Want a check up

< %PROGRAMFILES%\*. >
[2010/01/24 14:51:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/04/25 10:40:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/09/25 18:18:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Belkin
[2010/10/19 21:59:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
[2010/09/29 17:30:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/10/01 23:24:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010/06/13 13:33:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2010/10/28 14:14:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/10/28 14:14:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Core Services
[2010/06/22 22:29:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2009/12/17 21:36:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Photo AIO Printer 924
[2010/06/10 12:30:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\E-Zsoft
[2010/09/05 20:06:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/08/24 15:29:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/06/05 12:28:25 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/03/20 20:20:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2010/10/14 14:29:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/09/29 17:33:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/08/10 18:28:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/05/26 06:51:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/09/02 14:33:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2010/08/17 00:17:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/06/20 14:22:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/08/01 19:14:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2010/09/29 07:20:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/12/22 14:23:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2009/11/07 22:39:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/13 12:03:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/29 10:01:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/12/06 12:25:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3
[2010/10/21 18:35:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/10/19 21:58:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2010/02/08 16:00:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/07/17 11:07:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF Editor 3
[2010/10/10 13:09:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PopCap Games
[2010/09/22 17:30:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/01/05 18:08:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sierra Wireless
[2010/09/27 14:26:36 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010/07/20 12:00:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spotify
[2010/01/05 18:08:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sprint
[2010/10/28 22:20:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spyware Doctor
[2010/07/25 21:42:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/01/23 15:16:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2010/10/06 14:13:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TechSmith
[2010/01/17 15:00:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\THQ
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/10/19 16:16:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/05/12 12:10:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/14 14:29:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/13 23:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/10/28 14:15:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< %appdata%\*.* >


< MD5 for: AGP440.SYS >
[2006/11/02 06:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_c41411ff\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_986ce78a\AGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/24 21:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2006/11/02 06:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys
[2009/04/24 21:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009/04/24 21:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_2e70e17b\atapi.sys
[2009/04/24 21:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\SysWOW64\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/01/20 20:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows.old\Windows\System32\drivers\disk.sys
[2008/01/20 20:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\disk.inf_da6e67b4\disk.sys
[2008/01/20 20:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows.old\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_55e51d682c89f490\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
[2006/11/02 06:03:35 | 000,066,152 | ---- | M] (Microsoft Corporation) MD5=F0357B772621B2C86CF11C62E8EA9E9D -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\disk.inf_12ba9935\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_fbe95c71\iaStorV.sys
[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006/11/02 05:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_69d79584\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 20:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows.old\Windows\System32\netlogon.dll
[2008/01/20 20:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2008/01/20 20:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\SysWOW64\netlogon.dll
[2008/01/20 20:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2006/11/02 06:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_a5403adf\nvstor.sys
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_63cdbcfd\nvstor.sys
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys


< MD5 for: SCECLI.DLL >
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2008/01/20 20:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\SysWOW64\scecli.dll
[2008/01/20 20:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 20:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows.old\Windows\System32\scecli.dll
[2008/01/20 20:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS
[2008/01/20 20:47:25 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=586D9876A4945779C8EEA926C0D16889 -- C:\Windows.old\Windows\System32\drivers\USBSTOR.SYS
[2008/01/20 20:47:25 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=586D9876A4945779C8EEA926C0D16889 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\usbstor.inf_84963b7b\USBSTOR.SYS
[2008/01/20 20:47:25 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=586D9876A4945779C8EEA926C0D16889 -- C:\Windows.old\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_a4a4ea3a50308c79\USBSTOR.SYS
[2006/11/02 03:43:42 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=F269E18F5A5B2F69038E0AF2D2CD9466 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\usbstor.inf_ed315e80\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


This is only the first file of the report. I'll post the other one when its finished scanning.

It never made a Extra.txt file.

Hi,

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\SEANKI~1\AppData\Local\Temp\Alg.exe File not found
  
  
  :commands
  [emptytemp]
  [resethosts]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

==========

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KOO9RV9K4Z deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John

User: Public

User: Sean Kilbane
->Temp folder emptied: 40282636 bytes
->Temporary Internet Files folder emptied: 96559277 bytes
->Java cache emptied: 2412570 bytes
->FireFox cache emptied: 98690894 bytes
->Google Chrome cache emptied: 12336678 bytes
->Flash cache emptied: 59361 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31370827 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102090 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 269.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.1 log created on 10292010_174427

Files\Folders moved on Reboot...
C:\Users\Sean Kilbane\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000073B435615DAF243D04 not found!
C:\Windows\temp\TMPCEF4.tmp moved successfully.

Registry entries deleted on Reboot...

---

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4994

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/29/2010 6:05:13 PM
mbam-log-2010-10-29 (18-05-13).txt

Scan type: Quick scan
Objects scanned: 142337
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi,

Please run a free online scan with ESET Online Scanner by downloading it from 'here' and save it to your Desktop.

• Please ensure that you're logged into an Administrator account before running the scanner. The ESET Online Scanner will not work if you're on a limited account.
  
• Double-click esetsmartinstaller_enu.exe to execute the program.
  
• Check the box next to 'YES, I accept the Terms of Use'. Press 'Start'.
  
• If this is your first time installing the scanner, allow the ActiveX Control to install.
  
• Database download may take some time.
  
• On the next page, ensure the box next to 'Remove found threads' has been checked. Also ensure that the box next to 'Scan unwanted applications' is checked. Proceed by clicking on 'Start'.
  
  • The ESET Online Scanner will update the Virus Signature Database and begin the scan.
    
  • Please allow it to complete successfully and ensure that any current downloads are stopped.
  
  
• Once the scan's completed, please open 'Notepad' by navigating to 'Start', then 'Run', and type in 'Notepad'. Open the file located at 'C:\Program Files\ESET\ESET Online Scanner\log.txt'.
  
• Please Copy & Paste this log into your next reply.
  
• Press 'Finish'.
  

I can't seem to find no ESET at all. But the result did say no files infected.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=576a80ace64ffe4abe235b4607b9342b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-30 02:08:31
# local_time=2010-10-29 08:08:31 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 11085591 11085591 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 39942076 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=257828
# found=0
# cleaned=0
# scan_time=5886
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0

Hi,

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE.

You now have a clean restore point.

To get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do a calculation of temporary/old files, and then display a dialogue box.
  
• Select the More Options Tab.
  
• At the bottom will be a System Restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done.

========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=====

Let me know how the updates went. This is important, because any issues in updating may be a sign of more malware on your computer or system errors that are interfering.

Everything went well.

for the help

You're welcome, glad to help.