TheTechGuide Forum

General Category => Tech Clinic => Topic started by: mickapoo on May 07, 2011, 07:43:50 AM

Title: Massive Infection, can't get online
Post by: mickapoo on May 07, 2011, 07:43:50 AM
I need your help desperately, please!! Had to come use my neighbor's computer as some sort of malware is blocking my internet access.

- Constant "critical system alerts" pop up, disguising themselves as being from MS Security 2011 (see attached)
- When I open IE or FF, I get an alert that it is infected, and can't get past it.
- I tried to open Malwarebytes to run a scan, but it won't open.
- Servers that I access via FTP are being hijacked, so I wonder if this malware is stealing my FTP log ins.

What do you recommend, and should I/can I run malwarebytes from the command line to get rid of this malware? I am completely helpless without internet access, cannot do my job! Thank you!!
Title: Massive Infection, can't get online
Post by: mickapoo on May 07, 2011, 08:19:26 AM
I ran hijackthis and copied the log into an email and am sending it from my neighbor's computer.


Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:36 AM, on 5/7/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Evelyn\Local Settings\Application Data\bjl.exe
C:\Documents and Settings\Evelyn\Desktop\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Qcazeviwece] rundll32.exe "C:\WINDOWS\ogatezezuquj.dll",Startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ywowu] rundll32.exe  "C:\WINDOWS\kbdl32.dll",Startup
O4 - HKCU\..\Run: [3Z1Y3ZXH5C1H8B9XH] C:\us10464xxx\us10464xxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Evelyn\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mickapoo.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/msxml4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://store02.prostores.com/storeadmin/utilities/pssbedit.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
--
End of file - 10464 bytes
Title: Massive Infection, can't get online
Post by: guestolo on May 07, 2011, 10:21:45 AM
Is this the same computer you have another topic started?

Regardless, let me know if you are able to do the following
Reboot your computer into SAFE MODE with Networking
Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.
Title: Massive Infection, can't get online
Post by: mickapoo on May 07, 2011, 02:44:18 PM
Yes, it is the same computer. After we cleared up the last issue, this started happening. Sorry, I thought it was sort of a new issue so I started a new topic for it. I will go back to my computer & do the items you instructed above.

Just an FYI, but as a side note, when ever these pop ups would appear, I would see bjl.exe come up in the task manager. When I end that process, the pop up closes.

C:\Documents and Settings\Evelyn\Local Settings\Application Data\bjl.exe
Title: Massive Infection, can't get online
Post by: mickapoo on May 07, 2011, 03:34:23 PM
Taking into consideration:
1. Every time the "Windows Alert" popped up, the bjl.exe file appeared in the task manager (under processes), and closing that closed the pop up
AND
2. I saw that the bjl.exe file was created last night (which was when these strange pop ups all started happening)

I deleted this file:
C:\Documents and Settings\Evelyn\Local Settings\Application Data\bjl.exe

..................................................................................
Here is the OTL log:

OTL logfile created on: 5/7/2011 4:14:26 PM - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Evelyn\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 750.00 Mb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 39.75 Gb Free Space | 42.68% Space Free | Partition Type: NTFS
 
Computer Name: EV | User Name: Evelyn | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/06 22:34:05 | 000,234,033 | -HS- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\bjl.exe
PRC - [2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011/05/04 10:32:01 | 003,274,328 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2010/06/19 17:27:18 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/01/06 17:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/06/19 17:27:23 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/06/19 17:27:12 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/06/19 17:27:10 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/19 17:26:59 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/04/04 14:42:24 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/04 11:37:28 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 22:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 21:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/10/11 21:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/26 00:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2005/03/01 12:01:40 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/09/14 12:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {392AD5F1-178C-42E4-B43D-B75C2D07B49B}:1.9.1
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Documents%20and%20Settings/Evelyn/My%20Documents/My%20Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_494413fd.pac"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/11/30 21:56:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}: C:\Documents and Settings\Evelyn\Local Settings\Application Data\{392AD5F1-178C-42E4-B43D-B75C2D07B49B} [2011/05/04 19:39:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/06 14:44:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Firefox\components [2011/04/30 19:55:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011/05/06 09:34:57 | 000,000,000 | ---D | M]
 
[2009/01/07 13:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Extensions
[2011/05/06 16:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions
[2010/09/20 14:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 09:00:01 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/09/06 09:04:23 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\[email protected]
[2009/01/29 22:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/04 19:39:59 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\EVELYN\LOCAL SETTINGS\APPLICATION DATA\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}
[2011/05/06 14:44:00 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/04/23 22:08:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011/04/23 22:07:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
 
O1 HOSTS File: ([2010/05/13 17:53:40 | 000,001,204 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LXBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Qcazeviwece] C:\WINDOWS\ogatezezuquj.dll (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [3Z1Y3ZXH5C1H8B9XH]  File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [Ywowu]  File not found
O4 - Startup: C:\Documents and Settings\Evelyn\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Evelyn\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://mickapoo.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqnbk2/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} http://store02.prostores.com/storeadmin/utilities/pssbedit.cab (SiteBuilderEditor Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Evelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Evelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/25 01:01:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Evelyn\Local Settings\Application Data\bjl.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Evelyn\Local Settings\Application Data\bjl.exe" -a "%1" %* ()
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/07 10:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/05/06 14:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Start Menu\Programs\Dropbox
[2011/05/06 14:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\Dropbox
[2011/05/06 09:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\AVG10
[2011/05/06 09:08:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/06 08:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/04 19:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}
[2011/04/24 00:55:59 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/04/23 22:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\SEO PowerSuite
[2011/04/23 22:08:18 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/23 22:08:17 | 000,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2011/04/23 22:08:17 | 000,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/23 22:08:17 | 000,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/23 22:08:17 | 000,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/20 11:28:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2011/04/20 07:29:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Evelyn\Desktop\HijackThis.exe
[2011/04/20 07:26:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Evelyn\Recent
[2011/04/11 14:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/04/11 14:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/07 16:14:52 | 000,016,638 | -HS- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\3x41wrg1bdk74r644p5lin01f7k5jp7s5l3846d5642xs
[2011/05/07 16:14:52 | 000,016,638 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3x41wrg1bdk74r644p5lin01f7k5jp7s5l3846d5642xs
[2011/05/07 15:53:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 10:48:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/07 10:06:02 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rnelabuyutomobu.dat
[2011/05/07 07:58:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Aregecaba.bin
[2011/05/06 23:48:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 22:34:10 | 000,151,497 | ---- | M] () -- C:\Documents and Settings\Evelyn\null0.6659107411444707.exe
[2011/05/06 22:34:05 | 000,234,033 | -HS- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\bjl.exe
[2011/05/06 14:09:16 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\Evelyn\Desktop\Dropbox.lnk
[2011/05/06 14:07:16 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\Evelyn\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/06 09:35:00 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/06 09:23:10 | 000,496,526 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/06 09:23:10 | 000,084,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/30 10:48:44 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/26 18:19:19 | 000,489,984 | ---- | M] () -- C:\Documents and Settings\Evelyn\TheBestSpinner.exe
[2011/04/24 00:55:59 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/04/23 22:18:23 | 000,453,954 | ---- | M] () -- C:\Documents and Settings\Evelyn\.linkassistant.properties
[2011/04/23 22:09:09 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\Evelyn\Desktop\SEO SpyGlass.lnk
[2011/04/23 22:07:53 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/23 22:07:53 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/23 22:07:53 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/23 22:07:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/23 22:07:52 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2011/04/20 07:29:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Evelyn\Desktop\HijackThis.exe
[2011/04/15 11:27:48 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
 
========== Files Created - No Company Name ==========
 
[2011/05/06 22:34:10 | 000,016,638 | -HS- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\3x41wrg1bdk74r644p5lin01f7k5jp7s5l3846d5642xs
[2011/05/06 22:34:10 | 000,016,638 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3x41wrg1bdk74r644p5lin01f7k5jp7s5l3846d5642xs
[2011/05/06 22:34:05 | 000,234,033 | -HS- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\bjl.exe
[2011/05/06 22:33:57 | 000,151,497 | ---- | C] () -- C:\Documents and Settings\Evelyn\null0.6659107411444707.exe
[2011/05/06 14:09:16 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\Evelyn\Desktop\Dropbox.lnk
[2011/05/06 14:07:16 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\Evelyn\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/04 19:40:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rnelabuyutomobu.dat
[2011/05/04 19:40:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Aregecaba.bin
[2011/04/26 18:14:43 | 000,489,984 | ---- | C] () -- C:\Documents and Settings\Evelyn\TheBestSpinner.exe
[2011/04/23 22:18:23 | 000,453,954 | ---- | C] () -- C:\Documents and Settings\Evelyn\.linkassistant.properties
[2011/04/23 22:09:09 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\Evelyn\Desktop\SEO SpyGlass.lnk
[2011/02/11 22:07:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\Overdub.ini
[2011/02/11 22:07:33 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\HYSBUAYB.SYS
[2011/02/04 15:45:55 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/10/07 18:33:20 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2010/06/17 17:47:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\PUTTY.RND
[2010/05/08 18:37:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/08 18:37:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/08 18:37:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/08 18:37:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/08 18:37:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/01 20:37:51 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\FEED65
[2009/12/01 20:37:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\mcs.rma
[2009/06/18 20:43:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2009/02/27 15:27:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/01/17 10:50:13 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/06/18 15:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/12 16:13:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/10 10:09:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2008/06/06 11:41:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/27 16:23:46 | 000,006,540 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\PrimoPDFSet.xml
[2008/05/27 16:23:45 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\APUSet.xml
[2008/05/27 16:05:15 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/26 09:07:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll
[2008/04/10 20:12:32 | 000,001,359 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/08 17:51:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/08 17:42:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/04 09:28:10 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/04 09:27:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/03 21:23:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:35:42 | 000,102,236 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2008/03/30 18:52:22 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 19:53:00 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/03/27 19:52:47 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/03/27 19:52:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/27 14:54:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/25 01:03:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 00:58:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/24 16:15:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/24 16:12:21 | 001,441,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,496,526 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,084,844 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 13:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 13:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >


Here is the Extras.txt file:

OTL Extras logfile created on: 5/7/2011 4:14:26 PM - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Evelyn\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 750.00 Mb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 39.75 Gb Free Space | 42.68% Space Free | Partition Type: NTFS
 
Computer Name: EV | User Name: Evelyn | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\bjl.exe ()
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application
"C:\Documents and Settings\Evelyn\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Evelyn\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18DF995F-2ACC-47E4-A33B-A703F4D39E92}" = CuteFTP 5.0 XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.14
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B78823CD-488F-43B4-80D6-FAEADAE40EC4}" = Instant Wireless USB Adapter
"{BAFDD9A5-0E66-41B9-B163-1F217CFA7919}" = VolusionLiveChat
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Akamai" = Akamai NetSession Interface
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitZipper_is1" = BitZipper 5.0.4
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core FTP LE 2.1" = Core FTP LE 2.1
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Lexmark 6200 Series" = Lexmark 6200 Series
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orbit_is1" = Orbit Downloader
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"seopowersuite" = LinkAssistant
"TheBestSpinner" = TheBestSpinner
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/12/2011 5:29:56 PM | Computer Name = EV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.4095, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 4/12/2011 5:30:01 PM | Computer Name = EV | Source = Application Hang | ID = 1001
Description = Fault bucket -1932755128.
 
Error - 4/12/2011 5:31:59 PM | Computer Name = EV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.4095, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 4/12/2011 5:39:32 PM | Computer Name = EV | Source = Application Hang | ID = 1001
Description = Fault bucket -1932755128.
 
Error - 4/15/2011 1:30:17 PM | Computer Name = EV | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x03210183.
 
Error - 5/6/2011 1:46:49 PM | Computer Name = EV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
 module ogatezezuquj.dll, version 0.0.0.0, fault address 0x00025e4b.
 
Error - 5/6/2011 1:47:29 PM | Computer Name = EV | Source = Application Error | ID = 1001
Description = Fault bucket -1862698571.
 
Error - 5/6/2011 2:19:12 PM | Computer Name = EV | Source = Application Hang | ID = 1002
Description = Hanging application Photoshp.exe, version 5.0.128.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 5/6/2011 2:57:38 PM | Computer Name = EV | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed
 
Error - 5/6/2011 3:19:28 PM | Computer Name = EV | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed
 
[ System Events ]
Error - 5/7/2011 9:11:19 AM | Computer Name = EV | Source = Service Control Manager | ID = 7034
Description = The Acronis Nonstop Backup service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 5/7/2011 3:53:47 PM | Computer Name = EV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 5/7/2011 3:54:01 PM | Computer Name = EV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 5/7/2011 3:54:53 PM | Computer Name = EV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Fips  intelppm
 
Error - 5/7/2011 3:58:32 PM | Computer Name = EV | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1460
 
Error - 5/7/2011 4:13:22 PM | Computer Name = EV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
 arguments ""  in order to run the server:  {000C101C-0000-0000-C000-000000000046}
 
Error - 5/7/2011 4:13:22 PM | Computer Name = EV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
 arguments ""  in order to run the server:  {000C101C-0000-0000-C000-000000000046}
 
Error - 5/7/2011 4:13:41 PM | Computer Name = EV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
 arguments ""  in order to run the server:  {000C101C-0000-0000-C000-000000000046}
 
Error - 5/7/2011 4:13:41 PM | Computer Name = EV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
 arguments ""  in order to run the server:  {000C101C-0000-0000-C000-000000000046}
 
Error - 5/7/2011 4:14:26 PM | Computer Name = EV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
< End of report >
Title: Massive Infection, can't get online
Post by: guestolo on May 07, 2011, 03:57:18 PM
Download and save to desktop FixNCR.reg (http://"http://download.bleepingcomputer.com/reg/FixNCR.reg")
Double click on FixNCR.reg and allow to add/merge to the registry at the prompt

Double  click on OTL.exe and Run it
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition: Do the next steps
Download and Save directly to your desktop
iExplore.exe (http://"http://download.bleepingcomputer.com/grinler/iExplore.exe")
Make sure it's saved to your desktop

double-click on the iExplore.exe
When it has finished, the black window will automatically close
If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning
 If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again.

Open Malwarebyte's Anti-Malware
Click on the Update tab and check for updates
After updatingExtra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Title: Massive Infection, can't get online
Post by: mickapoo on May 07, 2011, 04:16:31 PM
[quote name='guestolo' date='07 May 2011 - 04:57 PM' timestamp='1304801838' post='479213']
...On startup, Allow OTL to run if prompted
A log should open, can you post it please
[/quote]


Am doing the rest of the steps, but here is the OTL log that popped up after rebooting:

All processes killed
========== OTL ==========
No active process named bjl.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Qcazeviwece deleted successfully.
C:\WINDOWS\ogatezezuquj.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\3Z1Y3ZXH5C1H8B9XH deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ywowu deleted successfully.
File C:\Documents and Settings\Evelyn\Local Settings\Application Data\3x41wrg1bdk74r644p5lin01f7k5jp7s5l3846d5642xs not found.
C:\Documents and Settings\All Users\Application Data\3x41wrg1bdk74r644p5lin01f7k5jp7s5l3846d5642xs moved successfully.
C:\WINDOWS\Rnelabuyutomobu.dat moved successfully.
C:\WINDOWS\Aregecaba.bin moved successfully.
C:\Documents and Settings\Evelyn\null0.6659107411444707.exe moved successfully.
File C:\Documents and Settings\Evelyn\Local Settings\Application Data\bjl.exe not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Evelyn\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Evelyn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 16654 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3258313 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Evelyn
->Temp folder emptied: 41879434 bytes
->Temporary Internet Files folder emptied: 149301682 bytes
->Java cache emptied: 30925 bytes
->FireFox cache emptied: 28916675 bytes
->Flash cache emptied: 1812 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Sue
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37000 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 101476388 bytes
 
Total Files Cleaned = 310.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
 
User: Evelyn
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
->Flash cache emptied: 0 bytes
 
User: Sue
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05072011_171042

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Evelyn\Local Settings\Temp\~DF86A9.tmp not found!
File\Folder C:\Documents and Settings\Evelyn\Local Settings\Temp\~DF8ECF.tmp not found!
File\Folder C:\Documents and Settings\Evelyn\Local Settings\Temp\~DFB79A.tmp not found!
File\Folder C:\Documents and Settings\Evelyn\Local Settings\Temp\~DFB7A5.tmp not found!
File\Folder C:\Documents and Settings\Evelyn\Local Settings\Temp\~DFB8C2.tmp not found!
File\Folder C:\Documents and Settings\Evelyn\Local Settings\Temp\~DFB8D1.tmp not found!
File\Folder C:\Documents and Settings\Evelyn\Local Settings\Temp\~DFB9D2.tmp not found!
File\Folder C:\Documents and Settings\Evelyn\Local Settings\Temp\~DFB9E2.tmp not found!
C:\Documents and Settings\Evelyn\Local Settings\Temporary Internet Files\Content.IE5\AVAWH9EI\index[4].php moved successfully.

Registry entries deleted on Reboot...
Title: Massive Infection, can't get online
Post by: mickapoo on May 07, 2011, 04:32:21 PM
Here is the MBAM log, and thank you again for all of your help!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6528

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/7/2011 5:30:38 PM
mbam-log-2011-05-07 (17-30-38).txt

Scan type: Quick scan
Objects scanned: 154776
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\usxxxxxxxx (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
c:\usxxxxxxxx\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Title: Massive Infection, can't get online
Post by: guestolo on May 07, 2011, 04:39:28 PM
Looks good, I would just like to see a couple more logs
Can you reopen OTL.exe and choose to run a "Quick Scan"
When it's done, post the report that opens

In addition:
 
Title: Massive Infection, can't get online
Post by: mickapoo on May 07, 2011, 04:48:24 PM
[quote name='guestolo' date='07 May 2011 - 05:39 PM' timestamp='1304804368' post='479216']
Can you reopen OTL.exe and choose to run a "Quick Scan"
When it's done, post the report that opens
[/quote]

Should I check "Use SafeList" under Extra Registry?
Title: Massive Infection, can't get online
Post by: guestolo on May 07, 2011, 05:02:21 PM
Sorry, yes please, I may as well check out a registry setting that wasn't correct earlier
Post both logs>> OTL.txt and Extras.txt
Title: Massive Infection, can't get online
Post by: mickapoo on May 07, 2011, 05:16:37 PM
I'm not sure what I did wrong, and I ran OTL twice (double checking that I checked off "use safelist", but neither time did it post the Extras.txt log.

Here is the OTL log:

OTL logfile created on: 5/7/2011 6:04:02 PM - Run 6
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Evelyn\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 458.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 39.98 Gb Free Space | 42.92% Space Free | Partition Type: NTFS
 
Computer Name: EV | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
PRC - [2010/06/19 17:27:18 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/03/27 16:07:26 | 000,362,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011/05/04 10:32:01 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2010/06/19 17:27:18 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/01/06 17:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/06/19 17:27:23 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/06/19 17:27:12 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/06/19 17:27:10 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/19 17:26:59 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/04/04 14:42:24 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/04 11:37:28 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 22:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 21:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/10/11 21:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/26 00:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2005/03/01 12:01:40 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/09/14 12:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {392AD5F1-178C-42E4-B43D-B75C2D07B49B}:1.9.1
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Documents%20and%20Settings/Evelyn/My%20Documents/My%20Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_494413fd.pac"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/11/30 21:56:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}: C:\Documents and Settings\Evelyn\Local Settings\Application Data\{392AD5F1-178C-42E4-B43D-B75C2D07B49B} [2011/05/04 19:39:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/06 14:44:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Firefox\components [2011/04/30 19:55:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011/05/06 09:34:57 | 000,000,000 | ---D | M]
 
[2009/01/07 13:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Extensions
[2011/05/07 17:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions
[2010/09/20 14:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 09:00:01 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/09/06 09:04:23 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\[email protected]
[2009/01/29 22:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/04 19:39:59 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\EVELYN\LOCAL SETTINGS\APPLICATION DATA\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}
[2011/05/06 14:44:00 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/04/23 22:08:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011/04/23 22:07:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
 
O1 HOSTS File: ([2010/05/13 17:53:40 | 000,001,204 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LXBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [msnmsgr]  File not found
O4 - Startup: C:\Documents and Settings\Evelyn\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Evelyn\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://mickapoo.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqnbk2/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} http://store02.prostores.com/storeadmin/utilities/pssbedit.cab (SiteBuilderEditor Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Evelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Evelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/25 01:01:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/07 10:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/05/06 14:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Start Menu\Programs\Dropbox
[2011/05/06 14:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\Dropbox
[2011/05/06 09:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\AVG10
[2011/05/06 09:08:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/06 08:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/04 19:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}
[2011/04/24 00:55:59 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/04/23 22:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\SEO PowerSuite
[2011/04/20 11:28:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2011/04/20 07:29:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Evelyn\Desktop\HijackThis.exe
[2011/04/20 07:26:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Evelyn\Recent
[2011/04/11 14:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/04/11 14:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/07 17:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/07 17:37:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 17:33:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 17:16:52 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Evelyn\Desktop\iExplore.exe
[2011/05/07 17:09:00 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\Evelyn\Desktop\FixNCR.reg
[2011/05/06 14:09:16 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\Evelyn\Desktop\Dropbox.lnk
[2011/05/06 14:07:16 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\Evelyn\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/06 09:35:00 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/06 09:23:10 | 000,496,526 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/06 09:23:10 | 000,084,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/30 10:48:44 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/26 18:19:19 | 000,489,984 | ---- | M] () -- C:\Documents and Settings\Evelyn\TheBestSpinner.exe
[2011/04/24 00:55:59 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/04/23 22:18:23 | 000,453,954 | ---- | M] () -- C:\Documents and Settings\Evelyn\.linkassistant.properties
[2011/04/23 22:09:09 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\Evelyn\Desktop\SEO SpyGlass.lnk
[2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2011/04/20 07:29:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Evelyn\Desktop\HijackThis.exe
[2011/04/15 11:27:48 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
 
========== Files Created - No Company Name ==========
 
[2011/05/07 17:16:52 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Evelyn\Desktop\iExplore.exe
[2011/05/07 17:09:08 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\Evelyn\Desktop\FixNCR.reg
[2011/05/06 14:09:16 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\Evelyn\Desktop\Dropbox.lnk
[2011/05/06 14:07:16 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\Evelyn\Start Menu\Programs\Startup\Dropbox.lnk
[2011/04/26 18:14:43 | 000,489,984 | ---- | C] () -- C:\Documents and Settings\Evelyn\TheBestSpinner.exe
[2011/04/23 22:18:23 | 000,453,954 | ---- | C] () -- C:\Documents and Settings\Evelyn\.linkassistant.properties
[2011/04/23 22:09:09 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\Evelyn\Desktop\SEO SpyGlass.lnk
[2011/02/11 22:07:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\Overdub.ini
[2011/02/11 22:07:33 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\HYSBUAYB.SYS
[2011/02/04 15:45:55 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/10/07 18:33:20 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2010/06/17 17:47:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\PUTTY.RND
[2010/05/08 18:37:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/08 18:37:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/08 18:37:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/08 18:37:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/08 18:37:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/01 20:37:51 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\FEED65
[2009/12/01 20:37:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\mcs.rma
[2009/06/18 20:43:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2009/02/27 15:27:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/01/17 10:50:13 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/06/18 15:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/12 16:13:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/10 10:09:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2008/06/06 11:41:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/27 16:23:46 | 000,006,540 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\PrimoPDFSet.xml
[2008/05/27 16:23:45 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\APUSet.xml
[2008/05/27 16:05:15 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/26 09:07:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll
[2008/04/10 20:12:32 | 000,001,359 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/08 17:51:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/08 17:42:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/04 09:28:10 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/04 09:27:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/03 21:23:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:35:42 | 000,102,236 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2008/03/30 18:52:22 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 19:53:00 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/03/27 19:52:47 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/03/27 19:52:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/27 14:54:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/25 01:03:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 00:58:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/24 16:15:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/24 16:12:21 | 001,441,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,496,526 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,084,844 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 13:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 13:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
 
========== LOP Check ==========
 
[2008/11/04 21:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/06/19 19:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/01/29 17:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/05/06 09:08:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/05 09:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2011/05/06 09:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/03 15:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2009/01/19 14:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/04/21 21:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/05/31 22:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/10/03 21:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/08 11:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/04 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/04 23:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Acronis
[2009/01/29 17:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Ashampoo
[2011/05/06 09:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\AVG10
[2008/06/10 08:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\BitZipper
[2010/10/07 15:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\CoreFTP
[2011/05/07 17:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Dropbox
[2010/06/05 09:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\eFax Messenger
[2010/02/23 11:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Facebook
[2010/06/17 19:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\FileZilla
[2009/04/04 14:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\GetRightToGo
[2008/03/28 19:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\GlobalSCAPE
[2008/04/03 18:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Helios
[2010/06/05 09:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\j2 Global
[2010/06/14 09:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\JGsoft
[2008/06/22 20:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\LimeWire
[2009/02/03 15:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Nitro PDF
[2011/04/13 11:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Orbit
[2009/01/05 11:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Radmin
[2008/05/24 22:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\SecondLife
[2008/04/12 09:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Snapfish
[2011/04/03 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/01/05 10:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\TeamViewer
[2010/02/12 21:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
Title: Massive Infection, can't get online
Post by: mickapoo on May 07, 2011, 05:21:24 PM
[quote name='guestolo' date='07 May 2011 - 05:39 PM' timestamp='1304804368' post='479216']
In addition:
 [/quote]


It did not prompt me to reboot, and here is the log:

------------------------------------------------------------------------------------------------------

2011/05/07 18:18:08.0390 0716   TDSS rootkit removing tool 2.5.0.0 May  1 2011 14:20:16
2011/05/07 18:18:08.0796 0716   ================================================================================
2011/05/07 18:18:08.0796 0716   SystemInfo:
2011/05/07 18:18:08.0796 0716   
2011/05/07 18:18:08.0796 0716   OS Version: 5.1.2600 ServicePack: 2.0
2011/05/07 18:18:08.0796 0716   Product type: Workstation
2011/05/07 18:18:08.0796 0716   ComputerName: EV
2011/05/07 18:18:08.0796 0716   UserName: Evelyn
2011/05/07 18:18:08.0796 0716   Windows directory: C:\WINDOWS
2011/05/07 18:18:08.0796 0716   System windows directory: C:\WINDOWS
2011/05/07 18:18:08.0796 0716   Processor architecture: Intel x86
2011/05/07 18:18:08.0796 0716   Number of processors: 1
2011/05/07 18:18:08.0796 0716   Page size: 0x1000
2011/05/07 18:18:08.0796 0716   Boot type: Normal boot
2011/05/07 18:18:08.0796 0716   ================================================================================
2011/05/07 18:18:08.0968 0716   Initialize success
2011/05/07 18:18:22.0468 2388   ================================================================================
2011/05/07 18:18:22.0468 2388   Scan started
2011/05/07 18:18:22.0468 2388   Mode: Manual;
2011/05/07 18:18:22.0468 2388   ================================================================================
2011/05/07 18:18:24.0265 2388   ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/07 18:18:24.0343 2388   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/07 18:18:24.0484 2388   aeaudio         (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/07 18:18:24.0578 2388   aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/07 18:18:24.0656 2388   afcdp           (4fa0ca536dab995baf48bd41b4e2ed00) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2011/05/07 18:18:24.0734 2388   AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/07 18:18:25.0062 2388   Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/07 18:18:25.0281 2388   AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/07 18:18:25.0375 2388   atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/07 18:18:25.0484 2388   Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/07 18:18:25.0609 2388   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/07 18:18:25.0718 2388   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/07 18:18:25.0828 2388   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/07 18:18:25.0953 2388   CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/07 18:18:26.0062 2388   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/07 18:18:26.0125 2388   Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/07 18:18:26.0187 2388   Cdrom           (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/07 18:18:26.0328 2388   CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/07 18:18:26.0421 2388   Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/07 18:18:26.0656 2388   Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/07 18:18:26.0750 2388   dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/07 18:18:26.0843 2388   dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/07 18:18:26.0890 2388   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/07 18:18:26.0968 2388   DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/07 18:18:27.0031 2388   drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/07 18:18:27.0109 2388   elagopro        (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
2011/05/07 18:18:27.0171 2388   elaunidr        (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
2011/05/07 18:18:27.0250 2388   Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/07 18:18:27.0312 2388   Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/07 18:18:27.0359 2388   Fips            (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/07 18:18:27.0406 2388   Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/07 18:18:27.0468 2388   FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/07 18:18:27.0546 2388   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/07 18:18:27.0593 2388   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/07 18:18:27.0640 2388   Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/07 18:18:27.0718 2388   HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/07 18:18:27.0812 2388   HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/07 18:18:27.0890 2388   HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/07 18:18:27.0937 2388   HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/07 18:18:28.0000 2388   HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/07 18:18:28.0171 2388   i8042prt        (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/07 18:18:28.0265 2388   ialm            (f159a2aaf79d8fe6c7a77a8b3de92581) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/07 18:18:28.0375 2388   Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/07 18:18:28.0500 2388   IntelIde        (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/07 18:18:28.0531 2388   intelppm        (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/07 18:18:28.0609 2388   Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/07 18:18:28.0671 2388   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/07 18:18:28.0734 2388   IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/07 18:18:28.0812 2388   IpNat           (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/07 18:18:28.0890 2388   IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/07 18:18:28.0968 2388   IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/07 18:18:29.0062 2388   isapnp          (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/07 18:18:29.0109 2388   Kbdclass        (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/07 18:18:29.0187 2388   kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/07 18:18:29.0250 2388   KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/07 18:18:29.0453 2388   LVcKap          (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/05/07 18:18:29.0640 2388   LVMVDrv         (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/05/07 18:18:29.0765 2388   LVPr2Mon        (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/05/07 18:18:29.0828 2388   LVUSBSta        (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/05/07 18:18:29.0906 2388   MidiSyn         (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
2011/05/07 18:18:29.0968 2388   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/07 18:18:30.0031 2388   Modem           (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/07 18:18:30.0078 2388   Mouclass        (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/07 18:18:30.0125 2388   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/07 18:18:30.0171 2388   MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/07 18:18:30.0281 2388   MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/07 18:18:30.0375 2388   MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/07 18:18:30.0453 2388   Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/07 18:18:30.0531 2388   MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/07 18:18:30.0578 2388   MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/07 18:18:30.0640 2388   MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/07 18:18:30.0703 2388   mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/07 18:18:30.0765 2388   MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/07 18:18:30.0843 2388   Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/07 18:18:30.0906 2388   NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/07 18:18:30.0984 2388   NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/07 18:18:31.0031 2388   NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/07 18:18:31.0093 2388   NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/07 18:18:31.0156 2388   Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/07 18:18:31.0203 2388   NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/07 18:18:31.0265 2388   NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/07 18:18:31.0328 2388   NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/07 18:18:31.0390 2388   NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/07 18:18:31.0515 2388   NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/07 18:18:31.0593 2388   Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/07 18:18:31.0687 2388   Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/07 18:18:31.0796 2388   NuidFltr        (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/05/07 18:18:31.0890 2388   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/07 18:18:31.0937 2388   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/07 18:18:31.0984 2388   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/07 18:18:32.0046 2388   ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/07 18:18:32.0140 2388   Parport         (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/07 18:18:32.0218 2388   PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/07 18:18:32.0265 2388   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/07 18:18:32.0343 2388   PCI             (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/07 18:18:32.0437 2388   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/05/07 18:18:32.0484 2388   Pcmcia          (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/07 18:18:32.0718 2388   pepifilter      (0896002d1efcd08859a41c9db34ad84c) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/05/07 18:18:32.0968 2388   PID_PEPI        (a7598e897da639e255ad4188fa398478) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/05/07 18:18:33.0109 2388   PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/07 18:18:33.0171 2388   PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/07 18:18:33.0234 2388   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/07 18:18:33.0500 2388   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/07 18:18:33.0593 2388   Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/07 18:18:33.0625 2388   RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/07 18:18:33.0687 2388   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/07 18:18:33.0765 2388   Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/07 18:18:33.0812 2388   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/07 18:18:33.0921 2388   RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/07 18:18:34.0015 2388   redbook         (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/07 18:18:34.0125 2388   rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/05/07 18:18:34.0234 2388   sdbus           (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/07 18:18:34.0312 2388   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/07 18:18:34.0406 2388   senfilt         (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys
2011/05/07 18:18:34.0500 2388   Serial          (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/07 18:18:34.0625 2388   Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/07 18:18:34.0750 2388   SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/07 18:18:34.0843 2388   smwdm           (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/07 18:18:34.0906 2388   snapman         (4f7ed0c2f594f1b8e9cafab21eb86126) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/05/07 18:18:35.0000 2388   SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/07 18:18:35.0109 2388   splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/07 18:18:35.0187 2388   sr              (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/07 18:18:35.0281 2388   Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/07 18:18:35.0375 2388   streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/07 18:18:35.0421 2388   swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/07 18:18:35.0484 2388   swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/07 18:18:35.0640 2388   sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/07 18:18:35.0718 2388   tbhsd           (f03ed3bf512be849daa1f6131eb50fb4) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/05/07 18:18:35.0781 2388   Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/07 18:18:35.0843 2388   TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/07 18:18:35.0937 2388   tdrpman258      (8de3e45000ba8c9ebb16737d3f83e216) C:\WINDOWS\system32\DRIVERS\tdrpm258.sys
2011/05/07 18:18:36.0062 2388   TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/07 18:18:36.0125 2388   TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/07 18:18:36.0218 2388   tifsfilter      (6dcb8ddb481cd3c40fa68593723b4d89) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/05/07 18:18:36.0296 2388   timounter       (3e06987fedbcdfbff8e85ef8108565f9) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/05/07 18:18:36.0437 2388   Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/07 18:18:36.0531 2388   Update          (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/07 18:18:36.0625 2388   usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/07 18:18:36.0687 2388   usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/07 18:18:36.0750 2388   usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/07 18:18:36.0812 2388   usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/07 18:18:36.0906 2388   usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/07 18:18:36.0984 2388   usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/07 18:18:37.0062 2388   USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/07 18:18:37.0109 2388   usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/07 18:18:37.0171 2388   VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/07 18:18:37.0312 2388   VolSnap         (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/07 18:18:37.0515 2388   w29n51          (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/05/07 18:18:37.0703 2388   Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/07 18:18:37.0796 2388   Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/07 18:18:37.0953 2388   wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/07 18:18:38.0109 2388   WmiAcpi         (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/07 18:18:38.0218 2388   WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/07 18:18:38.0312 2388   WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/07 18:18:38.0375 2388   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/07 18:18:38.0437 2388   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/07 18:18:38.0656 2388   ================================================================================
2011/05/07 18:18:38.0656 2388   Scan finished
2011/05/07 18:18:38.0656 2388   ================================================================================


------------------------------------------------------------------------------------------------------

Thank you again, I really appreciate all of your help!
Title: Massive Infection, can't get online
Post by: guestolo on May 07, 2011, 05:22:12 PM
Don't worry about Extras.txt at the moment
Can you run one more scanner for me please
Then we'll wrap up updating some of your software

Using Firefox, go to the following link
[color="#0000FF"]ESET Online Scanner[/color] (http://"http://www.eset.com/onlinescan/")[/url]

Click on the Button "Eset Online Scanner"
A new window will open, Download and save to your desktop
esetsmartinstaller_enu.exe

Double click on 'esetsmartinstaller_enu.exe' to run it
Put a tick in "Yes, I accept the Terms of Use" then click START

Eset will download components
When done click START again

Downloading of Virus signature database will begin
Depending on your connection speed, this can take awhile
When complete the scan will start
This scan can take some time, so be patient

Once the scan is completed, you may close the window
   
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
Copy and paste that log as a reply to this topic
Title: Massive Infection, can't get online
Post by: mickapoo on May 07, 2011, 07:33:33 PM
Here is the log from the Eset Online Scanner. When it was done scanning it said it found 8 infected objects.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=b48cd2e5d7712b48a44738a6b83b8de6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-08 12:26:08
# local_time=2011-05-07 08:26:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1028 16777190 0 5 0 49138473 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=115145
# found=8
# cleaned=8
# scan_time=6484
C:\Qoobox\Quarantine\C\Documents and Settings\Evelyn\Application Data\3F061CC943DE27FE7096EC0ACAF3F839\enemies-names.txt.vir   Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\atapi.sys.vir   Win32/Olmarik.ZC trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{8B080C91-E883-4AFA-8349-C1FA433AD331}\RP343\A0044474.dll   a variant of Win32/Kryptik.MYV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{8B080C91-E883-4AFA-8349-C1FA433AD331}\RP343\A0044475.exe   a variant of Win32/Kryptik.NIT trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{8B080C91-E883-4AFA-8349-C1FA433AD331}\RP346\A0045923.exe   a variant of Win32/Injector.GET trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\_OTL\MovedFiles\05072011_171042\C_Documents and Settings\Evelyn\null0.6659107411444707.exe   a variant of Win32/Injector.GET trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\_OTL\MovedFiles\05072011_171042\C_WINDOWS\ogatezezuquj.dll   a variant of Win32/Kryptik.NKL trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\_OTL\MovedFiles\05082010_174318\C_WINDOWS\System32\hpzcon12D.dll   a variant of Win32/Kryptik.JJR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
Title: Massive Infection, can't get online
Post by: guestolo on May 08, 2011, 10:23:17 AM
I didn't have you run this tool, but I see you have run it in the past
Download ComboFix from the following location

[color="#0000FF"]Link 1[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
Save it ONLY to your Desktop

      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]



[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

NOTE: I see no AntiVirus software installed, I believe you asked about it earlier, what AV did you have in mind to replace AVG?
Is this a legit copy of XP?
P.S. Thank you for the donation, much appreciated  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Title: Massive Infection, can't get online
Post by: mickapoo on May 08, 2011, 12:08:01 PM
Yes, XP is 100% legit. Regarding an antivirus program, is there a free program you can recommend that would use less resources than AVG?


ComboFix 11-05-07.03 - Evelyn 05/08/2011  12:37:12.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1014.408 [GMT -4:00]
Running from: c:\documents and settings\Evelyn\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Evelyn\Local Settings\Application Data\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}
c:\documents and settings\Evelyn\Local Settings\Application Data\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}\chrome.manifest
c:\documents and settings\Evelyn\Local Settings\Application Data\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}\chrome\content\_cfg.js
c:\documents and settings\Evelyn\Local Settings\Application Data\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}\chrome\content\overlay.xul
c:\documents and settings\Evelyn\Local Settings\Application Data\{392AD5F1-178C-42E4-B43D-B75C2D07B49B}\install.rdf
c:\documents and settings\Evelyn\TheBestSpinner.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-08 to 2011-05-08  )))))))))))))))))))))))))))))))
.
.
2011-05-07 22:31 . 2011-05-07 22:31   --------   d-----w-   c:\program files\ESET
2011-05-07 14:13 . 2011-05-07 14:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-05-06 18:06 . 2011-05-07 21:37   --------   d-----w-   c:\documents and settings\Evelyn\Application Data\Dropbox
2011-05-06 13:15 . 2011-05-06 13:15   --------   d-----w-   c:\documents and settings\Evelyn\Application Data\AVG10
2011-05-06 13:08 . 2011-05-06 13:08   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2011-05-06 12:57 . 2011-05-06 13:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-04-24 04:55 . 2011-04-24 04:55   398760   ----a-r-   c:\windows\system32\cpnprt2.cid
2011-04-24 02:08 . 2011-04-24 02:09   --------   d-----w-   c:\program files\SEO PowerSuite
2011-04-24 02:08 . 2011-04-24 02:07   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-04-24 02:08 . 2011-04-24 02:07   410984   ----a-w-   c:\windows\system32\deploytk.dll
2011-04-14 07:39 . 2011-04-14 07:39   103864   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-11 18:56 . 2011-04-11 18:56   --------   d-----w-   c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((   SnapShot@2010-05-08_22.56.47   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02   51008              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19   54272              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   59728              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   42832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   43344              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   61264              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   62800              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   61760              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   53568              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   63296              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   36688              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02   35648              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   62976              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   46080              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   46592              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   64512              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   66048              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   65024              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   65024              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   56832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   66560              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   39936              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05   38912              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-06-26 23:10 . 2009-06-26 23:10   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90u.dll
+ 2009-06-26 23:10 . 2009-06-26 23:10   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-12 00:54 . 2009-07-12 00:54   65536              c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 05:07 . 2009-07-12 05:07   57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 05:19 . 2009-07-12 05:19   69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   21880              c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2011-05-07 21:33 . 2011-05-07 21:33   16384              c:\windows\Temp\Perflib_Perfdata_7e4.dat
+ 2011-05-07 21:33 . 2011-05-07 21:33   16384              c:\windows\Temp\Perflib_Perfdata_1d0.dat
+ 2007-11-13 11:31 . 2010-04-21 13:28   46080              c:\windows\system32\tzchange.exe
- 2007-11-13 11:31 . 2010-01-23 08:11   46080              c:\windows\system32\tzchange.exe
+ 2008-03-28 08:00 . 2009-01-07 22:21   26144              c:\windows\system32\spupdsvc.exe
- 2008-03-28 08:00 . 2009-01-07 23:21   26144              c:\windows\system32\spupdsvc.exe
+ 2009-08-07 00:44 . 2009-01-07 22:20   16928              c:\windows\system32\spmsg.dll
- 2009-08-07 00:44 . 2009-01-07 23:20   16928              c:\windows\system32\spmsg.dll
+ 2010-03-18 15:09 . 2010-03-18 15:09   99176              c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-04 12:00 . 2009-03-08 08:31   46592              c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2009-03-08 09:31   46592              c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2011-05-06 13:23   84844              c:\windows\system32\perfc009.dat
- 2006-06-29 12:05 . 2009-01-07 23:20   23552              c:\windows\system32\normaliz.dll
+ 2006-06-29 12:05 . 2009-01-07 22:20   23552              c:\windows\system32\normaliz.dll
- 2006-06-28 21:59 . 2009-01-07 23:20   24576              c:\windows\system32\nlsdl.dll
+ 2006-06-28 21:59 . 2009-01-07 22:20   24576              c:\windows\system32\nlsdl.dll
+ 2010-03-18 15:09 . 2010-03-18 15:09   49488              c:\windows\system32\netfxperf.dll
+ 2009-11-12 01:06 . 2009-11-12 01:06   11600              c:\windows\system32\mui\0409\mscorees.dll
- 2004-08-04 12:00 . 2009-03-08 09:31   48128              c:\windows\system32\mshtmler.dll
+ 2004-08-04 12:00 . 2009-03-08 08:31   48128              c:\windows\system32\mshtmler.dll
- 2004-08-04 12:00 . 2009-03-08 09:31   66560              c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2009-03-08 08:31   66560              c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2009-03-08 09:31   45568              c:\windows\system32\mshta.exe
+ 2004-08-04 12:00 . 2009-03-08 08:31   45568              c:\windows\system32\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31   13312              c:\windows\system32\msfeedssync.exe
- 2009-03-08 09:31 . 2009-03-08 09:31   13312              c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31   55296              c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2010-02-25 06:24   55296              c:\windows\system32\msfeedsbs.dll
+ 2003-03-19 00:44 . 2003-03-19 00:44   49152              c:\windows\system32\MFC71KOR.DLL
+ 2003-03-19 00:44 . 2003-03-19 00:44   49152              c:\windows\system32\MFC71JPN.DLL
+ 2003-03-19 00:44 . 2003-03-19 00:44   61440              c:\windows\system32\MFC71ITA.DLL
+ 2003-03-19 00:44 . 2003-03-19 00:44   61440              c:\windows\system32\MFC71FRA.DLL
+ 2003-03-19 00:44 . 2003-03-19 00:44   61440              c:\windows\system32\MFC71ESP.DLL
+ 2003-03-19 02:44 . 2003-03-19 02:44   57344              c:\windows\system32\MFC71ENU.DLL
+ 2003-03-19 00:44 . 2003-03-19 00:44   65536              c:\windows\system32\MFC71DEU.DLL
+ 2003-03-19 00:44 . 2003-03-19 00:44   45056              c:\windows\system32\MFC71CHT.DLL
+ 2003-03-19 00:44 . 2003-03-19 00:44   40960              c:\windows\system32\MFC71CHS.DLL
- 2004-08-04 12:00 . 2009-03-08 09:34   43008              c:\windows\system32\licmgr10.dll
+ 2004-08-04 12:00 . 2009-03-08 08:34   43008              c:\windows\system32\licmgr10.dll
- 2004-08-04 12:00 . 2010-02-25 06:24   25600              c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-03-08 08:33   25600              c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-03-08 08:32   94720              c:\windows\system32\inseng.dll
- 2004-08-04 12:00 . 2009-03-08 09:32   94720              c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2009-03-08 08:31   34816              c:\windows\system32\imgutil.dll
- 2004-08-04 12:00 . 2009-03-08 09:31   34816              c:\windows\system32\imgutil.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32   36864              c:\windows\system32\ieudinit.exe
- 2007-08-13 22:39 . 2009-03-08 09:32   36864              c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2009-03-08 08:32   71680              c:\windows\system32\iesetup.dll
- 2004-08-04 12:00 . 2009-03-08 09:32   71680              c:\windows\system32\iesetup.dll
+ 2004-08-04 12:00 . 2009-03-08 08:32   55808              c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2009-03-08 09:32   55808              c:\windows\system32\iernonce.dll
+ 2006-06-29 12:05 . 2009-01-07 22:20   26112              c:\windows\system32\idndl.dll
- 2006-06-29 12:05 . 2009-01-07 23:20   26112              c:\windows\system32\idndl.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31   59904              c:\windows\system32\icardie.dll
- 2009-03-08 09:31 . 2009-03-08 09:31   59904              c:\windows\system32\icardie.dll
+ 2003-12-09 17:58 . 2003-12-09 17:58   28672              c:\windows\system32\hpzjfw01.dll
+ 2005-02-17 12:40 . 2005-02-17 12:40   73728              c:\windows\system32\HPTcpMib.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36   55808              c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2009-12-22 05:42   55808              c:\windows\system32\extmgr.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   70472              c:\windows\system32\dxva2.dll
- 2010-05-08 22:01 . 2010-04-29 19:39   38224              c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-05-08 22:01 . 2010-12-20 22:09   38224              c:\windows\system32\drivers\mbamswissarmy.sys
- 2010-05-08 22:01 . 2010-04-29 19:39   20952              c:\windows\system32\drivers\mbam.sys
+ 2010-05-08 22:01 . 2010-12-20 22:08   20952              c:\windows\system32\drivers\mbam.sys
- 2004-08-04 12:00 . 2009-03-08 09:31   46592              c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-03-08 08:31   46592              c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00 . 2009-03-08 09:31   48128              c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00 . 2009-03-08 08:31   48128              c:\windows\system32\dllcache\mshtmler.dll
- 2004-08-04 12:00 . 2009-03-08 09:31   66560              c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-03-08 08:31   66560              c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2009-03-08 09:31   45568              c:\windows\system32\dllcache\mshta.exe
+ 2004-08-04 12:00 . 2009-03-08 08:31   45568              c:\windows\system32\dllcache\mshta.exe
+ 2008-09-16 07:20 . 2009-03-08 08:31   55296              c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-09-16 07:20 . 2010-02-25 06:24   55296              c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 12:00 . 2009-03-08 09:34   43008              c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2009-03-08 08:34   43008              c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2010-02-25 06:24   25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-03-08 08:33   25600              c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2009-03-08 09:32   94720              c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2009-03-08 08:32   94720              c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 12:00 . 2009-03-08 09:31   34816              c:\windows\system32\dllcache\imgutil.dll
+ 2004-08-04 12:00 . 2009-03-08 08:31   34816              c:\windows\system32\dllcache\imgutil.dll
- 2004-08-04 12:00 . 2009-03-08 09:32   71680              c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 12:00 . 2009-03-08 08:32   71680              c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 12:00 . 2009-03-08 08:32   55808              c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 12:00 . 2009-03-08 09:32   55808              c:\windows\system32\dllcache\iernonce.dll
+ 2008-03-25 04:58 . 2010-04-16 13:36   18432              c:\windows\system32\dllcache\iedw.exe
- 2008-03-25 04:58 . 2009-12-16 12:57   18432              c:\windows\system32\dllcache\iedw.exe
- 2008-09-16 07:20 . 2009-03-08 09:31   59904              c:\windows\system32\dllcache\icardie.dll
+ 2008-09-16 07:20 . 2009-03-08 08:31   59904              c:\windows\system32\dllcache\icardie.dll
- 2008-03-25 04:58 . 2009-03-08 09:24   68608              c:\windows\system32\dllcache\hmmapi.dll
+ 2008-03-25 04:58 . 2009-03-08 08:24   68608              c:\windows\system32\dllcache\hmmapi.dll
- 2004-08-04 12:00 . 2009-12-22 05:42   55808              c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36   55808              c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 12:00 . 2009-03-08 09:33   18944              c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 12:00 . 2009-03-08 08:33   18944              c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 12:00 . 2010-03-05 14:57   65536              c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 12:00 . 2009-03-08 08:32   72704              c:\windows\system32\dllcache\admparse.dll
- 2004-08-04 12:00 . 2009-03-08 09:32   72704              c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 12:00 . 2009-03-08 08:33   18944              c:\windows\system32\corpol.dll
- 2004-08-04 12:00 . 2009-03-08 09:33   18944              c:\windows\system32\corpol.dll
+ 2003-03-19 01:05 . 2003-03-19 01:05   89088              c:\windows\system32\atl71.dll
+ 2004-08-04 12:00 . 2010-03-05 14:57   65536              c:\windows\system32\asycfilt.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   17760              c:\windows\system32\aspnet_counters.dll
- 2004-08-04 12:00 . 2009-03-08 09:32   72704              c:\windows\system32\admparse.dll
+ 2004-08-04 12:00 . 2009-03-08 08:32   72704              c:\windows\system32\admparse.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   97624              c:\windows\Microsoft.NET\Framework\v4.0.30319\XamlBuildTask.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   87408              c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   93024              c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   35688              c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   17784              c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   58240              c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   67912              c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   31576              c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   14160              c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   69960              c:\windows\Microsoft.NET\Framework\v4.0.30319\TLBREF.DLL
+ 2010-03-18 21:47 . 2010-03-18 21:47   29544              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.Hosting.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   70040              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   24928              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Routing.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   81272              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.RegularExpressions.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   33144              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.Design.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   93576              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.Design.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   44920              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   24944              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Abstractions.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   28024              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   12168              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   37240              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   95592              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Caching.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   64352              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   45952              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   86888              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.Design.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   51032              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   50552              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   81784              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   81800              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   39784              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   68952              c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58   96088              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16   78152              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16   18776              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   14168              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18776              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   14168              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   17752              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   17752              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   17752              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   19288              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   15192              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   15704              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18776              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   16728              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18776              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   17240              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   19288              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18776              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   14168              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   17240              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1025\SetupResources.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58   96088              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16   78152              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16   18776              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   14168              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18776              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   14168              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   17752              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   17752              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   17752              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   19288              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   15192              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   15704              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18776              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   16728              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18776              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   17240              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   19288              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18776              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   18264              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   14168              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16   17240              c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   17256              c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   58192              c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   32592              c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   52040              c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   21336              c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   56656              c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   27984              c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   15184              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsn.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   40784              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   20816              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   96592              c:\windows\Microsoft.NET\Framework\v4.0.30319\MmcAspExt.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   21880              c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47   40304              c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.STLCLR.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   12128              c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   97680              c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   38784              c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   67968              c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   36168              c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   78168              c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   58200              c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   27992              c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   42312              c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   84296              c:\windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   11592              c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   88904              c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   60248              c:\windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   31048              c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   81248              c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   44368              c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   95048              c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47   32592              c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47   35160              c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47   30040              c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47   19808              c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47   78160              c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   30040              c:\windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   14168              c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   24408              c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   30048              c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   29008              c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   29528              c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   29016              c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   17240              c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47   11608              c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\FileTrackerUI.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   10064              c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   24400              c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48   32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-29 23:16 . 2008-07-29 23:16   32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31   30544              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   13648              c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16   86864              c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2011-01-29 23:41 . 2011-01-29 23:41   97624              c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2011-01-29 23:36 . 2011-01-29 23:36   87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-01-29 23:36 . 2011-01-29 23:36   93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-01-29 23:36 . 2011-01-29 23:36   35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   29544              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2011-01-29 23:36 . 2011-01-29 23:36   17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-01-29 23:36 . 2011-01-29 23:36   58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   70040              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   24928              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   81272              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   33144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   93576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   24944              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   28024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   12168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   95592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   86888              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   21880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2011-01-29 23:35 . 2011-01-29 23:35   12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-01-29 23:40 . 2011-01-29 23:40   40304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-01-29 23:41 . 2011-01-29 23:41   67968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-01-29 23:35 . 2011-01-29 23:35   81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-05-02 03:43 . 2011-05-02 03:43   21504              c:\windows\Installer\63166958.msi
+ 2011-02-04 19:27 . 2011-02-04 19:27   22016              c:\windows\Installer\1dd91453.msi
+ 2011-02-04 19:26 . 2011-02-04 19:26   22528              c:\windows\Installer\1dd91449.msi
+ 2011-04-11 18:56 . 2011-04-11 18:56   38400              c:\windows\Installer\19026765.msi
+ 2010-05-19 11:36 . 2010-05-19 11:36   25214              c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-09-14 19:10 . 2010-09-14 19:10   10134              c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
+ 2010-09-14 19:10 . 2010-09-14 19:10   10134              c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2010-09-14 19:09 . 2010-09-14 19:09   10134              c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2008-03-27 18:54 . 2010-06-19 22:02   23040              c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-27 18:54 . 2010-04-15 07:16   23040              c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-27 18:54 . 2010-04-15 07:16   61440              c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-03-27 18:54 . 2010-06-19 22:02   61440              c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-27 18:54 . 2010-04-15 07:16   27136              c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-27 18:54 . 2010-06-19 22:02   27136              c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-27 18:54 . 2010-04-15 07:16   11264              c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-27 18:54 . 2010-06-19 22:02   11264              c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-27 18:54 . 2010-06-19 22:02   12288              c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-27 18:54 . 2010-04-15 07:16   12288              c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-04-15 07:17 . 2010-04-15 07:17   38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-19 22:01 . 2010-06-19 22:01   38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-04-11 18:57 . 2011-04-11 18:57   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-14 19:10 . 2010-09-14 19:10   10134              c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2010-09-26 00:42 . 2010-09-26 00:42   25214              c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-02-04 19:27 . 2011-02-04 19:27   10134              c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
+ 2010-09-14 19:09 . 2010-09-14 19:09   10134              c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2010-09-14 19:10 . 2010-09-14 19:10   10134              c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2010-09-23 08:47 . 2010-09-23 08:47   35760              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 07:03 . 2010-09-23 07:03   99776              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-23 06:52 . 2010-09-23 06:52   27048              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-22 22:12 . 2010-09-22 22:12   15800              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2010-08-13 12:35 . 2004-08-04 12:00   37888              c:\windows\ie8\url.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   37888              c:\windows\ie8\url.dll
- 2010-02-20 00:21 . 2009-03-08 19:23   58464              c:\windows\ie8\spuninst\iecustom.dll
+ 2010-08-13 12:36 . 2009-03-08 18:23   58464              c:\windows\ie8\spuninst\iecustom.dll
- 2010-02-20 00:20 . 2009-12-22 05:42   39424              c:\windows\ie8\pngfilt.dll
+ 2010-08-13 12:35 . 2010-04-16 15:36   39424              c:\windows\ie8\pngfilt.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   96256              c:\windows\ie8\occache.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   96256              c:\windows\ie8\occache.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   56832              c:\windows\ie8\mshtmler.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   56832              c:\windows\ie8\mshtmler.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   29184              c:\windows\ie8\mshta.exe
+ 2010-08-13 12:35 . 2004-08-04 12:00   29184              c:\windows\ie8\mshta.exe
- 2010-02-20 00:20 . 2010-01-05 10:00   52224              c:\windows\ie8\msfeedsbs.dll
+ 2010-08-13 12:35 . 2010-01-05 10:00   52224              c:\windows\ie8\msfeedsbs.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   22016              c:\windows\ie8\licmgr10.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   22016              c:\windows\ie8\licmgr10.dll
+ 2010-08-13 12:35 . 2010-04-16 15:36   16384              c:\windows\ie8\jsproxy.dll
- 2010-02-20 00:20 . 2009-12-22 05:42   16384              c:\windows\ie8\jsproxy.dll
- 2010-02-20 00:20 . 2009-12-22 05:42   96256              c:\windows\ie8\inseng.dll
+ 2010-08-13 12:35 . 2010-04-16 15:36   96256              c:\windows\ie8\inseng.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   35840              c:\windows\ie8\imgutil.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   35840              c:\windows\ie8\imgutil.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   93184              c:\windows\ie8\iexplore.exe
+ 2010-08-13 12:35 . 2004-08-04 12:00   93184              c:\windows\ie8\iexplore.exe
- 2010-02-20 00:20 . 2004-08-04 12:00   62976              c:\windows\ie8\iesetup.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   62976              c:\windows\ie8\iesetup.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   48640              c:\windows\ie8\iernonce.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   48640              c:\windows\ie8\iernonce.dll
+ 2010-08-13 12:35 . 2010-04-16 15:36   81920              c:\windows\ie8\ieencode.dll
- 2010-02-20 00:20 . 2009-12-22 05:42   81920              c:\windows\ie8\ieencode.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   34304              c:\windows\ie8\ie4uinit.exe
- 2010-02-20 00:20 . 2004-08-04 12:00   34304              c:\windows\ie8\ie4uinit.exe
- 2010-02-20 00:20 . 2010-01-05 10:00   63488              c:\windows\ie8\icardie.dll
+ 2010-08-13 12:35 . 2010-01-05 10:00   63488              c:\windows\ie8\icardie.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   38912              c:\windows\ie8\hmmapi.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   38912              c:\windows\ie8\hmmapi.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   35328              c:\windows\ie8\corpol.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   35328              c:\windows\ie8\corpol.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   99840              c:\windows\ie8\advpack.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   99840              c:\windows\ie8\advpack.dll
- 2010-02-20 00:20 . 2004-08-04 12:00   61440              c:\windows\ie8\admparse.dll
+ 2010-08-13 12:35 . 2004-08-04 12:00   61440              c:\windows\ie8\admparse.dll
+ 2011-01-30 00:27 . 2011-01-30 00:27   96768              c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
+ 2011-01-30 00:30 . 2011-01-30 00:30   54784              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\70c840dc13aae2e1323b13d7b27030ae\System.Xaml.Hosting.ni.dll
+ 2011-01-30 00:31 . 2011-01-30 00:31   35328              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll
+ 2011-01-30 00:30 . 2011-01-30 00:30   24064              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\9484262c4f1cfaace92aa9d1fee76025\System.Web.Routing.ni.dll
+ 2011-01-30 00:30 . 2011-01-30 00:30   46592              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\569a7210fae634e8827a1bd805922540\System.Web.DynamicData.Design.ni.dll
+ 2011-01-30 00:27 . 2011-01-30 00:27   71680              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll
+ 2011-01-30 00:30 . 2011-01-30 00:30   24576              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\0d2eb147f2b4b13af1141810688e2d5f\System.Web.Abstractions.ni.dll
+ 2011-01-30 00:30 . 2011-01-30 00:30   82432              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
+ 2011-01-30 00:30 . 2011-01-30 00:30   12288              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2ac3fd2abc9bb5eab553ef8e44ca77ca\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2011-01-30 00:27 . 2011-01-30 00:27   78848              c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\5c87f21925d5a61059ee68cef72841f4\System.AddIn.Contract.ni.dll
+ 2011-01-30 00:26 . 2011-01-30 00:26   37376              c:\windows\assembly\NativeImages_v4.0.
Title: Massive Infection, can't get online
Post by: guestolo on May 08, 2011, 01:20:09 PM
I still see remnants of AVG
Can you do the following
Download and save to desktop AVG remover(32bit) from the following link
http://www.avg.com/us-en/download-tools

Run the removal tool, reboot the computer afterwards
Back in Windows
I see you only have Service pack 2 for Windows installed, is there a reason for this?
SP3 has been out for some time
Can you let me know which processor you have, Intel or Athlon
Right click on MyComputer and choose Properties, that should give you the info

In addition:
Download Security Check by screen317 from here (http://"http://screen317.spywareinfoforum.org/SecurityCheck.exe") or here (http://"http://screen317.changelog.fr/SecurityCheck.exe").
Title: Massive Infection, can't get online
Post by: mickapoo on May 09, 2011, 06:10:27 AM
[quote name='guestolo' date='08 May 2011 - 02:20 PM' timestamp='1304878809' post='479230']
I still see remnants of AVG
Can you do the following
Download and save to desktop AVG remover(32bit) from the following link
http://www.avg.com/us-en/download-tools

Run the removal tool, reboot the computer afterwards
[/quote]

I'll download and run it again, but the removal tool is what I used last Thursday night. I initially tried uninstalling it through the Add & Remove Programs, but kept getting an error. Anyway, I'll try it again.

No real reason, (other than just plain ignorance), I just didn't know I needed to install SP3. I have an Intel processor.
Title: Massive Infection, can't get online
Post by: mickapoo on May 09, 2011, 07:33:27 AM
Here is checkup.txt:

 Results of screen317's Security Check version 0.99.10  
 Windows XP Service Pack 2  
 Out of date service pack!! (http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3)
 Internet Explorer 8  
``````````````````````````````
Antivirus/Firewall Check:
 ESET Online Scanner v3  
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware    
 HijackThis 2.0.2    
 CCleaner (remove only)  
 Java(TM) 6 Update 13  
 Out of date Java installed!
 Adobe Flash Player    10.2.153.1  
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
 Mozilla Firefox (3.5.19) Firefox Out of Date!  
````````````````````````````````
Process Check:  
objlist.exe by Laurent
``````````End of Log````````````
Title: Massive Infection, can't get online
Post by: guestolo on May 09, 2011, 11:22:08 PM
Open up your copy of Adobe Reader, click on HELP>>Check for Updates
Download and install any update found
Keep rechecking for updates till you have them all

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe (http://"http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe")
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).
3. Double-click on the file you've downloaded to uninstall Flash.
Delete the uninstaller
we'll update it in a bit

Keep all browser windows closed
Access your Add/Remove Programs and uninstall older version of Java
Remove Java™ 6 Update 13

Restart the computer afterwards
Back in Windows
Let's update Adobe Flash
Go to the following link
http://get.adobe.com/flashplayer/otherversions/

Choose operating system and version
Note: Do this procedure twice and get both
"Flash player for IE" then "Flash player for other browsers"
Save the installers to desktop
Untick the selections for 'Google toolbar' or 'McAfee Security Scan' if it is an option
Close browser windows, then install both
install_flash_player_ax.exe and install_flash_player.exe

Let's now update Sun Java
NOTE: Java installs a Quick starter service that is not really required, you can disable this after every update by the following:
Open Windows Control Panel and open the Java icon
Click on 'Advanced' >>Expand (+) on Miscellaneous
Untick "Java Quick Starter"
Apply and OK out of there

Restart the computer to set.

if you have a fast Internet connection
Download and save to desktop Service pack 3 from the following location>>>> http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en
After you have it saved to desktop
If you have installed an AntiVirus, temporarily disable it, if no AV installed yet
Go ahead and install SP3, it can take a bit of time, so be patient

After the installation of SP3, and a restart of the computer
Ensure you visit Windows Updates from the following link using Internet Explorer
http://windowsupdate.microsoft.com/
Do and Express Scan
ONLY install the High Priority updates
Keep rechecking Windows updates till you have all High priority updates installed
Don't worry about recommended updates, your after the High Priority only
NOTE: Probably a good idea to leave Automatic Updates set to Automatic in the future, as you were/are way behind

After a final restart of the computer
I would take the time to run CCleaner and do a Disk Defragment of your C: drive
Try to refrain from too much browsing or downloading on the internet till the above and the next step is done


Finally, why not try installing the AntiVirus from Microsoft
You can get Microsoft Security Essentials from the following link
http://www.microsoft.com/en-us/security_essentials/default.aspx

After installation, ensure it's right updated and then I would take the time to do a Full system scan
It can take some time, but worth it
By default, MSE will set to scan a Quick Scan once per week

When all the above is done, can you please come back one last time
Run OTL.exe and do a Quick Scan, don't worry about Extra Registry
Post the log that opens, tell me how things are now running
Title: Massive Infection, can't get online
Post by: mickapoo on May 18, 2011, 11:51:07 AM
Sorry for the delay. I had two more servers get infected with malware. Ok, so I'm following your instructions above and am down to the part where I am installing the Windows updates. One of the updates was, "Windows Malicious Software Removal Tool - May 2011 (KB890830)"- do you think this is necessary to install?

Also, you had mentioned IF I had a fast internet connection to install Service pack 3. Does this mean if my connection is slow, I should not install SP3?

Thanks again for your continued help.
Title: Massive Infection, can't get online
Post by: guestolo on May 18, 2011, 10:57:10 PM
Please do all my last instructions, Including updating to SP3, you probably have a fast connection

Then let me know how things are then running
Title: Massive Infection, can't get online
Post by: mickapoo on May 22, 2011, 09:10:40 AM
This what I have done so far from your instructions above:

Installed Windows Updates (from http://windowsupdate.microsoft.com)
Installed Java SE 6 Update 25 and updated Flash player

I haven't done anything else as far as SP3, or the Windows anti-virus program. The reason being, something from implementing the items above has caused my computer to slow down immensely. I need to try and figure out what of the three things above has slowed it down and if possible, uninstall or reverse the change.

Thank you.
Title: Massive Infection, can't get online
Post by: guestolo on May 22, 2011, 09:27:46 AM
Why not run a Quick Scan with OTL.exe, when it's done scanning, post the log that opens
Title: Massive Infection, can't get online
Post by: mickapoo on July 15, 2011, 09:24:38 AM
[quote name='guestolo' timestamp='1306074466' post='479572']
Why not run a Quick Scan with OTL.exe, when it's done scanning, post the log that opens
[/quote]

Sorry for the long delay...everything seems to be good, other than it is a little slow running at times, but we realize that may be due to the memory and processor (it's getting up there in years /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Here are the results from the OTL.Txt log that opened:


OTL logfile created on: 7/15/2011 10:18:57 AM - Run 8
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Documents and Settings\Evelyn\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.42 Mb Total Physical Memory | 678.89 Mb Available Physical Memory | 66.92% Memory free
2.38 Gb Paging File | 2.16 Gb Available in Paging File | 90.77% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 35.10 Gb Free Space | 37.68% Space Free | Partition Type: NTFS
 
Computer Name: HP-WINDOWSXP | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/07/15 10:18:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
PRC - [2010/06/19 17:27:18 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/03/27 16:07:26 | 000,362,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/07/15 10:18:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011/06/29 17:04:47 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2010/06/19 17:27:18 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/01/06 17:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/06/19 17:27:23 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/06/19 17:27:12 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/06/19 17:27:10 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/19 17:26:59 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/04/04 14:42:24 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/04 11:37:28 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 22:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 21:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/10/11 21:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/26 00:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2005/03/01 12:01:40 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/09/14 12:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Evelyn\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/07/10 20:24:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/07/10 20:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/11/30 21:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/06 14:44:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Firefox\components [2011/06/24 11:05:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011/06/24 10:41:29 | 000,000,000 | ---D | M]
 
[2009/01/07 13:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Extensions
[2011/06/30 07:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions
[2010/09/20 14:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/30 07:45:05 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009/01/29 22:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/10 20:24:55 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/07/10 20:24:55 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/07/10 20:24:56 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
 
O1 HOSTS File: ([2011/05/19 12:01:49 | 000,000,470 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LXBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://mickapoo.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqnbk2/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} http://store02.prostores.com/storeadmin/utilities/pssbedit.cab (SiteBuilderEditor Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Evelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Evelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/25 01:01:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/15 10:18:19 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2011/07/13 23:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\My Documents\Downloads
[2011/07/10 20:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Desktop\Brie's mp3s
[2011/07/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\eMusic
[2011/07/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\eMusic
[2011/07/10 20:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\eMusic Download Manager
[2011/06/30 19:39:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Evelyn\Recent
[2011/06/25 08:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/15 10:18:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2011/07/15 09:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/15 08:48:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/15 08:46:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 22:53:48 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/07/13 07:08:04 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/24 10:41:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2011/02/11 22:07:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\Overdub.ini
[2011/02/11 22:07:33 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\HYSBUAYB.SYS
[2011/02/04 15:45:55 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/10/07 18:33:20 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2010/06/17 17:47:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\PUTTY.RND
[2010/05/08 18:37:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/08 18:37:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/08 18:37:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/08 18:37:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/08 18:37:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/01 20:37:51 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\FEED65
[2009/12/01 20:37:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\mcs.rma
[2009/06/18 20:43:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2009/02/27 15:27:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/01/17 10:50:13 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/06/18 15:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/12 16:13:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/10 10:09:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2008/06/06 11:41:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/27 16:23:46 | 000,006,540 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\PrimoPDFSet.xml
[2008/05/27 16:23:45 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\APUSet.xml
[2008/05/27 16:05:15 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/26 09:07:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll
[2008/04/10 20:12:32 | 000,001,359 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/08 17:51:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/08 17:42:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/04 09:28:10 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/04 09:27:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/03 21:23:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:35:42 | 000,102,236 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2008/03/30 18:52:22 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 19:53:00 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/03/27 19:52:47 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/03/27 19:52:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/27 14:54:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/25 01:03:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 00:58:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/24 16:15:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/24 16:12:21 | 001,441,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,496,526 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,084,844 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 13:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 13:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
 
========== LOP Check ==========
 
[2008/11/04 21:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/06/19 19:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/01/29 17:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/05/06 09:08:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/05 09:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2011/05/06 09:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/03 15:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2009/01/19 14:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/05/31 22:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/10/03 21:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/08 11:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/04 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/04 23:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Acronis
[2009/01/29 17:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Ashampoo
[2008/06/10 08:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\BitZipper
[2011/05/19 21:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\CoreFTP
[2011/05/18 12:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Dropbox
[2010/06/05 09:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\eFax Messenger
[2011/07/10 20:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\eMusic
[2010/02/23 11:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Facebook
[2010/06/17 19:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\FileZilla
[2009/04/04 14:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\GetRightToGo
[2008/03/28 19:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\GlobalSCAPE
[2008/04/03 18:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Helios
[2010/06/05 09:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\j2 Global
[2010/06/14 09:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\JGsoft
[2009/02/03 15:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Nitro PDF
[2011/06/27 05:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Orbit
[2009/01/05 11:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Radmin
[2008/05/24 22:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\SecondLife
[2008/04/12 09:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\Snapfish
[2011/04/03 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/01/05 10:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evelyn\Application Data\TeamViewer

 
========== Purity Check ==========
 
 

< End of report >
Title: Massive Infection, can't get online
Post by: mickapoo on July 17, 2011, 05:02:18 PM
Oh, one other thing I forgot to mention...I notice that when IE loads a page, I see in the taskbar area (I think that is what it is called- down at the bottom of the browser window in lower left corner) it will say, "loading Ad Mountain" or "Loading doubleclick.net".

Thank you.