:54 | 001,168,384 | ---- | M | MD5 = 5CC4CA802CC6EE0EB3DB05133645FB59] (Microsoft Corporation)
wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2010/03/11 08:38:54 | 000,832,512 | ---- | M | MD5 = B6AB2EB1DA4BB29079B84AC842520670] (Microsoft Corporation)
webcheck.dll -> C:\WINDOWS\System32\dllcache\webcheck.dll -> [2010/03/11 08:38:54 | 000,233,472 | ---- | M | MD5 = FDCD38384253953BFD423414560FF635] (Microsoft Corporation)
mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2010/03/11 08:38:53 | 003,599,872 | ---- | M | MD5 = 94359CD5BB6AC1CC08088F4A4091FF1E] (Microsoft Corporation)
mstime.dll -> C:\WINDOWS\System32\mstime.dll -> [2010/03/11 08:38:53 | 000,671,232 | ---- | M | MD5 = D3528F91F7B1C6296549674A971CC664] (Microsoft Corporation)
mstime.dll -> C:\WINDOWS\System32\dllcache\mstime.dll -> [2010/03/11 08:38:53 | 000,671,232 | ---- | M | MD5 = D3528F91F7B1C6296549674A971CC664] (Microsoft Corporation)
mshtmled.dll -> C:\WINDOWS\System32\dllcache\mshtmled.dll -> [2010/03/11 08:38:53 | 000,477,696 | ---- | M | MD5 = 8CC083FC1A0876EFE7318FA33586AA11] (Microsoft Corporation)
msfeeds.dll -> C:\WINDOWS\System32\msfeeds.dll -> [2010/03/11 08:38:53 | 000,459,264 | ---- | M | MD5 = F04BD05DD504C98FE4A9F7CC97DC608A] (Microsoft Corporation)
msfeeds.dll -> C:\WINDOWS\System32\dllcache\msfeeds.dll -> [2010/03/11 08:38:53 | 000,459,264 | ---- | M | MD5 = F04BD05DD504C98FE4A9F7CC97DC608A] (Microsoft Corporation)
msrating.dll -> C:\WINDOWS\System32\msrating.dll -> [2010/03/11 08:38:53 | 000,193,024 | ---- | M | MD5 = 5AA2B189813A3FDC45D66E8F85930FBD] (Microsoft Corporation)
msrating.dll -> C:\WINDOWS\System32\dllcache\msrating.dll -> [2010/03/11 08:38:53 | 000,193,024 | ---- | M | MD5 = 5AA2B189813A3FDC45D66E8F85930FBD] (Microsoft Corporation)
url.dll -> C:\WINDOWS\System32\url.dll -> [2010/03/11 08:38:53 | 000,105,984 | ---- | M | MD5 = CD5413D6F3040C89565F96B98D4DB830] (Microsoft Corporation)
url.dll -> C:\WINDOWS\System32\dllcache\url.dll -> [2010/03/11 08:38:53 | 000,105,984 | ---- | M | MD5 = CD5413D6F3040C89565F96B98D4DB830] (Microsoft Corporation)
occache.dll -> C:\WINDOWS\System32\dllcache\occache.dll -> [2010/03/11 08:38:53 | 000,102,912 | ---- | M | MD5 = E6FD7C2B305DB7421512B48210493491] (Microsoft Corporation)
msfeedsbs.dll -> C:\WINDOWS\System32\msfeedsbs.dll -> [2010/03/11 08:38:53 | 000,052,224 | ---- | M | MD5 = 0E44F38D2373738FEFE37D3DC68C79ED] (Microsoft Corporation)
msfeedsbs.dll -> C:\WINDOWS\System32\dllcache\msfeedsbs.dll -> [2010/03/11 08:38:53 | 000,052,224 | ---- | M | MD5 = 0E44F38D2373738FEFE37D3DC68C79ED] (Microsoft Corporation)
pngfilt.dll -> C:\WINDOWS\System32\pngfilt.dll -> [2010/03/11 08:38:53 | 000,044,544 | ---- | M | MD5 = 753B0AF785F696F96F76864DC6BDFFC1] (Microsoft Corporation)
pngfilt.dll -> C:\WINDOWS\System32\dllcache\pngfilt.dll -> [2010/03/11 08:38:53 | 000,044,544 | ---- | M | MD5 = 753B0AF785F696F96F76864DC6BDFFC1] (Microsoft Corporation)
ieframe.dll -> C:\WINDOWS\System32\dllcache\ieframe.dll -> [2010/03/11 08:38:52 | 006,067,200 | ---- | M | MD5 = A963827DF78D69BC9E9CACA7427C6EDB] (Microsoft Corporation)
inetcpl.cpl -> C:\WINDOWS\System32\inetcpl.cpl -> [2010/03/11 08:38:52 | 001,830,912 | ---- | M | MD5 = B6D7940BA71A7D3C6CCC256B79B88274] (Microsoft Corporation)
inetcpl.cpl -> C:\WINDOWS\System32\dllcache\inetcpl.cpl -> [2010/03/11 08:38:52 | 001,830,912 | ---- | M | MD5 = B6D7940BA71A7D3C6CCC256B79B88274] (Microsoft Corporation)
iertutil.dll -> C:\WINDOWS\System32\dllcache\iertutil.dll -> [2010/03/11 08:38:52 | 000,268,288 | ---- | M | MD5 = 5C3715E234D70F38C52A689F95DC51F1] (Microsoft Corporation)
iepeers.dll -> C:\WINDOWS\System32\iepeers.dll -> [2010/03/11 08:38:52 | 000,192,512 | ---- | M | MD5 = 83F585E33DD5D0FF3E25B2EE6B049F49] (Microsoft Corporation)
iepeers.dll -> C:\WINDOWS\System32\dllcache\iepeers.dll -> [2010/03/11 08:38:52 | 000,192,512 | ---- | M | MD5 = 83F585E33DD5D0FF3E25B2EE6B049F49] (Microsoft Corporation)
ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2010/03/11 08:38:52 | 000,078,336 | ---- | M | MD5 = 95E4DB9C68BA89C8A0C5184685F19EDA] (Microsoft Corporation)
ieencode.dll -> C:\WINDOWS\System32\dllcache\ieencode.dll -> [2010/03/11 08:38:52 | 000,078,336 | ---- | M | MD5 = 95E4DB9C68BA89C8A0C5184685F19EDA] (Microsoft Corporation)
iernonce.dll -> C:\WINDOWS\System32\iernonce.dll -> [2010/03/11 08:38:52 | 000,044,544 | ---- | M | MD5 = D0D45AF74473533AED0AF562D271C088] (Microsoft Corporation)
iernonce.dll -> C:\WINDOWS\System32\dllcache\iernonce.dll -> [2010/03/11 08:38:52 | 000,044,544 | ---- | M | MD5 = D0D45AF74473533AED0AF562D271C088] (Microsoft Corporation)
jsproxy.dll -> C:\WINDOWS\System32\jsproxy.dll -> [2010/03/11 08:38:52 | 000,027,648 | ---- | M | MD5 = 3B821D03BECF4C1C1506B406218B4724] (Microsoft Corporation)
jsproxy.dll -> C:\WINDOWS\System32\dllcache\jsproxy.dll -> [2010/03/11 08:38:52 | 000,027,648 | ---- | M | MD5 = 3B821D03BECF4C1C1506B406218B4724] (Microsoft Corporation)
iedkcs32.dll -> C:\WINDOWS\System32\iedkcs32.dll -> [2010/03/11 08:38:51 | 000,385,024 | ---- | M | MD5 = 859C318A2B62428B90DE218957DBBBE7] (Microsoft Corporation)
iedkcs32.dll -> C:\WINDOWS\System32\dllcache\iedkcs32.dll -> [2010/03/11 08:38:51 | 000,385,024 | ---- | M | MD5 = 859C318A2B62428B90DE218957DBBBE7] (Microsoft Corporation)
ieapfltr.dll -> C:\WINDOWS\System32\ieapfltr.dll -> [2010/03/11 08:38:51 | 000,380,928 | ---- | M | MD5 = 36DC94549D7219B31931BA5DB70CB499] (Microsoft Corporation)
ieapfltr.dll -> C:\WINDOWS\System32\dllcache\ieapfltr.dll -> [2010/03/11 08:38:51 | 000,380,928 | ---- | M | MD5 = 36DC94549D7219B31931BA5DB70CB499] (Microsoft Corporation)
dxtmsft.dll -> C:\WINDOWS\System32\dxtmsft.dll -> [2010/03/11 08:38:51 | 000,347,136 | ---- | M | MD5 = 482C080A5ACCB1730760D7A2F6B93767] (Microsoft Corporation)
dxtmsft.dll -> C:\WINDOWS\System32\dllcache\dxtmsft.dll -> [2010/03/11 08:38:51 | 000,347,136 | ---- | M | MD5 = 482C080A5ACCB1730760D7A2F6B93767] (Microsoft Corporation)
ieaksie.dll -> C:\WINDOWS\System32\ieaksie.dll -> [2010/03/11 08:38:51 | 000,230,400 | ---- | M | MD5 = 6DBA8BAAC12102FBD3BF850D98F006E0] (Microsoft Corporation)
ieaksie.dll -> C:\WINDOWS\System32\dllcache\ieaksie.dll -> [2010/03/11 08:38:51 | 000,230,400 | ---- | M | MD5 = 6DBA8BAAC12102FBD3BF850D98F006E0] (Microsoft Corporation)
dxtrans.dll -> C:\WINDOWS\System32\dxtrans.dll -> [2010/03/11 08:38:51 | 000,214,528 | ---- | M | MD5 = 8D73E84523E719B44F24E6D47905E92C] (Microsoft Corporation)
dxtrans.dll -> C:\WINDOWS\System32\dllcache\dxtrans.dll -> [2010/03/11 08:38:51 | 000,214,528 | ---- | M | MD5 = 8D73E84523E719B44F24E6D47905E92C] (Microsoft Corporation)
ieakeng.dll -> C:\WINDOWS\System32\ieakeng.dll -> [2010/03/11 08:38:51 | 000,153,088 | ---- | M | MD5 = 8BF2359A10B83035107BBCB4BFE2D007] (Microsoft Corporation)
ieakeng.dll -> C:\WINDOWS\System32\dllcache\ieakeng.dll -> [2010/03/11 08:38:51 | 000,153,088 | ---- | M | MD5 = 8BF2359A10B83035107BBCB4BFE2D007] (Microsoft Corporation)
extmgr.dll -> C:\WINDOWS\System32\dllcache\extmgr.dll -> [2010/03/11 08:38:51 | 000,133,120 | ---- | M | MD5 = 4EC329631D477530A77C4908F97F77C2] (Microsoft Corporation)
advpack.dll -> C:\WINDOWS\System32\dllcache\advpack.dll -> [2010/03/11 08:38:51 | 000,124,928 | ---- | M | MD5 = F2F11B8CE695F367551D84E796BA150D] (Microsoft Corporation)
icardie.dll -> C:\WINDOWS\System32\dllcache\icardie.dll -> [2010/03/11 08:38:51 | 000,063,488 | ---- | M | MD5 = 4F1594B490C85A152B1931A98D2AEBEA] (Microsoft Corporation)
corpol.dll -> C:\WINDOWS\System32\dllcache\corpol.dll -> [2010/03/11 08:38:51 | 000,017,408 | ---- | M | MD5 = 884C8D2591E5CC3C3CAC2B35029D7E7D] (Microsoft Corporation)
corpol.dll -> C:\WINDOWS\System32\corpol.dll -> [2010/03/11 08:38:51 | 000,017,408 | ---- | M | MD5 = 884C8D2591E5CC3C3CAC2B35029D7E7D] (Microsoft Corporation)
html.iec -> C:\WINDOWS\System32\html.iec -> [2010/03/10 09:18:46 | 000,389,120 | ---- | M | MD5 = B0590137D784B9DFD97D7911F751E74D] (Microsoft Corporation)
ieudinit.exe -> C:\WINDOWS\System32\ieudinit.exe -> [2010/03/10 09:18:21 | 000,013,824 | ---- | M | MD5 = C9CE37D0C3F0CC0F303522D31433B6B7] (Microsoft Corporation)
ieudinit.exe -> C:\WINDOWS\System32\dllcache\ieudinit.exe -> [2010/03/10 09:18:21 | 000,013,824 | ---- | M | MD5 = C9CE37D0C3F0CC0F303522D31433B6B7] (Microsoft Corporation)
ie4uinit.exe -> C:\WINDOWS\System32\ie4uinit.exe -> [2010/03/10 09:18:20 | 000,070,656 | ---- | M | MD5 = 9BA130F8643F47F4C22FE2E366400ED7] (Microsoft Corporation)
ie4uinit.exe -> C:\WINDOWS\System32\dllcache\ie4uinit.exe -> [2010/03/10 09:18:20 | 000,070,656 | ---- | M | MD5 = 9BA130F8643F47F4C22FE2E366400ED7] (Microsoft Corporation)
vbscript.dll -> C:\WINDOWS\System32\vbscript.dll -> [2010/03/09 07:09:18 | 000,430,080 | ---- | M | MD5 = 9BA7044F7BC88FE5C03379E17C6F5391] (Microsoft Corporation)
vbscript.dll -> C:\WINDOWS\System32\dllcache\vbscript.dll -> [2010/03/09 07:09:18 | 000,430,080 | ---- | M | MD5 = 9BA7044F7BC88FE5C03379E17C6F5391] (Microsoft Corporation)
mrxsmb.sys -> C:\WINDOWS\System32\dllcache\mrxsmb.sys -> [2010/02/24 08:31:30 | 000,454,016 | ---- | M | MD5 = FB6C89BB3CE282B08BDB1E3C179E1C39] (Microsoft Corporation)
iexplore.exe -> C:\WINDOWS\System32\dllcache\iexplore.exe -> [2010/02/23 01:20:02 | 000,634,648 | ---- | M | MD5 = B5116340B84824DDD0A641E36B126194] (Microsoft Corporation)
ieakui.dll -> C:\WINDOWS\System32\ieakui.dll -> [2010/02/23 01:18:28 | 000,161,792 | ---- | M | MD5 = BC0E485A15A1F71771933059ABBCD835] (Microsoft Corporation)
ieakui.dll -> C:\WINDOWS\System32\dllcache\ieakui.dll -> [2010/02/23 01:18:28 | 000,161,792 | ---- | M | MD5 = BC0E485A15A1F71771933059ABBCD835] (Microsoft Corporation)
DivX Movies.lnk -> C:\Documents and Settings\keskyr\Desktop\DivX Movies.lnk -> [2010/02/19 17:02:31 | 000,001,448 | ---- | M | MD5 = 2639612AC94F4A58F46941623D3E4CE5] ()
ntoskrnl.exe -> C:\WINDOWS\System32\dllcache\ntoskrnl.exe -> [2010/02/16 09:19:55 | 002,181,376 | ---- | M | MD5 = EBB75B113E74E90074382347B74D652B] (Microsoft Corporation)
ntoskrnl.exe -> C:\WINDOWS\System32\ntoskrnl.exe -> [2010/02/16 09:17:38 | 002,137,088 | ---- | M | MD5 = A63052FA8FB8685382E10EE83C326864] (Microsoft Corporation)
ntkrnlmp.exe -> C:\WINDOWS\System32\dllcache\ntkrnlmp.exe -> [2010/02/16 09:17:38 | 002,137,088 | ---- | M | MD5 = A63052FA8FB8685382E10EE83C326864] (Microsoft Corporation)
ntkrnlpa.exe -> C:\WINDOWS\System32\dllcache\ntkrnlpa.exe -> [2010/02/16 08:39:04 | 002,058,368 | ---- | M | MD5 = 1EE6B94ACA7BE115A1813BBCA65099A8] (Microsoft Corporation)
ntkrpamp.exe -> C:\WINDOWS\System32\dllcache\ntkrpamp.exe -> [2010/02/16 08:39:04 | 002,016,768 | ---- | M | MD5 = 26A901A1840E9E46FFFC6D09B9618CDF] (Microsoft Corporation)
ntkrnlpa.exe -> C:\WINDOWS\System32\ntkrnlpa.exe -> [2010/02/16 08:39:04 | 002,016,768 | ---- | M | MD5 = 26A901A1840E9E46FFFC6D09B9618CDF] (Microsoft Corporation)
wmp.dll -> C:\WINDOWS\System32\dllcache\wmp.dll -> [2010/02/16 07:27:26 | 004,734,976 | ---- | M | MD5 = 167D55F6DE949C5EA4F3AC51AE36F25E] (Microsoft Corporation)
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files - No Company Name]
Boot.bak -> C:\Boot.bak -> [2010/05/14 15:56:18 | 000,000,211 | ---- | C | MD5 = FA579938B0733B87066546AFE951082C] ()
cmldr -> C:\cmldr -> [2010/05/14 15:56:16 | 000,260,272 | ---- | C | MD5 = 94E5450C43E4CF78E1D3AD4816966909] ()
myClean.bat -> C:\WINDOWS\myClean.bat -> [2010/05/14 15:53:20 | 000,000,306 | ---- | C | MD5 = 68D6CE3C95FFAD3DB37CF0301E3E144D] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/05/14 15:51:52 | 000,256,512 | ---- | C | MD5 = F1FBA6185A6A2BC6456970914875078E] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010/05/14 15:51:52 | 000,098,816 | ---- | C | MD5 = 2B657A67AEBB84AEA5632C53E61E23BF] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010/05/14 15:51:52 | 000,080,412 | ---- | C | MD5 = 9E05A9C264C8A908A8E79450FCBFF047] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/05/14 15:51:52 | 000,077,312 | ---- | C | MD5 = C5EC72A20B4C98DB5314E6C46765B148] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010/05/14 15:51:52 | 000,068,096 | ---- | C | MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8] ()
mfebcdata -> C:\WINDOWS\mfebcdata -> [2010/05/14 15:29:09 | 000,008,212 | ---- | C | MD5 = 38AE53CFC0D5C8D3784BC7F142CE22D6] ()
ntuser.dat -> C:\Documents and Settings\All Users\ntuser.dat -> [2010/05/01 09:39:17 | 000,262,144 | ---- | C | MD5 = 4E4836FBF4ADAF5F10A81F470A4769F7] ()
ntuser.dat.LOG -> C:\Documents and Settings\All Users\ntuser.dat.LOG -> [2010/05/01 09:39:17 | 000,001,024 | -H-- | C | MD5 = F581582B1B5413B7A9ACCA80453CBD18] ()
spider.sav -> C:\Documents and Settings\keskyr\My Documents\spider.sav -> [2010/04/23 10:20:18 | 000,000,572 | ---- | C | MD5 = C6C3D62277C2261E79CB25E337B7CEB8] ()
Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/04/22 14:00:23 | 000,001,915 | ---- | C | MD5 = 07E96F1FB1C08FD03676172DC87A55D6] ()
Google Chrome.lnk -> C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk -> [2010/02/19 17:03:21 | 000,001,813 | ---- | C | MD5 = AD110A053F6D2EFF7211E40A7BDA2421] ()
DivX Movies.lnk -> C:\Documents and Settings\keskyr\Desktop\DivX Movies.lnk -> [2010/02/19 17:02:31 | 000,001,448 | ---- | C | MD5 = 2639612AC94F4A58F46941623D3E4CE5] ()
xrxbcnps.dll -> C:\WINDOWS\System32\xrxbcnps.dll -> [2008/01/16 12:37:41 | 000,033,792 | ---- | C | MD5 = 595442C2272182BAFD8C6757F627C81E] ()
xlibeay.dll -> C:\WINDOWS\System32\xlibeay.dll -> [2008/01/16 12:37:40 | 000,831,488 | ---- | C | MD5 = 354E692C84D4EF233F83E770D6186648] ()
xnetsrvc.dll -> C:\WINDOWS\System32\xnetsrvc.dll -> [2008/01/16 12:37:40 | 000,033,280 | ---- | C | MD5 = 8165ED7A731202FEF1FB79A551466D0B] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/10/24 11:23:33 | 000,000,376 | ---- | C | MD5 = EC940475561F651E8CCA80C9144191D0] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2007/10/24 11:02:17 | 000,000,171 | ---- | C | MD5 = 186841E66E1E80B1D4B87C99A3754907] ()
igfxCoIn_v4764.dll -> C:\WINDOWS\System32\igfxCoIn_v4764.dll -> [2007/10/24 10:49:09 | 000,204,800 | ---- | C | MD5 = 9826B9617A31D31FAC2B2B1DDCFEC6E3] ()
IVIresizeW7.dll -> C:\WINDOWS\System32\IVIresizeW7.dll -> [2007/10/24 10:43:57 | 000,204,800 | ---- | C | MD5 = 429C8B9FF69F06293B4D37F429F0C7B8] ()
IVIresizeA6.dll -> C:\WINDOWS\System32\IVIresizeA6.dll -> [2007/10/24 10:43:57 | 000,200,704 | ---- | C | MD5 = EB79A6540869FAB20201C6D5C02FC633] ()
IVIresizeP6.dll -> C:\WINDOWS\System32\IVIresizeP6.dll -> [2007/10/24 10:43:57 | 000,192,512 | ---- | C | MD5 = F38D5F8C658FA33F907D508A569E1FA8] ()
IVIresizeM6.dll -> C:\WINDOWS\System32\IVIresizeM6.dll -> [2007/10/24 10:43:57 | 000,192,512 | ---- | C | MD5 = D91A2A349BB9E6552BB7361ACE05B174] ()
IVIresizePX.dll -> C:\WINDOWS\System32\IVIresizePX.dll -> [2007/10/24 10:43:57 | 000,188,416 | ---- | C | MD5 = 08F077F32332858DD274CB9BDEF0BCBC] ()
IVIresize.dll -> C:\WINDOWS\System32\IVIresize.dll -> [2007/10/24 10:43:57 | 000,020,480 | ---- | C | MD5 = E1D4B1D3D1C634E0F5904666FE578E30] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2007/10/11 10:16:40 | 000,002,695 | ---- | C | MD5 = 509A7197AE66401D1DA76F4BAC1DD0A8] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2005/12/29 17:47:32 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
ZHHP_RES.DLL -> C:\WINDOWS\System32\ZHHP_RES.DLL -> [2005/06/01 05:46:30 | 011,194,368 | ---- | C | MD5 = EAE99189BB7D74C7C87A135BFE1EA0D4] ()
AGISSI.DLL -> C:\WINDOWS\System32\AGISSI.DLL -> [2005/06/01 05:46:30 | 000,749,568 | ---- | C | MD5 = 81D243B3686739741510D75F7B56E02C] ()
VSHP2600.DLL -> C:\WINDOWS\System32\VSHP2600.DLL -> [2005/06/01 05:46:30 | 000,114,688 | ---- | C | MD5 = 53A2CDB3FA5D90661176140F7F1F65AE] ()
HPBHEALR.DLL -> C:\WINDOWS\System32\HPBHEALR.DLL -> [2002/05/03 04:10:32 | 000,094,274 | ---- | C | MD5 = C51A3D62B0F81897EB0CEF4E47392CB8] ()

[File - Lop Check]
Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/05/14 16:17:13 | 000,000,000 | ---D | M]
MinigolfAdventures -> C:\Documents and Settings\All Users\Application Data\MinigolfAdventures -> [2008/06/01 14:21:56 | 000,000,000 | ---D | M]
NeoEdge Networks -> C:\Documents and Settings\All Users\Application Data\NeoEdge Networks -> [2008/07/03 17:43:06 | 000,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/06/09 14:36:13 | 000,000,000 | ---D | M]
Xerox -> C:\Documents and Settings\All Users\Application Data\Xerox -> [2008/01/16 12:37:49 | 000,000,000 | ---D | M]
iWin -> C:\Documents and Settings\keskyr\Application Data\iWin -> [2008/05/23 14:04:46 | 000,000,000 | ---D | M]
Stamps.com Internet Postage -> C:\Documents and Settings\keskyt\Application Data\Stamps.com Internet Postage -> [2009/01/13 16:14:36 | 000,000,000 | ---D | M]
InterVideo -> C:\Documents and Settings\User\Application Data\InterVideo -> [2007/10/24 10:44:18 | 000,000,000 | ---D | M]

[File - Purity Scan]

[Custom Scans]
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp ->
< %systemroot%\system32\*.exe /lockedfiles >
1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp ->
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
default.sav -> C:\WINDOWS\system32\config\default.sav -> [2007/10/24 06:17:17 | 000,094,208 | ---- | M | MD5 = 8207F85AC6DC4898A60F0E1DBA9ED468] ()
software.sav -> C:\WINDOWS\system32\config\software.sav -> [2007/10/24 06:17:17 | 000,659,456 | ---- | M | MD5 = E177A5914BD27E1C66CEBF379213A6F2] ()
system.sav -> C:\WINDOWS\system32\config\system.sav -> [2007/10/24 06:17:17 | 000,884,736 | ---- | M | MD5 = 565525C5DD1247C081BE5952CE150FBB] ()
< %systemroot%\System32\*.sys >
ansi.sys -> C:\WINDOWS\system32\ansi.sys -> [2004/08/04 08:00:00 | 000,009,029 | ---- | M | MD5 = 8AAD333C876590293F72B315E162BCC7] ()
country.sys -> C:\WINDOWS\system32\country.sys -> [2004/08/04 08:00:00 | 000,027,097 | ---- | M | MD5 = 0FE9F16075C9ACB941C957B7C649176E] ()
himem.sys -> C:\WINDOWS\system32\himem.sys -> [2004/08/04 08:00:00 | 000,004,768 | ---- | M | MD5 = E6BC0F98FECEF245A0010D350C1A0B9B] ()
key01.sys -> C:\WINDOWS\system32\key01.sys -> [2004/08/04 08:00:00 | 000,042,809 | ---- | M | MD5 = 582BCDD47CF4B68B5CB528F18E3CB808] ()
keyboard.sys -> C:\WINDOWS\system32\keyboard.sys -> [2004/08/04 08:00:00 | 000,042,537 | ---- | M | MD5 = FBBCFEC1379C5C02D88A361993EDF1B8] ()
ntdos.sys -> C:\WINDOWS\system32\ntdos.sys -> [2004/08/04 08:00:00 | 000,027,866 | ---- | M | MD5 = FFFF296A08DBF2AC0126C62E3778AC0D] ()
ntdos404.sys -> C:\WINDOWS\system32\ntdos404.sys -> [2004/08/04 08:00:00 | 000,029,146 | ---- | M | MD5 = CF9ED169FF86D935E47999E82359E898] ()
ntdos411.sys -> C:\WINDOWS\system32\ntdos411.sys -> [2004/08/04 08:00:00 | 000,029,370 | ---- | M | MD5 = 03B945AC0481CD8BB161C3569D8ED1C3] ()
ntdos412.sys -> C:\WINDOWS\system32\ntdos412.sys -> [2004/08/04 08:00:00 | 000,029,274 | ---- | M | MD5 = BBC957DC18C17CC027EB80B7C77F2AEA] ()
ntdos804.sys -> C:\WINDOWS\system32\ntdos804.sys -> [2004/08/04 08:00:00 | 000,029,146 | ---- | M | MD5 = 3CFFAEFFF23B0D208214A6D3061A5B1B] ()
ntio.sys -> C:\WINDOWS\system32\ntio.sys -> [2004/08/04 08:00:00 | 000,033,840 | ---- | M | MD5 = 4FE09F868CE65B334B42862C372C69CC] ()
ntio404.sys -> C:\WINDOWS\system32\ntio404.sys -> [2004/08/04 08:00:00 | 000,034,560 | ---- | M | MD5 = 6F73F50162DEF60C84B725C18CD9140F] ()
ntio411.sys -> C:\WINDOWS\system32\ntio411.sys -> [2004/08/04 08:00:00 | 000,035,648 | ---- | M | MD5 = 0FDD5E69C1FF3B58043D44F2CC743D45] ()
ntio412.sys -> C:\WINDOWS\system32\ntio412.sys -> [2004/08/04 08:00:00 | 000,035,424 | ---- | M | MD5 = 8842837C4D8311BF8E72BEE8CCC42217] ()
ntio804.sys -> C:\WINDOWS\system32\ntio804.sys -> [2004/08/04 08:00:00 | 000,034,560 | ---- | M | MD5 = 6B56CEB3C6F9D5CD7293DBD9FE23B311] ()
SP32395.SYS -> C:\WINDOWS\system32\SP32395.SYS -> [2003/04/16 08:00:36 | 000,050,520 | ---- | M | MD5 = 286C93191D49E24FC78B27E993F44B16] (Compaq Computer Corporation)
watchdog.sys -> C:\WINDOWS\system32\watchdog.sys -> [2004/08/04 08:00:00 | 000,017,664 | ---- | M | MD5 = C9BF2F12C4E6C12F8A85FBA4B6BC6208] (Microsoft Corporation)
win32k.sys -> C:\WINDOWS\system32\win32k.sys -> [2009/08/14 08:19:41 | 001,850,112 | ---- | M | MD5 = 1EFBC43B33B83FD7376E63A71830CC69] (Microsoft Corporation)
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
< %systemroot%\System32\drivers\*.dll >
< %systemroot%\System32\drivers\*.ini >
< %systemroot%\System32\drivers\*.exe >
< %SYSTEMDRIVE%\*.* >
.rnd -> C:\.rnd -> [2007/10/24 11:51:03 | 000,001,024 | ---- | M | MD5 = 98BAB5E844AB711D06B4F438D2A26B77] ()
AUTOEXEC.BAT -> C:\AUTOEXEC.BAT -> [2007/10/24 10:30:39 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
Boot.bak -> C:\Boot.bak -> [2007/10/24 10:25:37 | 000,000,211 | ---- | M | MD5 = FA579938B0733B87066546AFE951082C] ()
boot.ini -> C:\boot.ini -> [2010/05/14 15:56:18 | 000,000,281 | RHS- | M | MD5 = 5730631551AE7CA5D64E9FA67EB963EB] ()
cmldr -> C:\cmldr -> [2004/08/03 23:00:00 | 000,260,272 | ---- | M | MD5 = 94E5450C43E4CF78E1D3AD4816966909] ()
ComboFix.txt -> C:\ComboFix.txt -> [2010/05/14 16:01:22 | 000,009,144 | ---- | M | MD5 = 8F1C8467B9E2169BEB305CA4D7175DF0] ()
CONFIG.SYS -> C:\CONFIG.SYS -> [2007/10/24 10:30:39 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
IO.SYS -> C:\IO.SYS -> [2007/10/24 10:30:39 | 000,000,000 | RHS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
MSDOS.SYS -> C:\MSDOS.SYS -> [2007/10/24 10:30:39 | 000,000,000 | RHS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
NTDETECT.COM -> C:\NTDETECT.COM -> [2004/08/04 08:00:00 | 000,047,564 | RHS- | M | MD5 = B2DE3452DE03674C6CEC68B8C8CE7C78] ()
ntldr -> C:\ntldr -> [2004/08/04 08:00:00 | 000,250,032 | RHS- | M | MD5 = 9EC920F4179D45AF3A6638A083D39C85] ()
ntuser.dat -> C:\ntuser.dat -> [2008/10/17 15:34:08 | 000,262,144 | ---- | M | MD5 = 02071E17BB2CC8E2B65278E01E04B75A] ()
ntuser.dat.LOG -> C:\ntuser.dat.LOG -> [2008/10/17 15:34:08 | 000,001,024 | -H-- | M | MD5 = 24856991D9A2E4947DD754BD58A6D5A1] ()
pagefile.sys -> C:\pagefile.sys -> [2010/05/15 12:00:45 | 1598,029,824 | -HS- | M | Unable to obtain MD5] ()
xrxnetsrvc.log -> C:\xrxnetsrvc.log -> [2009/08/19 16:04:30 | 000,555,468 | ---- | M | MD5 = 1B42F4F9F8B9974F31526AE8FA9A00A1] ()
YServer.txt -> C:\YServer.txt -> [2009/08/19 16:01:39 | 000,000,162 | ---- | M | MD5 = C2B4780540FFF4F705DB220E29514FFC] ()
< %PROGRAMFILES%\*. >
Adobe -> C:\Program Files\Adobe -> [2008/08/14 13:13:37 | 000,000,000 | ---D | M]
Alwil Software -> C:\Program Files\Alwil Software -> [2010/05/14 16:17:13 | 000,000,000 | ---D | M]
Broadcom -> C:\Program Files\Broadcom -> [2007/10/24 10:46:18 | 000,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2010/05/14 15:58:19 | 000,000,000 | ---D | M]
ComPlus Applications -> C:\Program Files\ComPlus Applications -> [2007/10/24 10:27:39 | 000,000,000 | ---D | M]
DivX -> C:\Program Files\DivX -> [2010/02/19 17:02:49 | 000,000,000 | ---D | M]
Google -> C:\Program Files\Google -> [2010/04/22 14:00:04 | 000,000,000 | ---D | M]
InstallShield Installation Information -> C:\Program Files\InstallShield Installation Information -> [2008/06/16 20:45:21 | 000,000,000 | -H-D | M]
Internet Explorer -> C:\Program Files\Internet Explorer -> [2010/04/01 03:01:05 | 000,000,000 | ---D | M]
InterVideo -> C:\Program Files\InterVideo -> [2007/10/24 10:43:53 | 000,000,000 | ---D | M]
Java -> C:\Program Files\Java -> [2010/05/03 15:31:24 | 000,000,000 | ---D | M]
LizardTech -> C:\Program Files\LizardTech -> [2008/01/02 18:15:46 | 000,000,000 | ---D | M]
LogMeIn -> C:\Program Files\LogMeIn -> [2008/01/23 09:45:57 | 000,000,000 | ---D | M]
McAfee -> C:\Program Files\McAfee -> [2010/05/14 15:53:54 | 000,000,000 | ---D | M]
Messenger -> C:\Program Files\Messenger -> [2009/05/05 08:37:59 | 000,000,000 | ---D | M]
Microsoft -> C:\Program Files\Microsoft -> [2010/05/03 15:33:15 | 000,000,000 | ---D | M]
Microsoft ActiveSync -> C:\Program Files\Microsoft ActiveSync -> [2007/10/24 11:22:03 | 000,000,000 | ---D | M]
microsoft frontpage -> C:\Program Files\microsoft frontpage -> [2007/10/24 10:30:54 | 000,000,000 | ---D | M]
Microsoft Office -> C:\Program Files\Microsoft Office -> [2007/10/24 11:21:09 | 000,000,000 | ---D | M]
Microsoft Windows Small Business Server -> C:\Program Files\Microsoft Windows Small Business Server -> [2007/10/24 11:59:19 | 000,000,000 | ---D | M]
Microsoft.NET -> C:\Program Files\Microsoft.NET -> [2007/10/24 11:22:25 | 000,000,000 | ---D | M]
Movie Maker -> C:\Program Files\Movie Maker -> [2010/03/10 04:02:19 | 000,000,000 | ---D | M]
MSN -> C:\Program Files\MSN -> [2010/05/03 15:33:37 | 000,000,000 | ---D | M]
MSN Games -> C:\Program Files\MSN Games -> [2008/06/05 16:54:54 | 000,000,000 | ---D | M]
MSN Gaming Zone -> C:\Program Files\MSN Gaming Zone -> [2007/10/24 10:27:16 | 000,000,000 | ---D | M]
MSN Toolbar -> C:\Program Files\MSN Toolbar -> [2010/05/03 15:33:09 | 000,000,000 | ---D | M]
MSN Toolbar Installer -> C:\Program Files\MSN Toolbar Installer -> [2010/05/03 15:33:23 | 000,000,000 | ---D | M]
NetMeeting -> C:\Program Files\NetMeeting -> [2007/10/24 10:28:47 | 000,000,000 | ---D | M]
Online Services -> C:\Program Files\Online Services -> [2007/10/24 10:27:25 | 000,000,000 | ---D | M]
Outlook Express -> C:\Program Files\Outlook Express -> [2010/05/14 10:04:03 | 000,000,000 | ---D | M]
Realtek -> C:\Program Files\Realtek -> [2007/10/24 10:49:37 | 000,000,000 | ---D | M]
Roxio -> C:\Program Files\Roxio -> [2007/10/24 11:01:57 | 000,000,000 | ---D | M]
Sonic -> C:\Program Files\Sonic -> [2007/10/24 11:02:24 | 000,000,000 | ---D | M]
Uninstall Information -> C:\Program Files\Uninstall Information -> [2007/10/24 10:35:13 | 000,000,000 | -H-D | M]
Virtools -> C:\Program Files\Virtools -> [2007/11/28 17:54:35 | 000,000,000 | ---D | M]
Windows Media Player -> C:\Program Files\Windows Media Player -> [2007/10/24 11:33:28 | 000,000,000 | ---D | M]
Windows NT -> C:\Program Files\Windows NT -> [2007/10/24 10:27:07 | 000,000,000 | ---D | M]
WindowsUpdate -> C:\Program Files\WindowsUpdate -> [2007/10/24 10:29:33 | 000,000,000 | -H-D | M]
xerox -> C:\Program Files\xerox -> [2008/01/16 12:37:47 | 000,000,000 | ---D | M]
Yahoo! -> C:\Program Files\Yahoo! -> [2010/05/01 09:39:19 | 000,000,000 | ---D | M]
Yahoo! Games -> C:\Program Files\Yahoo! Games -> [2009/08/19 16:01:08 | 000,000,000 | ---D | M]
< %appdata%\*.* >
desktop.ini -> C:\Documents and Settings\keskyr\Application Data\desktop.ini -> [2007/10/24 06:18:38 | 000,000,062 | -HS- | M | MD5 = 88CF0FF92A4A9FA7BD9B7513B2E9E22B] ()

[Alternate Data Streams]
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54301EF8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D222DF8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E9307D7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F683177
< End of report >
[/code]

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.



The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-559306488-779710043-2358232105-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ created successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\* not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\* not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www not found.
[Registry - Additional Scans - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\myrm deleted successfully.
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:54301EF8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6D222DF8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4E9307D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9F683177 deleted successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: keskyr
->Temp folder emptied: 1277442 bytes
->Temporary Internet Files folder emptied: 23806938 bytes
->Java cache emptied: 10973658 bytes
->Google Chrome cache emptied: 6647049 bytes
->Flash cache emptied: 48203 bytes

User: keskyt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 781403 bytes
->Java cache emptied: 2161070 bytes
->Flash cache emptied: 74119 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: User
->Temp folder emptied: 2956127 bytes
->Temporary Internet Files folder emptied: 83072930 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 55153658 bytes

Total Files Cleaned = 181.00 mb


[EMPTYFLASH]

User: administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: keskyr
->Flash cache emptied: 0 bytes

User: keskyt
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

User: User

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.31.0 fix logfile created on 05202010_093745

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4120

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

5/20/2010 12:52:22 PM
mbam-log-2010-05-20 (12-52-22).txt

Scan type: Quick scan
Objects scanned: 147716
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

I started the ESET online Scanner process yesterday. The option "Remove found threats" was already checked however, there was not an option to check "scan unwanted application". During the scan, ESET showed 1 infected file. I ran out of time and couldn't finish the process so I uninstalled the application so I could return this morning.
I completed the scan and because the results show 0 infected files/no threats found, there is no log. What now?

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 20
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: http://www.GeekPolice.net/operating-systems-f20/windows-xp-service-pack-3-information-t16956.htm

============================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

=======================================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

In reference to your software recommendations, do I install all or only one of the firewalls and antispyware?

Yes. Only one of each.