WiredWX Hobby Weather ToolsLog in

 


windows recovery, ms removal, xp home security

2 posters

descriptionwindows recovery, ms removal, xp home security Emptywindows recovery, ms removal, xp home security

more_horiz
These are the 3 virus that keep on popping up on my computer. There may be more. Did the downloads to the best as my computer would allow from read before you post. Also tried to dowload the malwarebytes' anti-malware but every time I clicked on download it said internet explorer cannot display. The bottom is the stuff I copied from the OTL log. Thank you in advance for any help. If I have misspelled anything or don't make any sense I'm truly sorry, this is the third night trying to fix my computer and brain is fried! Also I think I will have to do a second post for the rest of the OTL log.


OTL logfile created on: 5/2/2011 9:22:34 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 25.94 Gb Free Space | 50.18% Space Free | Partition Type: NTFS
Drive D: | 4.18 Gb Total Space | 0.99 Gb Free Space | 23.61% Space Free | Partition Type: FAT32

Computer Name: GRAVOTS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 20:40:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2011/05/02 19:16:21 | 000,170,496 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\conhost.exe
PRC - [2011/05/01 23:03:33 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\csrss.exe
PRC - [2011/05/01 23:03:23 | 000,181,248 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\dwm.exe
PRC - [2011/05/01 22:13:25 | 000,348,160 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\itt.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/02 20:40:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/03/15 01:35:44 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/15 01:35:44 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/12/15 00:05:16 | 000,468,368 | -H-- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Downloaded Program Files\DM.1\DMService.exe -- (DMService)
SRV - [2009/12/14 16:03:41 | 000,149,904 | -H-- | M] (Microsoft ® Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2009/11/10 10:28:06 | 001,131,808 | -H-- | M] (LeapFrog Enterprises, Inc.) [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/12/26 14:40:51 | 000,151,552 | -H-- | M] (Skyhook Wireless) [Auto | Stopped] -- C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe -- (wpsscannersvc)
SRV - [2008/12/26 14:40:04 | 000,408,230 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe -- (atisvc_tmfha)
SRV - [2005/09/30 20:22:50 | 000,096,341 | -H-- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/18 00:44:56 | 000,046,208 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor)
SRV - [2004/08/18 00:44:36 | 000,176,768 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/08/13 13:17:48 | 000,164,984 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/13 13:17:46 | 000,078,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/13 13:17:40 | 000,197,752 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/13 12:00:44 | 000,206,048 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/07/23 12:47:22 | 000,197,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/07/21 09:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/29 18:30:08 | 000,009,341 | -H-- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2010/05/27 07:17:17 | 000,371,248 | -H-- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 07:17:17 | 000,102,448 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/12/26 14:40:06 | 000,013,312 | -H-- | M] (Skyhook Wireless) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpsnuio.sys -- (Wpsnuio)
DRV - [2006/10/04 03:00:00 | 000,831,880 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061016.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/10/04 03:00:00 | 000,079,240 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061016.020\NAVENG.SYS -- (NAVENG)
DRV - [2005/03/04 12:02:20 | 001,066,278 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/01 19:24:02 | 002,279,424 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/09/30 00:55:50 | 000,229,888 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 12:38:40 | 000,012,928 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/13 12:00:24 | 000,266,368 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/08/09 12:59:32 | 000,103,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/07/23 12:47:24 | 000,049,808 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- c:\Program Files\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/07/23 12:47:22 | 000,335,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- c:\Program Files\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/07/21 09:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2003/12/02 20:23:20 | 000,142,336 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/18 18:58:20 | 000,036,992 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/25 16:59:36 | 000,642,958 | RH-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Intels51.sys -- (Intels51) Intel(R)
DRV - [2002/10/21 12:37:16 | 000,515,803 | -H-- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av) Icatch(IV)
DRV - [2002/10/04 19:04:10 | 000,046,976 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 00:43:50 | 000,023,808 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2002/07/25 12:19:48 | 000,010,986 | -H-- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) Icatch(IV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/01/16 13:07:56 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/13 22:09:37 | 000,000,000 | -H-D | M]

[2008/12/26 14:40:04 | 002,520,032 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\components\1282669.dll

O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ElnkBhoGuard Class) - {00000000-0000-0000-0000-000000000002} - File not found
O2 - BHO: (ElnkScamBHO Class) - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NAV CfgWiz] c:\Program Files\Norton AntiVirus\CfgWiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab (Reg Error: Key error.)
O16 - DPF: {1D8A63E5-F219-11D4-9BD1-000039051213} http://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/CouponBar/CouponBar.cab (CouponTBInst Control)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? (MiniBugTransporterX Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://foodlion.coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} http://63.241.168.238/ecwplugins/ncs.cab (NCSView Class)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.brightstreet.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.219,93.188.160.190
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/26 20:00:03 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.SP54 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP55 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP56 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP57 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP58 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 21:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/05/02 21:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/05/02 20:56:41 | 016,537,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u25-windows-i586.exe
[2011/05/02 20:40:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/05/02 20:37:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/05/02 20:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/02 20:36:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/05/02 20:36:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/05/02 20:36:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/05/02 20:36:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/05/02 20:36:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/05/02 20:36:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SpySubtract Spyware Manager
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\PC Help & Tools
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Online Services
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2011/05/02 19:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[2011/05/02 19:10:00 | 000,103,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/02 19:10:00 | 000,083,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/02 19:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/02 17:55:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/01 23:01:27 | 000,000,000 | -H-D | C] -- C:\Program Files\interMute
[2011/05/01 22:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mC28601DiIgM28601
[2011/05/01 22:53:51 | 000,000,000 | -H-D | C] -- C:\Microsoft
[2011/05/01 20:10:00 | 000,095,568 | RH-- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys.5bf4.deleteme
[2011/05/01 20:09:57 | 000,385,536 | RH-- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys.5e02.deleteme
[2011/05/01 20:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/05/01 19:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriveScrubber 3
[2011/05/01 19:21:35 | 002,234,552 | -H-- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator.dll
[2011/05/01 19:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2011/05/01 19:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Search and Recover
[2011/05/01 19:16:04 | 000,009,341 | -H-- | C] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys
[2011/05/01 19:15:49 | 000,000,000 | -H-D | C] -- C:\Program Files\iolo
[2011/05/01 19:14:36 | 000,000,000 | -H-D | C] -- C:\iolo
[2011/05/01 19:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/04/30 20:05:46 | 000,520,704 | ---- | C] (WinTrust) -- C:\Documents and Settings\All Users\Application Data\iVxRnQyKaCplSN.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/02 21:16:18 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.zip
[2011/05/02 21:10:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/02 20:56:56 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u25-windows-i586.exe
[2011/05/02 20:40:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/05/02 20:36:12 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/02 20:32:08 | 000,020,058 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7436f707h6re145pe55c
[2011/05/02 20:31:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/02 20:30:05 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/05/02 20:24:00 | 000,000,898 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 19:59:23 | 000,000,188 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/02 19:58:44 | 000,000,894 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 19:11:52 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/05/02 19:10:21 | 004,997,120 | -H-- | M] () -- C:\WINDOWS\outlook.pst
[2011/05/02 18:39:42 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{934C330A-1743-4407-BF40-7B65DA3CE113}.job
[2011/05/01 23:22:47 | 000,002,154 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini
[2011/05/01 21:56:34 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/01 20:04:43 | 000,185,016 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 19:51:30 | 000,001,891 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/01 19:02:16 | 000,074,703 | -H-- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2011/05/01 11:18:20 | 000,001,945 | -H-- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/30 20:16:26 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18865972r
[2011/04/30 20:16:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18865972
[2011/04/30 20:16:19 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18865972
[2011/04/30 20:16:16 | 000,444,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18865972.exe
[2011/04/30 20:05:46 | 000,520,704 | ---- | M] (WinTrust) -- C:\Documents and Settings\All Users\Application Data\iVxRnQyKaCplSN.exe
[2011/04/26 12:07:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/02 21:16:13 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.zip
[2011/05/02 20:36:08 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Help and Support.lnk
[2011/05/02 20:36:08 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/02 20:36:08 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/02 20:36:08 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/02 20:36:08 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/02 20:36:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/05/02 20:36:08 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/02 20:36:07 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/05/02 20:36:07 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/05/02 20:36:07 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/02 20:36:07 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/05/02 19:52:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/02 19:11:51 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/05/02 17:54:17 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/05/01 23:03:44 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\htjzka.dat
[2011/05/01 23:01:31 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2011/05/01 22:13:26 | 000,020,058 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7436f707h6re145pe55c
[2011/05/01 21:54:01 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/01 21:54:01 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/01 19:02:16 | 000,074,703 | -H-- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/05/01 11:17:33 | 000,001,945 | -H-- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/30 20:16:26 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18865972r
[2011/04/30 20:16:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18865972
[2011/04/30 20:16:19 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18865972
[2011/04/30 20:16:16 | 000,444,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18865972.exe
[2011/01/21 11:15:07 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\GALSINT.INI
[2010/10/14 16:48:58 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/21 10:36:53 | 000,035,324 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/12 10:08:45 | 000,000,121 | -H-- | C] () -- C:\WINDOWS\GALSWIN.INI
[2010/07/10 16:32:37 | 000,013,729 | -H-- | C] () -- C:\WINDOWS\Galsmave.ini
[2009/11/29 17:57:49 | 000,000,110 | -H-- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/09/09 22:48:47 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/16 11:03:02 | 000,027,136 | -H-- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2009/08/08 19:10:37 | 000,016,001 | -H-- | C] () -- C:\Program Files\Common Files\edacyroho._sy
[2009/08/08 16:35:31 | 000,018,290 | -H-- | C] () -- C:\Program Files\Common Files\ebyduho.dl
[2009/08/08 16:35:31 | 000,013,855 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xoneku.ban
[2009/08/08 16:35:30 | 000,019,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ofahapa.dat
[2009/08/08 16:35:30 | 000,010,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amom.bin
[2009/08/01 08:26:13 | 000,073,220 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/08/01 08:26:13 | 000,031,053 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/08/01 08:26:13 | 000,029,114 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/08/01 08:26:13 | 000,027,417 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/08/01 08:26:13 | 000,021,021 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/08/01 08:26:13 | 000,015,670 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/08/01 08:26:13 | 000,013,280 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/08/01 08:26:13 | 000,010,673 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/08/01 08:26:13 | 000,004,943 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/08/01 08:26:13 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/08/01 08:26:13 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/08/01 08:26:13 | 000,001,137 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/08/01 08:26:13 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/08/01 08:26:13 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/08/01 08:26:13 | 000,001,104 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/15 22:16:02 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat
[2009/02/15 12:05:47 | 000,020,480 | RH-- | C] () -- C:\WINDOWS\Imgtask.exe
[2007/08/27 10:18:16 | 000,262,144 | -H-- | C] () -- C:\WINDOWS\System32\PPCInstall.dll
[2007/01/19 19:47:36 | 000,000,107 | -H-- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/19 19:47:03 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/01/19 19:47:03 | 000,051,716 | -H-- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/09/06 21:10:15 | 000,010,752 | -H-- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2006/02/11 13:55:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/02/02 20:18:19 | 000,000,165 | -H-- | C] () -- C:\WINDOWS\BluesCluesPreschool.ini
[2005/06/21 09:24:24 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/04/22 10:09:20 | 000,000,853 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/22 10:08:58 | 000,000,303 | -H-- | C] () -- C:\WINDOWS\Sierra.ini
[2005/03/27 12:32:32 | 000,001,888 | -H-- | C] () -- C:\WINDOWS\CA533A.INI
[2005/03/27 12:32:32 | 000,001,325 | -H-- | C] () -- C:\WINDOWS\Remove.ini
[2005/03/27 12:32:31 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\ShowBmp.exe
[2005/03/27 11:45:42 | 000,000,572 | -H-- | C] () -- C:\WINDOWS\videoimp.ini
[2005/03/27 11:45:32 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/03/27 11:45:21 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\VI_setup.ini
[2005/03/27 11:44:02 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\PI4_setup.ini
[2005/03/04 10:51:02 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/02/18 19:07:35 | 000,000,190 | -H-- | C] () -- C:\WINDOWS\QTW.INI
[2005/02/18 15:50:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\bobvila.INI
[2005/02/15 14:35:09 | 000,000,371 | -H-- | C] () -- C:\WINDOWS\Trpmaker.INI
[2005/02/15 13:32:02 | 000,210,944 | -H-- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/02/15 13:32:02 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2005/02/15 13:31:36 | 000,038,688 | -H-- | C] () -- C:\WINDOWS\System32\LEADDIB.DRV
[2005/02/15 13:31:36 | 000,011,136 | -H-- | C] () -- C:\WINDOWS\System32\FPRUN300.DLL
[2005/02/08 22:11:28 | 001,107,192 | -H-- | C] () -- C:\WINDOWS\Xwmba500.dll
[2005/02/08 22:11:28 | 000,260,440 | -H-- | C] () -- C:\WINDOWS\Xwmhb500.dll
[2005/02/08 22:11:28 | 000,174,352 | -H-- | C] () -- C:\WINDOWS\Xwmte500.dll
[2005/02/08 22:11:28 | 000,000,043 | -H-- | C] () -- C:\WINDOWS\PHAssist.ini
[2005/01/30 10:09:37 | 000,083,456 | -H-- | C] () -- C:\WINDOWS\System32\lxsmunin.exe
[2005/01/30 10:09:36 | 000,000,643 | -H-- | C] () -- C:\WINDOWS\lexstat.ini
[2005/01/30 10:09:35 | 000,079,872 | -H-- | C] () -- C:\WINDOWS\System32\lex_psu.exe
[2005/01/30 10:09:34 | 000,328,704 | -H-- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
[2005/01/26 14:18:06 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/01/17 22:57:46 | 000,000,567 | -H-- | C] () -- C:\WINDOWS\JUNO.INI
[2004/11/17 06:10:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/17 06:09:59 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/17 06:09:03 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/17 06:08:35 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/17 05:48:01 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/17 05:48:01 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/17 05:47:59 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/17 05:47:55 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/17 05:47:51 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/27 16:57:22 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/26 21:46:37 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/26 21:45:58 | 000,013,949 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/26 21:45:50 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/26 21:19:17 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/26 21:07:27 | 000,001,040 | -H-- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/10/26 21:02:35 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/26 21:02:35 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/26 21:02:35 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/26 20:33:02 | 000,299,073 | -H-- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/26 20:33:02 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/26 20:32:36 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/26 20:04:20 | 000,000,802 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/26 20:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/26 19:57:30 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/26 19:44:44 | 000,000,572 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/26 19:44:04 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/26 19:44:01 | 000,381,692 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/26 19:44:01 | 000,053,436 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/26 12:51:40 | 000,004,346 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/26 12:50:42 | 000,185,016 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 17:37:42 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/14 01:35:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 05:14:46 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2001/04/23 12:21:38 | 000,020,635 | -H-- | C] () -- C:\WINDOWS\Galavent.ini
[1997/07/11 00:00:00 | 000,047,104 | -H-- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | -H-- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | -H-- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/10/26 19:59:25 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2001/01/26 15:29:00 | 000,058,880 | -H-- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMPRINT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >
[2009/08/08 19:10:36 | 000,017,061 | -H-- | M] () -- C:\WINDOWS\idiri._sy
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/11/17 06:30:49 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/10/26 20:04:08 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/05/02 20:56:56 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u25-windows-i586.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/08/08 16:35:31 | 000,018,290 | -H-- | M] () -- C:\Program Files\Common Files\ebyduho.dl
[2009/08/08 19:10:37 | 000,016,001 | -H-- | M] () -- C:\Program Files\Common Files\edacyroho._sy

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 07:00:00 | 000,000,791 | -H-- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/11/17 06:30:48 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/07/17 05:00:04 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\deployJava1.dll
[2009/03/08 04:31:44 | 000,348,160 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2010/12/09 08:38:47 | 002,192,768 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntoskrnl.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/10/26 12:49:51 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/26 12:49:51 | 000,634,880 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/26 12:49:51 | 000,868,352 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 07:00:00 | 000,009,029 | -H-- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/10/26 21:45:58 | 000,013,949 | -H-- | M] () -- C:\WINDOWS\system32\CHODDI.SYS
[2004/08/04 07:00:00 | 000,027,097 | -H-- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 07:00:00 | 000,004,768 | -H-- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 07:00:00 | 000,042,809 | -H-- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 07:00:00 | 000,042,537 | -H-- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 07:00:00 | 000,027,866 | -H-- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 07:00:00 | 000,029,146 | -H-- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 07:00:00 | 000,029,370 | -H-- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 07:00:00 | 000,029,274 | -H-- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 07:00:00 | 000,029,146 | -H-- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 07:00:00 | 000,033,840 | -H-- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 07:00:00 | 000,034,560 | -H-- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 07:00:00 | 000,035,648 | -H-- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 07:00:00 | 000,035,424 | -H-- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 07:00:00 | 000,034,560 | -H-- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/03/03 08:21:11 | 001,857,920 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2001/01/26 15:29:00 | 000,058,880 | -H-- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMPRINT.DLL

< %SYSTEMDRIVE%\*.* >
[2004/10/26 22:01:18 | 000,000,104 | -H-- | M] () -- C:\.lnk
[2004/10/26 20:00:03 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2005/01/17 22:44:37 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2005/01/17 23:08:38 | 000,000,283 | -HS- | M] () -- C:\boot.ini
[2004/08/04 07:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/10/26 20:00:03 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2005/10/12 20:28:13 | 000,004,906 | -H-- | M] () -- C:\ffastun.ffa
[2005/10/12 20:28:12 | 000,745,472 | -H-- | M] () -- C:\ffastun.ffl
[2005/10/12 20:28:13 | 000,884,736 | -H-- | M] () -- C:\ffastun.ffo
[2005/10/12 20:28:12 | 000,995,328 | -H-- | M] () -- C:\ffastun0.ffx
[2011/05/02 20:30:05 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2004/10/26 20:32:36 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2004/10/26 20:00:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/02 19:03:58 | 000,003,474 | ---- | M] () -- C:\ioloUpdate.log
[2007/10/17 09:33:23 | 000,091,050 | -H-- | M] () -- C:\jswx.log
[2004/10/26 20:00:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/25 08:42:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/02 20:30:54 | 301,989,888 | -HS- | M] () -- C:\pagefile.sys
[2009/10/05 11:12:52 | 000,141,067 | -H-- | M] () -- C:\web passwords.rtf
[2009/10/22 15:26:08 | 000,000,162 | -H-- | M] () -- C:\~$b passwords.rtf

< %PROGRAMFILES%\*. >
[2009/04/27 12:42:56 | 000,000,000 | -H-D | M] -- C:\Program Files\A Fairy Tale
[2010/07/23 15:04:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2009/03/14 21:39:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Adventures of Robinson Crusoe
[2010/04/20 09:08:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Ancient Quest Of Saqqarah
[2010/01/15 23:25:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2005/03/27 11:45:21 | 000,000,000 | -H-D | M] -- C:\Program Files\ArcSoft
[2008/06/28 15:18:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Autodesk
[2005/02/18 10:22:17 | 000,000,000 | -H-D | M] -- C:\Program Files\AWS
[2004/10/26 21:46:36 | 000,000,000 | -H-D | M] -- C:\Program Files\BackWeb
[2010/07/20 14:42:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2006/12/15 13:31:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Canon
[2011/05/02 19:10:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2004/10/26 21:46:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Compaq Connections
[2004/10/26 19:57:16 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2005/02/18 15:42:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Compton's Home Library
[2004/11/17 06:28:47 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2009/10/30 18:16:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Coupons
[2005/03/19 18:40:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Earth Resource Mapping
[2009/07/06 14:13:53 | 000,000,000 | -H-D | M] -- C:\Program Files\eGames
[2009/08/01 08:31:43 | 000,000,000 | -H-D | M] -- C:\Program Files\epson
[2009/08/01 08:30:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Epson Software
[2008/11/03 21:32:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Family Feud II
[2009/03/01 23:04:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Floating Kingdoms
[2010/07/12 10:08:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Galswin
[2008/12/07 13:58:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Games
[2011/03/17 09:47:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2004/10/26 21:51:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Help and Support Additions
[2008/11/03 21:32:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Hidden Wonders Of The Depths
[2006/02/02 20:18:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Infogrames Interactive
[2011/05/01 19:43:02 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/05/01 23:01:27 | 000,000,000 | -H-D | M] -- C:\Program Files\interMute
[2011/05/01 22:53:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2011/05/01 19:21:28 | 000,000,000 | -H-D | M] -- C:\Program Files\iolo
[2010/07/20 15:02:53 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2009/10/15 10:13:04 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod(2)
[2010/07/20 15:07:05 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2009/10/15 10:13:04 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes(2)
[2010/09/18 11:11:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2009/10/15 10:15:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Juice
[2010/07/20 17:51:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2009/10/27 16:39:26 | 000,000,000 | -H-D | M] -- C:\Program Files\LeapFrog
[2008/11/25 09:05:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2010/01/16 13:07:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft
[2006/07/24 21:17:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/10/15 10:22:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/05/26 20:36:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Forefront UAG
[2004/10/26 20:00:18 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2006/07/24 21:16:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2011/04/22 08:51:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2005/01/18 14:00:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2009/04/27 12:45:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Mortimer Beckett And The Secrets Of Spooky Manor
[2010/08/11 22:30:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2009/12/02 18:00:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2004/10/26 19:56:08 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2004/10/26 19:56:20 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2010/01/16 13:07:56 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Toolbar
[2010/01/16 13:08:14 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Toolbar Installer
[2006/11/17 23:18:36 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2005/02/18 10:22:17 | 000,000,000 | -H-D | M] -- C:\Program Files\MySearch
[2005/03/18 11:04:21 | 000,000,000 | -H-D | M] -- C:\Program Files\MyWebSearch
[2008/11/25 08:44:58 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2011/05/02 19:16:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Norton AntiVirus
[2011/05/02 21:18:44 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/10/20 11:19:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2010/12/16 00:23:09 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/10/15 10:12:33 | 000,000,000 | -H-D | M] -- C:\Program Files\PHAssist
[2010/07/20 14:54:56 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2009/10/15 10:13:10 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime(2)
[2009/10/15 10:16:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Rand McNally
[2008/10/29 21:42:52 | 000,000,000 | -H-D | M] -- C:\Program Files\ReflexiveArcade
[2009/10/17 17:57:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Shared
[2008/10/29 21:40:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Shockwave.com
[2010/07/23 15:04:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Shutterfly
[2005/04/22 10:08:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Sierra On-Line
[2008/12/26 14:40:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Skyhook Wireless
[2004/10/26 21:28:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic
[2004/10/26 21:28:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic RecordNow!
[2011/05/02 19:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/01/05 16:43:46 | 000,000,000 | -H-D | M] -- C:\Program Files\sz18110_7
[2010/03/02 15:00:11 | 000,000,000 | -H-D | M] -- C:\Program Files\sz8001
[2010/03/12 12:19:36 | 000,000,000 | -H-D | M] -- C:\Program Files\sz8034_6
[2007/12/31 10:55:48 | 000,000,000 | -H-D | M] -- C:\Program Files\sz8080_6
[2007/01/19 19:48:21 | 000,000,000 | -H-D | M] -- C:\Program Files\TaxCut06
[2006/02/11 13:59:15 | 000,000,000 | -H-D | M] -- C:\Program Files\The Learning Company
[2011/01/13 10:33:21 | 000,000,000 | -H-D | M] -- C:\Program Files\THQ
[2009/02/06 21:48:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Treasure Seekers - Visions of Gold
[2010/07/24 12:07:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Ubisoft
[2004/10/26 20:03:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/05/29 17:06:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Unity
[2010/10/23 20:06:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Veetle
[2006/02/01 11:05:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Virtools Web Player 3.0
[2010/05/26 20:36:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Whale Communications
[2009/10/15 10:12:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live Safety Center
[2008/11/25 08:44:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2006/07/24 21:16:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Messaging
[2011/05/01 22:54:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2009/10/18 18:40:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Sidebar
[2004/10/26 19:58:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/10/26 20:00:18 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2009/04/27 12:44:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
[2009/03/17 13:50:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Zodiac Tower

< %appdata%\*.* >
[2004/10/26 12:51:19 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 14:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 07:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 14:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 07:00:00 | 000,026,496 | -H-- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | -H-- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | -H-- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-28 04:26:14

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC95B5ED
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACFF27B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8292261
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03B5CC1F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:880F0FEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90574144
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B60C375
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12C32D25
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:270A3983
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8FFA4E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F63AED
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D277F53
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3EFA8A8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB

< End of report >

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
Ran ComboFix, sorry took so long to post log. Had to call my internet provider because my internet wasn't working. It doesn't look like any more virus. Should I go ahead and load my virus protection software.


ComboFix 11-05-02.04 - Administrator 05/03/2011 9:30.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1215.961 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Norton AntiVirus 2005 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton Internet Worm Protection *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\18865972.exe
c:\documents and settings\All Users\Application Data\iVxRnQyKaCplSN.exe
c:\documents and settings\All Users\Application Data\mC28601DiIgM28601
c:\documents and settings\All Users\Application Data\mC28601DiIgM28601\mC28601DiIgM28601
c:\documents and settings\All Users\Application Data\mC28601DiIgM28601\mC28601DiIgM28601.exe
c:\documents and settings\Compaq_Owner\test.exe
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
C:\Microsoft
c:\program files\Common Files\ebyduho.dl
c:\program files\MySearch
c:\program files\MySearch\bar\History\search
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.htm
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\windows\Downloaded Program Files\DM.0
c:\windows\Downloaded Program Files\DM.1
c:\windows\Downloaded Program Files\DM.1\DMService.exe
c:\windows\Downloaded Program Files\DM.1\WhlMgr.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
c:\windows\Downloaded Program Files\MiniBugTransporter.dll
c:\windows\idiri._sy
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\rnaph.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DMService
-------\Legacy_DMService
-------\Service_DMService
-------\Service_DMService
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-03 02:18 . 2011-05-03 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2011-05-03 02:18 . 2011-05-03 02:18 -------- d-----w- c:\program files\NOS
2011-05-03 01:36 . 2011-05-03 14:34 -------- d-----w- c:\documents and settings\Administrator
2011-05-03 00:10 . 2004-08-09 17:59 83168 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-03 00:10 . 2004-08-09 17:59 103952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-03 00:09 . 2011-05-03 00:10 -------- d-----w- c:\program files\Symantec
2011-05-02 04:01 . 2011-05-02 04:01 -------- d--h--w- c:\program files\interMute
2011-05-02 03:54 . 2011-05-02 03:54 181248 ---ha-w- c:\program files\Windows NT\dwm.exe
2011-05-02 03:53 . 2011-05-02 03:53 170496 ---ha-w- c:\program files\Internet Explorer\conhost.exe
2011-05-02 00:21 . 2011-03-15 06:36 2234552 ---ha-w- c:\windows\system32\Incinerator.dll
2011-05-02 00:17 . 2011-05-02 00:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2011-05-02 00:16 . 2010-09-23 18:29 511328 ---ha-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2011-05-02 00:16 . 2010-06-29 23:30 9341 ---ha-w- c:\windows\system32\drivers\filedisk.sys
2011-05-02 00:15 . 2011-05-02 00:21 -------- d--h--w- c:\program files\iolo
2011-05-02 00:14 . 2011-05-02 00:14 -------- d-----w- C:\iolo
2011-05-02 00:02 . 2011-05-02 00:02 74703 ---ha-w- c:\windows\system32\mfc45.dll
2011-05-02 00:01 . 2011-05-03 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2011-04-14 08:39 . 2011-04-14 08:39 103864 ---ha-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 20:16 . 2009-07-15 14:09 398760 ---ha-r- c:\windows\system32\cpnprt2.cid
2011-03-07 05:33 . 2004-11-17 11:09 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-11-17 10:49 420864 ---ha-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-11-17 10:49 1857920 ---ha-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-11-17 11:09 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-11-17 11:09 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2004-11-17 10:49 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-02-22 11:41 . 2004-11-17 11:09 385024 ---ha-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-11-17 11:10 455936 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-11-17 10:48 357888 ---ha-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 12:33 5120 ---ha-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-11-17 11:08 290432 ---ha-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-11-17 11:09 229888 ---ha-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-11-17 11:09 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-02-09 13:53 . 2004-11-17 10:48 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-08 13:33 . 2004-11-17 11:09 978944 ---ha-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-11-17 11:09 974848 ---ha-w- c:\windows\system32\mfc42u.dll
2008-12-26 19:40 . 2009-12-02 23:01 2520032 ---ha-w- c:\program files\mozilla firefox\components\1282669.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON NX100 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE" [2008-02-04 188928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-08 57344]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-01-23 36864]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 58488]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]
"NAV CfgWiz"="c:\program files\Norton AntiVirus\CfgWiz.exe" [2004-08-17 132248]
"conhost"="c:\documents and settings\Compaq_Owner\Application Data\Microsoft\conhost.exe" [2011-05-03 170496]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R2 atisvc_tmfha;atisvc_tmfha;c:\windows\system32\cadhgw\atisvc_tmfha.exe [12/26/2008 2:40 PM 408230]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/1/2011 7:16 PM 724152]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/1/2011 7:16 PM 724152]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [5/26/2010 8:37 PM 149904]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [3/27/2005 12:32 PM 515803]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2010 8:06 PM 136176]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 8:12 PM 102448]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2010 8:06 PM 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [11/17/2004 5:48 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SYMREDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a19ceb1e-fb82-11dd-93d1-0011d810b45a}]
\Shell\AutoRun\command - F:\Imageviewer.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 01:06]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 01:06]
.
2011-05-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2011-05-03 22:26]
.
2011-05-02 c:\windows\Tasks\User_Feed_Synchronization-{934C330A-1743-4407-BF40-7B65DA3CE113}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.tds.net/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56242
Trusted Zone: hrblock.com\www
Trusted Zone: hrblock.com\www.taxes
Trusted Zone: hrblock.com\www.taxeshelp
DPF: {1D8A63E5-F219-11D4-9BD1-000039051213} - hxxp://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/CouponBar/CouponBar.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
HKCU-Run-Norton Download Manager{N360S_prod_1.19_4.1.0.32} - c:\documents and settings\All Users\Documents\Norton\{N360S_prod_1.19_4.1.0.32}\N360Downloader.exe
HKCU-Run-iVxRnQyKaCplSN - c:\documents and settings\All Users\Application Data\iVxRnQyKaCplSN.exe
HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 09:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\rarliw32.exe 67072 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1160)
c:\windows\system32\WININET.dll
c:\windows\system32\cadhgw\mcie_ghcdt.dll
c:\windows\system32\cadhgw\mca_fwpux.dll
c:\windows\system32\cadhgw\mcapp_nfgbf.dll
c:\windows\system32\cadhgw\AWTKernel32_diysf.dll
c:\windows\system32\cadhgw\ATIDLL_jieok.dll
c:\windows\system32\cadhgw\mcsc_irvkl.dll
c:\windows\system32\cadhgw\mcy_fpela.dll
c:\windows\system32\cadhgw\mcmsg_nkonx.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\jscript.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
.
- - - - - - - > 'csrss.exe'(612)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\documents and settings\Compaq_Owner\Application Data\dwm.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\csrss.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\VTTimer.exe
c:\windows\AGRSMMSG.exe
c:\windows\ALCXMNTR.EXE
c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Norton AntiVirus\IWP\NPFMntor.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
.
**************************************************************************
.
Completion time: 2011-05-03 09:48:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-03 14:48
.
Pre-Run: 27,662,630,912 bytes free
Post-Run: 26,495,971,328 bytes free
.
- - End Of File - - 395ACE5993C84BEB5F97892A2941B1E6

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
Let's make sure there isn't more infection...

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below


windows recovery, ms removal, xp home security AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop
    windows recovery, ms removal, xp home security AswMBR_SaveLog

  • Copy and paste the contents of aswMBR.txt back here for review

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
Last night I still had MS Removal tool. I actually ran ComboFix again after figuring out that McAfee was somehow still on my computer and installing it using a tool from here. I then installed my antivirus software. Should I still download aswMBR? And if so do I need to uninstall my antivirus software or turn off.

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
Went ahead and did scan here is the log

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-04 20:21:32
-----------------------------
20:21:32.281 OS Version: Windows 5.1.2600 Service Pack 3
20:21:32.281 Number of processors: 1 586 0xA00
20:21:32.281 ComputerName: GRAVOTS UserName:
20:21:34.859 Initialize success
20:21:37.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
20:21:37.781 Disk 0 Vendor: WDC_WD600BB-22JHA0 05.01C05 Size: 57241MB BusType: 3
20:21:39.796 Disk 0 MBR read successfully
20:21:39.796 Disk 0 MBR scan
20:21:39.796 Disk 0 Windows XP default MBR code
20:21:41.796 Disk 0 scanning sectors +117225360
20:21:41.812 Disk 0 scanning C:\WINDOWS\system32\drivers
20:21:59.359 Service scanning
20:22:00.593 Disk 0 trace - called modules:
20:22:00.609 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x896b11ed]<<
20:22:00.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89714ab8]
20:22:00.609 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000061[0x897c49e8]
20:22:00.609 5 ACPI.sys[ba05f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8977bd98]
20:22:00.609 \Driver\atapi[0x897d39b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x896b11ed
20:22:00.609 Scan finished successfully
20:22:22.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
20:22:22.328 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"


descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
Please upload MBR.dat, located on your Desktop, to Rapidshare, and then post the download link here.

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
https://rapidshare.com/files/460955868/aswMBR.txt

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
There should've been MBR.dat on there. Was it not there?

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
https://rapidshare.com/files/461217806/MBR.dat

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
Sorry about that. Was it that it wouldn't download or did I put the wrong thing on there. If it was the wrong thing I found MBR dat on desktop and the link above is hopefully it. I had download aswMBR to the site.

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
Please download Rooter and Save it to your desktop

  1. Double click it to start the tool.
  2. Click Scan.
  3. Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 10 Stepping 0, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:51 Go - Free:26 Go )
D:\ [Fixed-FAT32] .. ( Total:4 Go - Free:0 Go )
E:\ [CD_Rom]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
.
Scan : 13:23.29
Path : C:\Documents and Settings\Compaq_Owner\Desktop\Rooter.exe
User : Compaq_Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (556)
______ \??\C:\WINDOWS\system32\csrss.exe (620)
______ \??\C:\WINDOWS\system32\winlogon.exe (644)
______ C:\WINDOWS\system32\services.exe (688)
______ C:\WINDOWS\system32\lsass.exe (700)
______ C:\WINDOWS\system32\svchost.exe (860)
______ C:\WINDOWS\system32\svchost.exe (936)
______ C:\WINDOWS\System32\svchost.exe (1040)
______ C:\WINDOWS\system32\svchost.exe (1100)
______ C:\WINDOWS\system32\svchost.exe (1204)
______ C:\WINDOWS\system32\LEXBCES.EXE (1580)
______ C:\WINDOWS\system32\spoolsv.exe (1616)
______ C:\WINDOWS\system32\LEXPPS.EXE (1632)
______ C:\WINDOWS\system32\svchost.exe (364)
______ C:\windows\system\hpsysdrv.exe (416)
______ C:\HP\KBD\KBD.EXE (436)
______ C:\WINDOWS\system32\VTTimer.exe (452)
______ C:\WINDOWS\AGRSMMSG.exe (460)
______ C:\WINDOWS\ALCXMNTR.EXE (472)
______ C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (912)
______ C:\Program Files\iTunes\iTunesHelper.exe (1192)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1876)
______ C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe (1904)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1936)
______ C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe (1988)
______ C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (528)
______ C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (596)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (996)
______ C:\WINDOWS\system32\svchost.exe (2108)
______ C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (2168)
______ C:\WINDOWS\system32\wdfmgr.exe (2280)
______ C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (2360)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2416)
______ C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe (2460)
______ C:\Program Files\Canon\CAL\CALMAIN.exe (2508)
______ C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (2524)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2732)
______ C:\Program Files\iPod\bin\iPodService.exe (3460)
______ C:\WINDOWS\System32\alg.exe (4080)
______ C:\Program Files\iolo\System Mechanic PC TotalCare\System Shield\ioloSSTray.exe (2648)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (3456)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (2344)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (2324)
______ C:\WINDOWS\explorer.exe (1608)
______ C:\Program Files\Outlook Express\msimn.exe (4056)
______ C:\WINDOWS\system32\ctfmon.exe (3344)
______ C:\Program Files\QuickTime\qttask.exe (3240)
______ C:\Program Files\internet explorer\iexplore.exe (1968)
______ C:\Program Files\internet explorer\iexplore.exe (3584)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (2928)
______ C:\Documents and Settings\Compaq_Owner\Desktop\Rooter.exe (2136)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:4497744384)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:4497776640 | Length:55521607680)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\Symantec NetDetect.job
C:\WINDOWS\Tasks\User_Feed_Synchronization-{934C330A-1743-4407-BF40-7B65DA3CE113}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 13:23.50
.
C:\Rooter$\Rooter_1.txt - (10/05/2011 | 13:23.50)

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

descriptionwindows recovery, ms removal, xp home security EmptyRe: windows recovery, ms removal, xp home security

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum