Here is the OTL log. Just before this finnished my Avira antivirus poped up and said it found somthing and quarantined it i'm pretty sure it said somthing about volsnap.old. When i ran the custom scan of OTL it stated that volsap.old was not found. The Avira found this after the reboot and towards the end of the quick scan.
OTL logfile created on: 6/16/2011 7:08:28 AM - Run 4
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Edward\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:
2.99 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 85.32% Memory free
4.84 Gb Paging File | 4.55 Gb Available in Paging File | 94.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 148.21 Gb Free Space | 63.64% Space Free | Partition Type: NTFS
Computer Name: YOUR-DC8665429C | User Name: Edward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/06/11 22:02:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
PRC - [2011/04/27 20:32:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 21:08:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 15:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/21 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/24 02:49:14 | 000,024,576 | R--- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe
========== Modules (SafeList) ========== MOD - [2011/06/11 22:02:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
MOD - [2008/08/21 08:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 20:32:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 21:08:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/24 02:49:14 | 000,024,576 | R--- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)
========== Driver Services (SafeList) ========== DRV - [2011/03/16 21:08:17 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 15:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/03/10 05:47:01 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/03/10 05:47:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/03/10 05:47:00 | 000,257,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/09/26 23:01:36 | 000,241,628 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/02 02:44:04 | 000,004,772 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2006/07/14 13:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: E:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins
[2009/06/24 21:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Edward\Application Data\Mozilla\Extensions
[2011/06/01 20:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\bjc1ami6.default\extensions
O1 HOSTS File: ([2011/06/16 07:02:37 | 000,618,793 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1
http://www.accuserveadsystem.comO1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1
http://www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1
http://www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16379 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [pdfFactory Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Edward\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Edward\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/13 18:54:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/06/16 07:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Desktop\HostsXpert
[2011/06/16 06:00:14 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Edward\Desktop\tdsskiller.exe
[2011/06/15 17:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\FileMaker
[2011/06/15 17:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\CNS
[2011/06/15 17:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Start Menu\Programs\pdfFactory
[2011/06/15 17:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Start Menu\Programs\Inspector FX
[2011/06/15 17:06:34 | 000,385,024 | ---- | C] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppmon3.dll
[2011/06/15 17:06:34 | 000,282,624 | ---- | C] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppr332.dll
[2011/06/15 17:06:07 | 000,000,000 | ---D | C] -- C:\Inspector FX
[2011/06/12 08:32:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/12 08:32:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/11 22:02:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
[2011/06/11 08:43:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/11 08:41:55 | 004,119,337 | R--- | C] (Swearware) -- C:\Documents and Settings\Edward\Desktop\zzz.exe
[2011/06/05 13:55:05 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\Edward\Desktop\dds.scr
[2011/06/05 13:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Desktop\random
[2011/06/05 09:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2011/06/02 23:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\Downloaded Installations
[2011/06/02 23:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/06/02 23:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\Anti-Malware
[2011/06/02 19:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/02 19:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/02 06:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/02 06:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/01 20:51:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/01 20:50:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/01 20:50:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/01 20:50:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/01 20:50:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/01 20:50:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/01 16:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/06/01 16:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/06/01 16:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\sar_15_sfx
[2011/06/01 08:06:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Edward\Recent
[2011/06/01 07:07:34 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/01 07:07:34 | 000,056,400 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/06/01 00:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\SUPER AntiSpyware Professional 4.51
[2011/06/01 00:05:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/05/31 23:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 23:47:39 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/31 23:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/31 23:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\Malwarebytes Anti-Malware 1.50.1.1100 with serial - Powercrush
[2011/05/31 05:44:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/31 05:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\ResumeMaker2
========== Files - Modified Within 30 Days ========== [2011/06/16 07:08:04 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/16 07:07:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/16 07:06:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/16 07:06:45 | 3210,883,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 07:02:37 | 000,618,793 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/16 07:00:50 | 000,357,766 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\HostsXpert.zip
[2011/06/16 06:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 06:00:18 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Edward\Desktop\tdsskiller.exe
[2011/06/15 17:06:52 | 000,001,434 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Inspector FX 8.5.lnk
[2011/06/15 00:15:43 | 3779,099,639 | ---- | M] () -- C:\Backup.bkf
[2011/06/14 18:15:48 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\SystemLook.exe
[2011/06/13 06:56:18 | 038,041,357 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\ifx_v8.62.0.EXE
[2011/06/12 10:48:55 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\s67wf6ir.exe
[2011/06/12 08:38:59 | 000,368,505 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\MiniToolBox.exe
[2011/06/11 22:02:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
[2011/06/11 08:41:59 | 004,119,337 | R--- | M] (Swearware) -- C:\Documents and Settings\Edward\Desktop\zzz.exe
[2011/06/11 08:39:01 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\rkill.exe
[2011/06/05 13:55:06 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\Edward\Desktop\dds.scr
[2011/06/04 18:49:30 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Edward\My Documents\stinger10101629.opt
[2011/06/03 00:31:37 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Notepad (2).lnk
[2011/06/02 22:22:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/02 19:43:49 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/02 19:43:49 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Spybot - Search & Destroy.lnk
[2011/06/01 20:55:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110602-203914.backup
[2011/06/01 16:58:54 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Sophos Anti-Rootkit.lnk
[2011/06/01 08:01:47 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/01 07:07:34 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/01 07:07:34 | 000,056,400 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/06/01 06:31:20 | 000,001,352 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Shortcut to SUPERAntiSpyware Professional.exe.lnk
[2011/05/31 23:49:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 21:16:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/31 20:40:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
========== Files Created - No Company Name ========== [2011/06/16 07:00:48 | 000,357,766 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\HostsXpert.zip
[2011/06/15 17:06:52 | 000,001,434 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\Inspector FX 8.5.lnk
[2011/06/15 17:05:48 | 038,041,357 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\ifx_v8.62.0.EXE
[2011/06/14 23:05:48 | 3779,099,639 | ---- | C] () -- C:\Backup.bkf
[2011/06/14 18:15:55 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\SystemLook.exe
[2011/06/12 10:48:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\s67wf6ir.exe
[2011/06/12 10:33:22 | 3210,883,072 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/12 08:38:58 | 000,368,505 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\MiniToolBox.exe
[2011/06/11 08:39:00 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\rkill.exe
[2011/06/04 09:25:09 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Edward\My Documents\stinger10101629.opt
[2011/06/02 19:43:49 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/02 19:43:49 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\Spybot - Search & Destroy.lnk
[2011/06/02 18:30:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/01 20:53:44 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/06/01 20:53:44 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2011/06/01 20:53:44 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/01 20:53:44 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/01 20:53:43 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/06/01 20:53:43 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2011/06/01 20:53:43 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ulead VideoStudio SE DVD.lnk
[2011/06/01 20:53:43 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/01 20:53:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/01 20:53:43 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/01 20:53:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/01 20:51:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/01 20:51:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/01 20:50:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/01 20:50:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/01 20:50:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/01 20:50:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/01 16:58:54 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\Sophos Anti-Rootkit.lnk
[2011/06/01 08:01:47 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/01 06:31:20 | 000,001,352 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\Shortcut to SUPERAntiSpyware Professional.exe.lnk
[2011/05/31 23:47:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 05:56:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/14 06:32:09 | 000,475,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/25 08:05:50 | 000,010,709 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat
[2011/02/25 08:05:03 | 000,176,496 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2011/02/25 08:05:03 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2011/02/15 00:14:25 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\fusioncache.dat
[2010/01/14 02:17:16 | 000,077,375 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/09/29 19:39:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/29 19:38:58 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 21:58:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/19 20:25:04 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1018.EXE
[2009/06/11 20:08:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/13 18:55:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 18:52:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/13 18:42:37 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/05/13 18:42:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/05/13 18:42:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/05/13 18:42:36 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/13 18:42:36 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/05/13 18:42:36 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/13 18:42:36 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/05/13 18:42:36 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/05/13 18:42:36 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/05/13 18:42:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/05/13 18:42:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/05/13 18:42:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/05/13 11:48:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/13 11:47:28 | 000,317,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ========== [2009/11/17 21:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/03/02 21:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iNbIlMj08200
[2010/01/18 13:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/11/17 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\HotSync
[2009/06/19 18:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\OpenOffice.org
[2010/01/18 14:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\Ulead Systems
========== Purity Check ========== < End of report >