Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ohtgnoenriga.com redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ohtgnoenriga.com redirect

Unread postby Cursedby27 » May 30th, 2010, 3:30 am

Google search > click result > redirected somewhere else.
The same routine. I've run deep scans from a couple tools. Cleared up some adware, but this problem still remains. The OS is a fairly new install (a little over two weeks)


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-YRPRK-RPDQ2-9K6XT
Windows Product Key Hash: DyVbNiyWaituzaZu/+jK8Q/Lq/Q=
Windows Product ID: 76487-OEM-2211906-00122
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {6A150416-FD38-4B24-89B8-D7C9DADDA77C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6A150416-FD38-4B24-89B8-D7C9DADDA77C}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9K6XT</PKey><PID>76487-OEM-2211906-00122</PID><PIDType>2</PIDType><SID>S-1-5-21-789336058-1284227242-839522115</SID><SYSTEM><Manufacturer>Equus Computer Systems </Manufacturer><Model>Nobilis </Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>EV91510A.86A.0444.2005.0429.2108</Version><SMBIOSVersion major="2" minor="3"/><Date>20050429000000.000000+000</Date><SLPBIOS>Equus Computer Systems,Equus Computer Systems,Equus,Equus</SLPBIOS></BIOS><HWID>29EE37570184407D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1D486:Equus Computer Systems Inc|1D486:Equus Computer Systems Inc|1B894:GENUINE C&C INC
Marker string from OEMBIOS.DAT: Equus Computer Systems,Equus Computer Systems,Equus,Equus

OEM Activation 2.0 Data-->
N/A



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:49 AM, on 5/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] d:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "d:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Microtek_Scanner_Server] C:\Program Files\Microtek\ScanWizard Pro\LANServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKUS\S-1-5-21-789336058-1284227242-839522115-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'name redacted')
O4 - HKUS\S-1-5-21-789336058-1284227242-839522115-1003\..\Run: [Google Update] "C:\Documents and Settings\name redacted\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'name redacted')
O4 - HKUS\S-1-5-21-789336058-1284227242-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'name redacted')
O4 - HKUS\S-1-5-21-789336058-1284227242-839522115-1003\..\Run: [ManyCam] "d:\Program Files\ManyCam 2.4\ManyCam.exe" (User 'name redacted')
O4 - HKUS\S-1-5-21-789336058-1284227242-839522115-1003\..\Run: [EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_S197.tmp" /EF "HKCU" (User 'name redacted')
O4 - HKUS\S-1-5-21-789336058-1284227242-839522115-1003\..\Run: [EPSON Stylus Photo R260 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_S19A.tmp" /EF "HKCU" (User 'name redacted')
O4 - HKUS\S-1-5-21-789336058-1284227242-839522115-1003\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'name redacted')
O4 - S-1-5-21-789336058-1284227242-839522115-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'name redacted')
O4 - S-1-5-21-789336058-1284227242-839522115-1003 Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'name redacted')
O4 - S-1-5-21-789336058-1284227242-839522115-1003 User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'name redacted')
O4 - S-1-5-21-789336058-1284227242-839522115-1003 User Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'name redacted')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3287094883
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - d:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8277 bytes



ABBYY FineReader 6.0
Acrobat.com
Acrobat.com
Adobe After Effects 7.0
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 1.0
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.3.2
Adobe Setup
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Artisteer 2
avast! Free Antivirus
Camtasia Studio 6
Color Matching System
ColorPic
DivX Setup
DVD Architect Pro 5.0
DVD Shrink 3.2
EPSON Printer Software
Fences
Fences
FileZilla Client 3.3.2.1
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
IrfanView (remove only)
Java(TM) 6 Update 18
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft DirectX Transform optional components
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (2.0.0.24)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MWSnap 3
Nero Suite
NVIDIA Drivers
ObjectDock
OpenOffice.org 3.2
PCI Audio Applications
PCI Audio Driver
PDF Settings
ScanWizard Pro
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Skype™ 4.2
Sony Vegas Pro 8.0
Spybot - Search & Destroy
Synergy
Tablet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.5
VNC Free Edition 4.1.2
Winamp
Winamp Toolbar
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WinHTTrack Website Copier 3.43-9C
WinRAR archiver
XMLinst



Thanks in advance!
Cursedby27
Active Member
 
Posts: 11
Joined: May 30th, 2010, 3:19 am
Advertisement
Register to Remove

Re: ohtgnoenriga.com redirect

Unread postby melboy » May 31st, 2010, 9:42 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=====================================================



OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under the Custom Scan box paste this in
    Code: Select all
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /180 
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.



CKScanner
Download CKScanner from here
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or keeps resulting in a BSoDs, uncheck Devices on the right side before scanning -- If you continue to encounter problems, try running GMER in safe mode


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.




In your next reply:
  1. OTL.txt
  2. Extras.txt
  3. CKFiles.txt
  4. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ohtgnoenriga.com redirect

Unread postby Cursedby27 » June 1st, 2010, 3:46 pm

Thanks, melboy. I had to post this as two replies because of the character limit imposed by the forum.

OTL logfile created on: 6/1/2010 12:34:10 PM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = J:\__INCOMING!!!!!\AntiVirii
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 38.64 Gb Free Space | 79.14% Space Free | Partition Type: NTFS
Drive D: | 62.95 Gb Total Space | 60.65 Gb Free Space | 96.34% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 456.20 Gb Free Space | 97.95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 78.13 Gb Total Space | 2.99 Gb Free Space | 3.83% Space Free | Partition Type: NTFS
Drive I: | 70.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 47.52 Gb Free Space | 5.10% Space Free | Partition Type: NTFS

Computer Name: NAME REDACTED
Current User Name: NAME REDACTED
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/01 12:33:46 | 000,571,392 | ---- | M] (OldTimer Tools) -- J:\__INCOMING!!!!!\AntiVirii\OTL.exe
PRC - [2010/05/12 19:11:02 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2010/05/07 22:56:11 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/05/07 20:32:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/06 15:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/13 17:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\Winamp\winampa.exe
PRC - [2009/12/19 00:04:18 | 001,824,040 | ---- | M] (ManyCam LLC) -- D:\Program Files\ManyCam 2.4\ManyCam.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2005/10/19 15:52:32 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/10/19 15:31:52 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2004/09/01 16:19:30 | 000,225,280 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard Pro\LANServer.exe
PRC - [2002/03/03 22:02:50 | 001,454,080 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
PRC - [2001/12/05 16:47:32 | 000,147,456 | ---- | M] () -- D:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe


========== Modules (SafeList) ==========

MOD - [2010/06/01 12:33:46 | 000,571,392 | ---- | M] (OldTimer Tools) -- J:\__INCOMING!!!!!\AntiVirii\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- D:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2005/01/10 11:32:00 | 001,458,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2005/01/10 11:32:00 | 001,019,904 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwimg.dll
MOD - [2005/01/10 11:32:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/12 19:11:02 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2010/05/10 23:26:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/04/13 19:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2005/10/19 15:31:52 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2004/08/04 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2005/01/10 11:32:00 | 003,330,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/06 22:43:52 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2002/03/01 01:37:42 | 000,373,518 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/04/09 13:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/12 21:35:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/12 20:28:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/07 20:35:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/05/14 01:10:00 | 000,000,000 | ---D | M]

[2010/05/07 20:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla\Extensions
[2010/05/31 23:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions
[2010/05/24 23:58:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/07 23:35:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/17 20:01:52 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2010/05/14 00:57:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/29 14:49:51 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/12 22:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\firebug@software.joehewitt.com
[2010/05/11 12:50:48 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\searchplugins\winamp-search.xml
[2010/05/31 23:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 20:28:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/12 20:28:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [C-Media Echo Control] d:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe ()
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Microtek_Scanner_Server] C:\Program Files\Microtek\ScanWizard Pro\LANServer.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Stylus Photo R260 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ManyCam] d:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\NAME REDACTED\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\NAME REDACTED\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3287094883 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - d:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Stardock\Fences\SolidColorBackgrounds\1\Solid Color.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Stardock\Fences\SolidColorBackgrounds\1\Solid Color.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/07 19:22:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/05/07 14:07:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/01 12:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Desktop\Scans
[2010/05/30 02:11:21 | 000,000,000 | ---D | C] -- C:\rsit
[2010/05/30 02:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/05/29 23:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/29 22:16:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/29 21:16:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/28 16:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Malwarebytes
[2010/05/28 16:26:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/28 16:26:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/28 16:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/28 16:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/28 12:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/26 15:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/25 13:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Artisteer
[2010/05/21 19:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\WinRAR
[2010/05/18 23:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\My Documents\Downloaded Installations
[2010/05/17 11:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\FileZilla
[2010/05/17 00:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/15 11:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Google
[2010/05/15 11:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/15 11:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/15 02:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\dvdcss
[2010/05/15 02:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/05/14 01:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/05/14 01:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/14 01:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/14 00:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\dwhelper
[2010/05/13 00:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\HuluDesktop
[2010/05/12 22:33:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/05/12 22:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/12 22:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/05/12 22:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Apple
[2010/05/12 22:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/12 22:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Apple Computer
[2010/05/12 22:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\VSTplugins
[2010/05/12 22:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Publish Providers
[2010/05/12 22:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/12 22:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Sony
[2010/05/12 22:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Sony
[2010/05/12 22:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\My Documents\My Videos
[2010/05/12 22:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/12 21:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/12 21:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\OpenOffice.org
[2010/05/12 21:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/12 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/05/12 20:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010/05/12 20:52:38 | 000,000,000 | ---D | C] -- C:\epson
[2010/05/12 20:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/05/12 20:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/12 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/12 20:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/12 20:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Sun
[2010/05/12 19:11:02 | 000,039,936 | ---- | C] (C-Dilla Ltd) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
[2010/05/12 19:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\ABBYY
[2010/05/12 19:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\ABBYY
[2010/05/12 19:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY
[2010/05/12 19:04:31 | 000,000,000 | ---D | C] -- C:\Kpcms
[2010/05/12 19:02:21 | 000,184,320 | ---- | C] (Microtek International Inc.) -- C:\WINDOWS\System32\MSM0CW.dll
[2010/05/12 19:02:21 | 000,073,728 | ---- | C] (Microtek International Inc.) -- C:\WINDOWS\System32\MSME0w.dll
[2010/05/12 19:02:21 | 000,041,733 | ---- | C] (Microtek International Inc.) -- C:\WINDOWS\System32\MSMB1W.dll
[2010/05/12 19:02:21 | 000,037,589 | ---- | C] (Microtek International Inc.) -- C:\WINDOWS\System32\MSMD2w.dll
[2010/05/12 19:02:21 | 000,037,564 | ---- | C] (Microtek International Inc.) -- C:\WINDOWS\System32\MSMDEw.dll
[2010/05/12 19:02:21 | 000,035,589 | ---- | C] (Microtek International Inc.) -- C:\WINDOWS\System32\MSMWUD10.dll
[2010/05/12 19:02:21 | 000,035,563 | ---- | C] (Microtek International Inc.) -- C:\WINDOWS\System32\MSMWUD.dll
[2010/05/12 19:02:18 | 000,015,396 | ---- | C] (Microtek International Inc.) -- C:\WINDOWS\System32\Msmusd5.dll
[2010/05/12 19:02:18 | 000,013,962 | ---- | C] ( Microtek International Inc.) -- C:\WINDOWS\System32\Msmusd6.dll
[2010/05/12 19:02:18 | 000,012,499 | ---- | C] (Microtek International Inc.) -- C:\WINDOWS\System32\Msmusd7.dll
[2010/05/12 19:02:13 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/12 19:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microtek
[2010/05/12 16:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2010/05/12 15:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2010/05/12 15:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2010/05/12 15:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\ManyCam
[2010/05/12 13:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\boswars
[2010/05/11 12:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/05/11 12:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar
[2010/05/11 12:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
[2010/05/11 12:48:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/05/11 12:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Winamp
[2010/05/11 00:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/05/10 23:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/10 23:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/05/09 21:38:36 | 001,413,120 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomTablet.cpl
[2010/05/09 21:38:35 | 000,008,138 | ---- | C] (Wacom Technology Corporation) -- C:\WINDOWS\System32\drivers\PenClass.sys
[2010/05/09 21:38:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
[2010/05/09 21:38:34 | 000,749,568 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe
[2010/05/09 21:38:34 | 000,102,400 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2010/05/09 21:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/05/09 21:27:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/05/08 00:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/05/08 00:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\vlc
[2010/05/08 00:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/05/07 23:52:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NAME REDACTED\PrivacIE
[2010/05/07 23:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/07 23:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/05/07 23:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/05/07 23:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/05/07 23:21:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NAME REDACTED\IETldCache
[2010/05/07 23:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/07 23:07:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/05/07 23:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/07 23:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/07 23:05:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/07 23:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/07 22:59:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/07 22:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Temp
[2010/05/07 22:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Google
[2010/05/07 22:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Adobe
[2010/05/07 22:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/07 22:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\skypePM
[2010/05/07 22:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Skype
[2010/05/07 22:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/07 22:45:55 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/05/07 22:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/05/07 22:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/05/07 22:45:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/05/07 22:45:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/05/07 22:45:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/05/07 22:45:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/05/07 22:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/05/07 22:35:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/05/07 22:31:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/07 22:30:59 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/07 22:30:59 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/07 22:30:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/07 22:30:56 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/07 22:30:56 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/07 22:30:56 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/07 22:30:43 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/07 22:30:43 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/07 22:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/07 22:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/07 22:21:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/05/07 22:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/07 22:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/07 22:10:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/05/07 21:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/07 21:53:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/05/07 21:53:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/05/07 21:53:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/05/07 21:51:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/05/07 20:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Ahead
[2010/05/07 20:52:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/07 20:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\My Documents\Stardock
[2010/05/07 20:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2010/05/07 20:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Stardock
[2010/05/07 20:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Stardock
[2010/05/07 20:49:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010/05/07 20:49:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NAME REDACTED\UserData
[2010/05/07 20:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Ahead
[2010/05/07 20:47:50 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/05/07 20:47:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/05/07 20:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\My Documents\Downloads
[2010/05/07 20:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\PackageAware
[2010/05/07 20:45:40 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/05/07 20:45:38 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2010/05/07 20:45:38 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2010/05/07 20:45:38 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2010/05/07 20:45:38 | 000,364,544 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll
[2010/05/07 20:45:38 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2010/05/07 20:45:37 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2010/05/07 20:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Thunderbird
[2010/05/07 20:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Thunderbird
[2010/05/07 20:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/05/07 20:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Macromedia
[2010/05/07 20:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Adobe
[2010/05/07 20:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Mozilla
[2010/05/07 20:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla
[2010/05/07 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/07 20:23:08 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/05/07 20:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/05/07 20:11:22 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2010/05/07 20:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\C-Media
[2010/05/07 20:08:49 | 000,135,168 | R--- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\cmuninst.exe
[2010/05/07 20:08:49 | 000,135,168 | R--- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\cmuninst.dat
[2010/05/07 20:08:48 | 001,454,080 | R--- | C] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
[2010/05/07 20:08:48 | 000,032,768 | R--- | C] (C-Media Corporation) -- C:\WINDOWS\System32\cmnprop.dll
[2010/05/07 20:08:43 | 000,373,518 | R--- | C] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmaudio.sys
[2010/05/07 20:02:01 | 000,000,000 | ---D | C] -- C:\TempEI4
[2010/05/07 19:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/05/07 19:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/05/07 19:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/05/07 19:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Identities
[2010/05/07 19:26:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/05/07 19:26:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NAME REDACTED\My Documents\My Pictures
[2010/05/07 19:26:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NAME REDACTED\My Documents\My Music
[2010/05/07 19:26:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NAME REDACTED\Application Data\Microsoft
[2010/05/07 19:26:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NAME REDACTED\SendTo
[2010/05/07 19:26:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NAME REDACTED\Recent
[2010/05/07 19:26:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NAME REDACTED\Application Data
[2010/05/07 19:26:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NAME REDACTED\Start Menu
[2010/05/07 19:26:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NAME REDACTED\My Documents
[2010/05/07 19:26:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NAME REDACTED\Favorites
[2010/05/07 19:26:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NAME REDACTED\Cookies
[2010/05/07 19:26:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NAME REDACTED\Templates
[2010/05/07 19:26:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NAME REDACTED\PrintHood
[2010/05/07 19:26:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NAME REDACTED\NetHood
[2010/05/07 19:26:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings
[2010/05/07 19:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Microsoft
[2010/05/07 19:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME REDACTED\Desktop
[2010/05/07 19:25:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/05/07 19:25:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/05/07 19:25:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/05/07 19:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/05/07 19:25:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/05/07 19:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/05/07 19:24:12 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/05/07 19:24:12 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/05/07 19:23:17 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/05/07 19:22:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/05/07 19:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/05/07 19:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/05/07 19:21:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/05/07 19:21:43 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/05/07 19:21:43 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/05/07 19:21:34 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/05/07 19:21:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/05/07 19:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/05/07 19:20:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/05/07 19:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/05/07 19:20:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/05/07 19:20:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/05/07 19:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/05/07 19:20:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/05/07 19:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/05/07 19:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/05/07 19:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/05/07 19:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/05/07 19:20:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/05/07 19:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/05/07 19:19:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/05/07 19:19:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/05/07 19:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/05/07 19:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/05/07 19:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/05/07 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/05/07 19:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/05/07 19:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/05/07 19:18:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/05/07 19:18:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/05/07 19:18:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/05/07 14:14:33 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/05/07 14:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/05/07 14:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/05/07 14:14:29 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/05/07 14:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/05/07 14:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/05/07 14:14:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/05/07 14:14:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/05/07 14:14:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/05/07 14:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/05/07 14:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/05/07 14:13:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/05/07 14:13:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/05/07 14:13:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/07 14:13:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/05/07 14:13:24 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/07 14:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/05/07 14:06:32 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/05/07 14:06:32 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/05/07 14:06:32 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/05/07 14:06:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/05/07 14:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/04/26 17:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/01 12:32:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/01 12:01:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-839522115-1003UA.job
[2010/06/01 11:32:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/31 23:01:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-839522115-1003Core.job
[2010/05/30 16:24:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/30 16:24:53 | 000,018,006 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/05/30 16:24:40 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\tasks\NCFPSDR.job
[2010/05/30 16:24:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/30 16:23:35 | 000,017,555 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/30 16:23:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/30 16:22:23 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\NAME REDACTED\NTUSER.DAT
[2010/05/30 16:22:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\NAME REDACTED\ntuser.ini
[2010/05/29 16:46:00 | 000,063,360 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\bookmarks.html
[2010/05/29 16:45:33 | 000,020,956 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\bookmarks-2010-05-29.json
[2010/05/28 17:45:36 | 000,025,736 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/28 17:45:09 | 001,429,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/28 12:02:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\HijackThis.lnk
[2010/05/26 15:05:16 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Spybot - Search & Destroy.lnk
[2010/05/26 14:39:28 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Artisteer 2.lnk
[2010/05/26 03:02:38 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Google Chrome.lnk
[2010/05/26 02:38:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/23 21:19:58 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\My Documents\spider.sav
[2010/05/23 19:57:54 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/20 13:34:23 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\MWSnap 3.lnk
[2010/05/19 00:00:52 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Adobe Dreamweaver CS3.lnk
[2010/05/18 19:18:52 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\HTTrack Website Copier.lnk
[2010/05/17 11:29:32 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/05/15 11:33:56 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 02:16:54 | 000,000,101 | ---- | M] () -- C:\WINDOWS\CMMIXER.INI
[2010/05/14 18:29:42 | 000,012,364 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\CL_codergenius.odt
[2010/05/13 12:21:34 | 000,000,035 | ---- | M] () -- C:\MSP.ini
[2010/05/13 00:18:18 | 000,002,038 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Hulu Desktop.lnk
[2010/05/12 22:45:37 | 000,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DVD Architect Pro 5.0.lnk
[2010/05/12 22:43:15 | 000,000,244 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\My Documents\synergy.sgc
[2010/05/12 22:35:41 | 000,134,148 | ---- | M] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2010/05/12 22:35:41 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\ColorPic.lnk
[2010/05/12 22:33:26 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 6.lnk
[2010/05/12 22:33:19 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/12 22:30:29 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\VNC Viewer 4.lnk
[2010/05/12 22:14:48 | 000,002,584 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\My Documents\Register Vegas Pro.htm
[2010/05/12 22:01:17 | 000,001,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 8.0.lnk
[2010/05/12 21:56:06 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/12 21:22:35 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Synergy.lnk
[2010/05/12 19:30:11 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microtek ScanWizard Pro V6.521.lnk
[2010/05/12 19:26:34 | 000,000,501 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/12 19:12:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/12 19:11:02 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
[2010/05/12 15:44:13 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/05/12 15:21:01 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\ManyCam 2.4.lnk
[2010/05/12 04:23:42 | 004,824,160 | -H-- | M] () -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\IconCache.db
[2010/05/11 12:50:49 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/05/11 00:24:55 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Photoshop.lnk
[2010/05/09 21:38:35 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
[2010/05/09 21:23:22 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/09 21:23:22 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/09 21:23:22 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/07 23:23:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/07 22:52:13 | 000,099,056 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Combat Showcase - Farmington Book.pdf
[2010/05/07 22:52:05 | 000,081,910 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Farmington Crew Schedule.pdf
[2010/05/07 22:47:27 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/07 22:46:05 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/07 22:41:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/07 22:31:00 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/07 22:30:57 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/07 21:58:03 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/07 20:52:11 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2010/05/07 20:50:44 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ObjectDock.lnk
[2010/05/07 20:49:53 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Customize Fences.lnk
[2010/05/07 20:47:42 | 000,001,095 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/05/07 20:39:23 | 000,000,371 | ---- | M] () -- C:\WINDOWS\CMISETUP.INI
[2010/05/07 20:39:22 | 000,000,026 | ---- | M] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/05/07 20:39:13 | 000,004,333 | ---- | M] () -- C:\WINDOWS\mixerdef.ini
[2010/05/07 20:35:12 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/05/07 20:30:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/07 20:30:49 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/07 20:11:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/07 20:11:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/07 19:25:31 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/07 19:24:44 | 000,000,311 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/07 19:22:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/07 19:22:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/07 19:22:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/05/07 19:22:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/07 19:22:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/07 19:22:23 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/07 19:21:43 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/07 19:21:43 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/07 19:19:51 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/07 19:19:41 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/07 19:19:41 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/05/07 19:17:47 | 000,000,321 | -HS- | M] () -- C:\boot.ini
[2010/05/07 14:14:29 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/06 15:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 15:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 17:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/29 16:46:00 | 000,063,360 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\bookmarks.html
[2010/05/29 16:45:33 | 000,020,956 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\bookmarks-2010-05-29.json
[2010/05/28 12:02:44 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\HijackThis.lnk
[2010/05/26 15:05:16 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Spybot - Search & Destroy.lnk
[2010/05/26 14:39:28 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Artisteer 2.lnk
[2010/05/25 21:11:02 | 000,000,326 | -HS- | C] () -- C:\WINDOWS\tasks\NCFPSDR.job
[2010/05/23 22:00:22 | 001,411,545 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\dcm202_manual_110.pdf
[2010/05/23 21:19:58 | 000,000,452 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\My Documents\spider.sav
[2010/05/19 00:00:52 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Adobe Dreamweaver CS3.lnk
[2010/05/18 19:18:52 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\HTTrack Website Copier.lnk
[2010/05/17 11:29:32 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/05/15 11:33:56 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 11:27:58 | 000,000,910 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/15 11:27:58 | 000,000,906 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/14 13:31:57 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\CL_codergenius.odt
[2010/05/13 12:21:34 | 000,000,035 | ---- | C] () -- C:\MSP.ini
[2010/05/13 00:18:18 | 000,002,038 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Hulu Desktop.lnk
[2010/05/12 22:45:37 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DVD Architect Pro 5.0.lnk
[2010/05/12 22:35:41 | 000,134,148 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2010/05/12 22:35:41 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\ColorPic.lnk
[2010/05/12 22:33:26 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 6.lnk
[2010/05/12 22:30:29 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\VNC Viewer 4.lnk
[2010/05/12 22:26:14 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\MWSnap 3.lnk
[2010/05/12 22:14:48 | 000,002,584 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\My Documents\Register Vegas Pro.htm
[2010/05/12 22:01:17 | 000,001,521 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 8.0.lnk
[2010/05/12 21:56:06 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/12 21:26:42 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\My Documents\synergy.sgc
[2010/05/12 21:22:35 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Synergy.lnk
[2010/05/12 19:26:33 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microtek ScanWizard Pro V6.521.lnk
[2010/05/12 15:44:13 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/05/12 15:42:40 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/12 15:42:40 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/05/12 15:42:40 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/05/12 15:42:40 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/05/12 15:42:40 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/05/12 15:42:40 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/05/12 15:42:39 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010/05/12 15:42:39 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/05/12 15:42:39 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010/05/12 15:42:39 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010/05/12 15:42:39 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010/05/12 15:42:39 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010/05/12 15:42:39 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010/05/12 15:42:38 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010/05/12 15:42:38 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010/05/12 15:42:38 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/05/12 15:21:01 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\ManyCam 2.4.lnk
[2010/05/11 12:50:49 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/05/11 00:24:55 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Photoshop.lnk
[2010/05/11 00:12:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/11 00:12:31 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 21:38:38 | 000,018,006 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/05/09 21:38:36 | 001,830,729 | ---- | C] () -- C:\WINDOWS\System32\WacomTablet.znc
[2010/05/09 21:38:35 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
[2010/05/07 23:07:37 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/07 22:56:41 | 000,002,379 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Google Chrome.lnk
[2010/05/07 22:56:15 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-839522115-1003UA.job
[2010/05/07 22:56:14 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-839522115-1003Core.job
[2010/05/07 22:52:17 | 000,099,056 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Combat Showcase - Farmington Book.pdf
[2010/05/07 22:52:09 | 000,081,910 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Farmington Crew Schedule.pdf
[2010/05/07 22:47:27 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/07 22:46:05 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/07 22:31:00 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/07 22:12:10 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/05/07 22:12:10 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/05/07 22:12:10 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/05/07 22:12:10 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/05/07 22:12:10 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/05/07 22:12:10 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/05/07 22:12:10 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/05/07 22:12:10 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/05/07 22:12:10 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/05/07 22:12:10 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/05/07 22:12:10 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/05/07 22:12:10 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/05/07 22:12:10 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/05/07 22:12:10 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/05/07 22:12:10 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/05/07 22:12:10 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/05/07 22:12:10 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/05/07 22:12:10 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/05/07 22:12:10 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/05/07 22:12:10 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/05/07 22:12:10 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/05/07 22:12:10 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/05/07 22:12:10 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/05/07 22:12:10 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/05/07 22:12:10 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/05/07 22:12:10 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/05/07 22:12:10 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/05/07 22:12:10 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/05/07 22:12:10 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/05/07 22:12:10 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/05/07 22:12:10 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/05/07 22:12:10 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/05/07 22:12:10 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/05/07 22:12:10 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/05/07 22:12:10 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/05/07 22:12:10 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/05/07 22:12:10 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/05/07 22:12:10 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/05/07 22:12:10 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/05/07 22:12:10 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/05/07 22:12:08 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/05/07 22:12:08 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/05/07 22:12:08 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/05/07 22:12:07 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/05/07 22:12:07 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/05/07 22:12:07 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/05/07 22:12:07 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/05/07 22:12:07 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/05/07 22:12:07 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/05/07 22:12:07 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/05/07 22:12:07 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/05/07 22:12:06 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/05/07 22:12:05 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/05/07 22:11:58 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/05/07 22:11:58 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/05/07 22:11:58 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/05/07 22:11:58 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/05/07 22:11:58 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/05/07 22:11:58 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/05/07 22:11:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/05/07 22:11:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/05/07 22:11:58 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/05/07 22:11:58 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/05/07 22:11:58 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/05/07 22:11:22 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/05/07 21:58:03 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/07 20:52:11 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2010/05/07 20:50:44 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ObjectDock.lnk
[2010/05/07 20:49:53 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\NAME REDACTED\Desktop\Customize Fences.lnk
[2010/05/07 20:47:42 | 000,001,095 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/05/07 20:39:53 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2010/05/07 20:35:12 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/05/07 20:30:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/07 20:30:49 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/07 20:11:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/05/07 20:11:18 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2010/05/07 20:11:16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System\CMedia.dll
[2010/05/07 20:11:16 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010/05/07 20:09:46 | 000,015,448 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2010/05/07 20:09:40 | 000,000,371 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/05/07 20:09:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/05/07 20:03:57 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/05/07 20:03:56 | 000,005,110 | R--- | C] () -- C:\WINDOWS\System32\e100b325.din
[2010/05/07 19:47:19 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2010/05/07 19:47:19 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2010/05/07 19:47:19 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2010/05/07 19:47:19 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2010/05/07 19:47:19 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2010/05/07 19:47:19 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2010/05/07 19:47:19 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2010/05/07 19:47:18 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2010/05/07 19:47:18 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2010/05/07 19:47:18 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2010/05/07 19:47:18 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2010/05/07 19:47:18 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2010/05/07 19:47:18 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2010/05/07 19:47:18 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2010/05/07 19:47:18 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2010/05/07 19:47:18 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/05/07 19:47:18 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2010/05/07 19:47:18 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2010/05/07 19:47:18 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2010/05/07 19:47:18 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2010/05/07 19:41:33 | 000,014,403 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/05/07 19:26:18 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\NAME REDACTED\ntuser.dat.LOG
[2010/05/07 19:26:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NAME REDACTED\ntuser.ini
[2010/05/07 19:26:17 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\NAME REDACTED\NTUSER.DAT
[2010/05/07 19:25:31 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/07 19:24:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/07 19:24:30 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/05/07 19:24:08 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/05/07 19:24:08 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/05/07 19:24:07 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/05/07 19:23:55 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/05/07 19:23:54 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/05/07 19:23:48 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/05/07 19:23:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/05/07 19:23:46 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/05/07 19:23:36 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/05/07 19:23:31 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/05/07 19:23:20 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/05/07 19:23:17 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/05/07 19:23:17 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/05/07 19:23:17 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/05/07 19:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/05/07 19:23:16 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/05/07 19:23:16 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/05/07 19:23:16 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/05/07 19:23:16 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/05/07 19:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/05/07 19:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/05/07 19:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/05/07 19:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/05/07 19:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/05/07 19:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/05/07 19:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/05/07 19:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/05/07 19:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/05/07 19:23:14 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/05/07 19:23:14 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/05/07 19:23:14 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/05/07 19:23:14 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/05/07 19:23:14 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/05/07 19:23:14 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/05/07 19:23:14 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/05/07 19:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/05/07 19:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/05/07 19:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/05/07 19:23:13 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/05/07 19:23:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/05/07 19:23:12 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/05/07 19:23:12 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/05/07 19:23:12 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/05/07 19:23:12 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/05/07 19:23:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/05/07 19:23:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/05/07 19:23:11 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/05/07 19:22:36 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/07 19:22:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/07 19:22:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/05/07 19:22:36 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/05/07 19:22:36 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/05/07 19:22:32 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/07 19:22:32 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/07 19:22:31 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/07 19:21:43 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/07 19:21:43 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/07 19:21:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/07 19:21:24 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/05/07 19:20:57 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/05/07 19:20:57 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/05/07 19:20:51 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/05/07 19:19:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/07 19:19:10 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/05/07 19:19:10 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/05/07 19:19:10 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/05/07 19:19:10 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/05/07 19:19:10 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/05/07 19:19:10 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/05/07 19:19:09 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/05/07 19:19:09 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/05/07 19:19:09 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/05/07 19:19:09 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/05/07 19:19:09 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/05/07 19:19:09 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/05/07 19:19:09 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/05/07 19:19:09 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/05/07 19:19:09 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/05/07 19:19:09 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/05/07 19:19:08 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/05/07 19:19:08 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/05/07 19:19:08 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/05/07 19:19:07 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/05/07 19:19:07 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/05/07 19:19:06 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/05/07 19:19:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/05/07 14:14:36 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/07 14:14:31 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/05/07 14:14:31 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/05/07 14:14:30 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/05/07 14:14:30 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/05/07 14:14:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/05/07 14:14:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/05/07 14:14:26 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/05/07 14:14:26 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/05/07 14:14:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/05/07 14:14:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/05/07 14:14:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/05/07 14:14:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/05/07 14:14:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/05/07 14:14:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/05/07 14:14:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/05/07 14:14:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/05/07 14:14:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/05/07 14:14:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/05/07 14:14:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/05/07 14:14:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/05/07 14:14:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/05/07 14:14:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/05/07 14:14:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/05/07 14:14:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/05/07 14:14:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/05/07 14:14:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/05/07 14:14:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/05/07 14:14:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/05/07 14:14:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/05/07 14:14:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/05/07 14:14:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/05/07 14:14:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/05/07 14:14:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/05/07 14:14:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/05/07 14:14:19 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/05/07 14:14:19 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/05/07 14:14:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/05/07 14:14:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/05/07 14:14:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/05/07 14:14:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/05/07 14:14:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/05/07 14:14:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/05/07 14:14:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/05/07 14:14:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/05/07 14:14:14 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/07 14:14:04 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/05/07 14:14:04 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/05/07 14:14:04 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/05/07 14:14:04 | 000,007,506 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/05/07 14:14:04 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/05/07 14:14:03 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/05/07 14:14:03 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/05/07 14:14:03 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/05/07 14:13:24 | 001,429,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/07 14:12:34 | 000,000,321 | -HS- | C] () -- C:\boot.ini
[2010/05/07 14:12:31 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2004/06/24 01:20:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

========== LOP Check ==========

[2010/05/07 22:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/12 21:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/05/12 22:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/12 22:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/12 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/07 20:49:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010/05/25 13:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\Artisteer
[2010/05/12 13:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\boswars
[2010/05/31 00:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\FileZilla
[2010/05/12 15:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\ManyCam
[2010/05/12 21:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\OpenOffice.org
[2010/05/12 22:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\Publish Providers
[2010/05/12 22:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\Sony
[2010/05/07 20:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\Stardock
[2010/05/07 20:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME REDACTED\Application Data\Thunderbird
[2010/05/30 16:24:40 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\Tasks\NCFPSDR.job


========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/07 19:22:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/07 19:17:47 | 000,000,321 | -HS- | M] () -- C:\boot.ini
[2010/05/07 19:22:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/07 19:22:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/07 19:22:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/13 12:21:34 | 000,000,035 | ---- | M] () -- C:\MSP.ini
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/07 22:41:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/30 16:23:11 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/07 14:12:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/07 14:12:33 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/07 14:12:33 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 11:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >
Cursedby27
Active Member
 
Posts: 11
Joined: May 30th, 2010, 3:19 am

Re: ohtgnoenriga.com redirect

Unread postby Cursedby27 » June 1st, 2010, 3:47 pm

Part two. I ran GMER in Safe Mode.


OTL Extras logfile created on: 6/1/2010 12:34:10 PM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = J:\__INCOMING!!!!!\AntiVirii
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 38.64 Gb Free Space | 79.14% Space Free | Partition Type: NTFS
Drive D: | 62.95 Gb Total Space | 60.65 Gb Free Space | 96.34% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 456.20 Gb Free Space | 97.95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 78.13 Gb Total Space | 2.99 Gb Free Space | 3.83% Space Free | Partition Type: NTFS
Drive I: | 70.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 47.52 Gb Free Space | 5.10% Space Free | Partition Type: NTFS

Computer Name: NAME REDACTED
Current User Name: NAME REDACTED
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "d:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "d:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "d:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microtek\ScanWizard Pro\LANServer.exe" = C:\Program Files\Microtek\ScanWizard Pro\LANServer.exe:*:Enabled:LAN Server -- ()
"D:\Program Files\Synergy\synergys.exe" = D:\Program Files\Synergy\synergys.exe:*:Enabled:synergys -- ()
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"D:\Program Files\VideoLAN\VLC\vlc.exe" = D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAF566E-1712-433C-A1C2-7517845107CC}" = DVD Architect Pro 5.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{886E284F-ED78-4149-9007-9C5CF69A52B9}" = Camtasia Studio 6
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0307120-889A-11D8-8627-00055DFD8F8E}" = Color Matching System
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1334AAA-5C3E-11D6-8FC3-0080C85A0C2D}" = ScanWizard Pro
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}" = XMLinst
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Artisteer 2" = Artisteer 2
"avast5" = avast! Free Antivirus
"ColorPic" = ColorPic
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DXTXTRA" = Microsoft DirectX Transform optional components
"EPSON Printer and Utilities" = EPSON Printer Software
"Fences" = Fences
"FileZilla Client" = FileZilla Client 3.3.2.1
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MWSnap 3" = MWSnap 3
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealVNC_is1" = VNC Free Edition 4.1.2
"Synergy" = Synergy
"Tablet Driver" = Tablet
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"HuluDesktop" = HuluDesktop
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/30/2010 5:20:35 PM | Computer Name = NAME REDACTED | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 5:20:35 PM | Computer Name = NAME REDACTED | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 5:20:35 PM | Computer Name = NAME REDACTED | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 5:20:35 PM | Computer Name = NAME REDACTED | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 5:20:35 PM | Computer Name = NAME REDACTED | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 5:20:35 PM | Computer Name = NAME REDACTED | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 5:20:35 PM | Computer Name = NAME REDACTED | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 5:20:35 PM | Computer Name = NAME REDACTED | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 5:20:35 PM | Computer Name = NAME REDACTED | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 5:20:35 PM | Computer Name = NAME REDACTED | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 5/16/2010 9:36:20 PM | Computer Name = NAME REDACTED | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk4\D, has a bad block.

Error - 5/16/2010 9:36:23 PM | Computer Name = NAME REDACTED | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk4\D, has a bad block.

Error - 5/16/2010 9:36:26 PM | Computer Name = NAME REDACTED | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk4\D, has a bad block.

Error - 5/16/2010 9:36:29 PM | Computer Name = NAME REDACTED | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk4\D, has a bad block.

Error - 5/16/2010 9:36:32 PM | Computer Name = NAME REDACTED | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk4\D, has a bad block.

Error - 5/16/2010 9:36:35 PM | Computer Name = NAME REDACTED | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk4\D, has a bad block.

Error - 5/16/2010 9:36:38 PM | Computer Name = NAME REDACTED | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk4\D, has a bad block.

Error - 5/16/2010 9:36:41 PM | Computer Name = NAME REDACTED | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk4\D, has a bad block.

Error - 5/17/2010 1:02:21 AM | Computer Name = NAME REDACTED | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 5/25/2010 1:01:17 AM | Computer Name = NAME REDACTED | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk3\D, has a bad block.


< End of report >

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----


(IU ran GMER in Safe Mode)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-01 14:30:22
Windows 5.1.2600 Service Pack 3
Running: oglf143d.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxrdypog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd501b37
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd501b37 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


Thanks again.
Cursedby27
Active Member
 
Posts: 11
Joined: May 30th, 2010, 3:19 am

Re: ohtgnoenriga.com redirect

Unread postby melboy » June 1st, 2010, 8:09 pm

Hi

C:\Documents and Settings\NAME REDACTED

It may be that I need the name of the user profile for any scripts that may be necessary to clean your PC. The filepaths would have to be an exact match.

J:\__INCOMING!!!!!\AntiVirii\OTL.exe

Unless stated otherwise please download all tools to - and run them from - your Desktop.



ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ohtgnoenriga.com redirect

Unread postby melboy » June 5th, 2010, 3:49 am

Hi Cursedby27

It has been over two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ohtgnoenriga.com redirect

Unread postby Cursedby27 » June 5th, 2010, 11:29 pm

Downloaded and ran ComboFix from the desktop. It locked up soon after as it was preparing a log. I let it sit for an hour. I no longer have time to work on it tonight. I will continue with it tomorrow if you don't mind waiting.
Cursedby27
Active Member
 
Posts: 11
Joined: May 30th, 2010, 3:19 am

Re: ohtgnoenriga.com redirect

Unread postby Cursedby27 » June 5th, 2010, 11:29 pm

Downloaded and ran ComboFix from the desktop. It locked up soon after as it was preparing a log. I let it sit for an hour. I no longer have time to work on it tonight. I will continue with it tomorrow if you don't mind waiting.
Cursedby27
Active Member
 
Posts: 11
Joined: May 30th, 2010, 3:19 am

Re: ohtgnoenriga.com redirect

Unread postby Cursedby27 » June 5th, 2010, 11:47 pm

Apologies for the double posting. Firefox went bat-s#!t-crazy for a moment. I did have the time to do a second scan anyway. Btw - NAME REDACTED is the my username.

The result from the ComboFix scan...

ComboFix 10-06-05.01 - NAME REDACTED 06/05/2010 22:31:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2470 [GMT -5:00]
Running from: c:\documents and settings\NAME REDACTED\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-04 06:07 . 2010-06-04 06:07 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-04 06:07 . 2010-06-04 06:07 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-04 06:04 . 2010-06-04 06:04 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-01 19:33 . 2010-06-01 19:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-30 16:32 . 2010-05-30 16:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-05-30 07:11 . 2010-05-30 07:11 -------- d-----w- C:\rsit
2010-05-30 07:06 . 2010-05-30 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-30 04:57 . 2010-05-30 04:58 -------- d-----w- c:\windows\system32\NtmsData
2010-05-30 02:17 . 2010-05-30 02:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-28 21:26 . 2010-05-28 21:26 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Malwarebytes
2010-05-28 21:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-28 21:26 . 2010-05-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 21:26 . 2010-05-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-28 21:26 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 17:02 . 2010-05-30 07:11 -------- d-----w- c:\program files\Trend Micro
2010-05-27 00:09 . 2010-05-27 00:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-27 00:09 . 2010-05-27 00:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stardock
2010-05-27 00:09 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-26 20:04 . 2010-05-26 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-26 02:11 . 2010-05-26 02:11 85504 --sha-r- c:\windows\system32\apcupsk.dll
2010-05-25 18:26 . 2010-05-25 18:26 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Artisteer
2010-05-19 05:01 . 2007-02-21 07:09 2781184 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-05-17 16:29 . 2010-06-04 19:19 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\FileZilla
2010-05-17 05:01 . 2010-05-17 05:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-15 16:28 . 2010-05-15 16:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-15 16:27 . 2010-06-03 16:48 -------- d-----w- c:\program files\Google
2010-05-15 07:12 . 2010-06-02 02:27 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\dvdcss
2010-05-15 07:10 . 2010-05-15 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-14 06:10 . 2010-06-04 06:08 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-14 06:10 . 2010-06-04 06:04 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-14 06:10 . 2010-06-04 06:04 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-14 06:09 . 2010-05-14 06:09 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-14 06:09 . 2010-05-14 06:09 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-14 06:09 . 2010-05-14 06:09 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-14 06:09 . 2010-05-14 06:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-14 06:09 . 2010-06-04 06:08 -------- d-----w- c:\program files\DivX
2010-05-14 06:09 . 2010-06-04 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-14 05:58 . 2010-05-23 01:27 -------- d-----w- c:\documents and settings\NAME REDACTED\dwhelper
2010-05-13 05:18 . 2010-05-13 05:18 -------- d-----w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\HuluDesktop
2010-05-13 03:35 . 2010-05-13 03:35 134148 ----a-w- c:\windows\ColorPic Uninstaller.exe
2010-05-13 03:33 . 2008-07-10 18:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-13 03:33 . 2010-05-13 03:33 -------- d-----w- c:\windows\system32\QuickTime
2010-05-13 03:33 . 2010-05-13 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-05-13 03:33 . 2010-05-13 03:33 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-05-13 03:29 . 2010-05-13 03:29 -------- d-----w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Apple
2010-05-13 03:29 . 2010-05-17 05:00 -------- d-----w- c:\program files\Apple Software Update
2010-05-13 03:29 . 2010-05-13 03:29 -------- d-----w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Apple Computer
2010-05-13 03:15 . 2010-05-13 03:15 -------- d-----w- c:\program files\VSTplugins
2010-05-13 03:15 . 2010-05-13 03:15 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Publish Providers
2010-05-13 03:15 . 2010-05-13 03:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-13 03:14 . 2010-05-13 03:47 -------- d-----w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Sony
2010-05-13 03:14 . 2010-05-13 03:47 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Sony
2010-05-13 03:01 . 2010-05-13 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-05-13 02:55 . 2010-05-13 02:55 -------- d-----w- c:\program files\JRE
2010-05-13 02:18 . 2010-05-14 18:14 1 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-13 02:17 . 2010-05-13 02:17 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\OpenOffice.org
2010-05-13 01:28 . 2010-05-13 01:28 503808 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5fd61cd7-n\msvcp71.dll
2010-05-13 01:28 . 2010-05-13 01:28 499712 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5fd61cd7-n\jmc.dll
2010-05-13 01:28 . 2010-05-13 01:28 61440 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f14fd62-n\decora-sse.dll
2010-05-13 01:28 . 2010-05-13 01:28 348160 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5fd61cd7-n\msvcr71.dll
2010-05-13 01:28 . 2010-05-13 01:28 12800 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f14fd62-n\decora-d3d.dll
2010-05-13 01:28 . 2010-05-13 01:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-13 01:28 . 2010-05-13 02:52 -------- d-----w- c:\program files\Java
2010-05-13 00:16 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-13 00:16 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-13 00:11 . 2010-05-13 00:11 39936 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2010-05-13 00:11 . 2010-05-13 00:11 -------- d-----w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\ABBYY
2010-05-13 00:11 . 2010-05-13 00:11 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\ABBYY
2010-05-13 00:09 . 2010-05-13 00:23 -------- d-----w- c:\program files\ABBYY
2010-05-13 00:04 . 2010-05-13 00:04 -------- d-----w- C:\Kpcms
2010-05-13 00:02 . 2004-01-08 16:39 184320 ----a-w- c:\windows\system32\MSM0CW.dll
2010-05-13 00:02 . 2003-04-25 00:00 35589 ----a-w- c:\windows\system32\MSMWUD10.dll
2010-05-13 00:02 . 2002-10-08 23:53 41733 ----a-w- c:\windows\system32\MSMB1W.dll
2010-05-13 00:02 . 2002-07-30 21:12 73728 ----a-w- c:\windows\system32\MSME0w.dll
2010-05-13 00:02 . 2002-05-21 19:25 37589 ----a-w- c:\windows\system32\MSMD2w.dll
2010-05-13 00:02 . 2002-01-14 19:58 37564 ----a-w- c:\windows\system32\MSMDEw.dll
2010-05-13 00:02 . 2001-12-26 13:47 35563 ----a-w- c:\windows\system32\MSMWUD.dll
2010-05-13 00:02 . 2003-07-17 21:12 12499 ----a-w- c:\windows\system32\Msmusd7.dll
2010-05-13 00:02 . 2003-06-11 17:03 15396 ----a-w- c:\windows\system32\Msmusd5.dll
2010-05-13 00:02 . 2001-06-20 20:44 13962 ----a-w- c:\windows\system32\Msmusd6.dll
2010-05-13 00:02 . 2010-05-13 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-13 00:01 . 2010-05-13 00:01 -------- d-----w- c:\program files\Microtek
2010-05-12 21:52 . 2010-05-12 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-05-12 20:21 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-05-12 20:21 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-05-12 20:21 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-05-12 20:21 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-05-12 18:54 . 2010-05-12 18:55 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\boswars
2010-05-11 17:50 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-11 17:50 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-05-11 17:50 . 2010-05-11 17:50 -------- d-----w- c:\windows\Logs
2010-05-11 17:50 . 2010-05-11 17:50 -------- d-----w- c:\program files\Winamp Toolbar
2010-05-11 17:50 . 2010-05-11 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2010-05-11 05:17 . 2010-05-11 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-05-11 04:54 . 2010-05-11 04:54 -------- d-----w- c:\program files\Bonjour
2010-05-11 04:26 . 2010-05-11 04:26 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-05-10 02:38 . 2010-06-06 03:24 18006 ----a-w- c:\windows\system32\tablet.dat
2010-05-10 02:38 . 2010-05-10 02:38 -------- d-----w- c:\windows\system32\WTablet
2010-05-10 02:38 . 2001-04-09 18:45 8138 ----a-w- c:\windows\system32\drivers\PenClass.sys
2010-05-10 02:38 . 2005-10-19 20:53 102400 ----a-w- c:\windows\system32\Wintab32.dll
2010-05-10 02:38 . 2005-10-19 20:31 749568 ----a-w- c:\windows\system32\Tablet.exe
2010-05-10 02:32 . 2010-05-10 02:40 -------- d-----w- c:\program files\Tablet
2010-05-08 05:57 . 2010-05-10 02:29 -------- d-----w- c:\program files\TabletPlugins
2010-05-08 05:37 . 2010-06-04 06:10 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\vlc
2010-05-08 05:27 . 2010-05-11 05:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-05-08 04:52 . 2010-05-08 04:52 -------- d-sh--w- c:\documents and settings\NAME REDACTED\PrivacIE
2010-05-08 04:35 . 2010-04-08 07:50 1496064 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-05-08 04:35 . 2010-04-08 07:50 43008 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-05-08 04:35 . 2010-04-08 07:50 338944 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-05-08 04:35 . 2010-04-08 07:50 346112 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-05-08 04:30 . 2010-05-08 04:30 -------- d-----w- c:\windows\system32\XPSViewer
2010-05-08 04:30 . 2010-05-08 04:30 -------- d-----w- c:\program files\MSBuild
2010-05-08 04:30 . 2010-05-08 04:30 -------- d-----w- c:\program files\Reference Assemblies
2010-05-08 04:30 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-05-08 04:30 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-08 04:30 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-08 04:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-08 04:30 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-08 04:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-08 04:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-08 04:30 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-08 04:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-05-08 04:21 . 2010-05-08 04:21 -------- d-sh--w- c:\documents and settings\NAME REDACTED\IETldCache
2010-05-08 04:08 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-08 04:08 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 02:24 . 2010-06-04 06:08 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\DivX
2010-05-18 05:31 . 2010-05-11 17:47 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Winamp
2010-05-13 22:48 . 2010-05-08 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-05-13 02:55 . 2010-05-13 02:10 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-13 02:10 . 2010-05-13 01:28 -------- d-----w- c:\program files\Common Files\Java
2010-05-13 02:04 . 2010-05-13 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-05-13 01:52 . 2010-05-13 01:52 -------- d-----w- c:\program files\EPSON
2010-05-13 00:01 . 2010-05-08 00:41 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-12 20:42 . 2010-05-12 20:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-05-12 20:21 . 2010-05-12 20:20 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\ManyCam
2010-05-08 03:48 . 2010-05-08 00:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-08 00:22 . 2010-05-08 00:22 -------- d-----w- c:\program files\microsoft frontpage
2010-05-08 00:19 . 2010-05-08 00:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-27 18:40 . 2010-06-04 06:08 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2010-06-04 06:08 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2010-05-11 17:47 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-04-27 18:40 . 2010-05-11 17:47 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-04-27 18:40 . 2010-05-11 17:47 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2010-05-11 17:47 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-10 19:29 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"Google Update"="c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-08 136176]
"ManyCam"="d:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216]
"nwiz"="nwiz.exe" [2005-01-10 1490944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-01-10 86016]
"C-Media Mixer"="Mixer.exe" [2002-03-04 1454080]
"C-Media Echo Control"="d:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"Microtek_Scanner_Server"="c:\program files\Microtek\ScanWizard Pro\LANServer.exe" [2004-09-01 225280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

c:\documents and settings\NAME REDACTED\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Stardock ObjectDock.lnk - d:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-5-7 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2010-5-9 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "d:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microtek\\ScanWizard Pro\\LANServer.exe"=
"d:\\Program Files\\Synergy\\synergys.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"d:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/7/2010 10:30 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/7/2010 10:31 PM 19024]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/15/2010 11:27 AM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 16:27]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 16:27]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-839522115-1003Core.job
- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 03:56]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-839522115-1003UA.job
- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 03:56]

2010-06-06 c:\windows\Tasks\NCFPSDR.job
- c:\windows\system32\apcupsk.dll [2010-05-26 02:11]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\NAME REDACTED\Local Settings\Application Data\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 22:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WININET.dll
d:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
d:\program files\Stardock\Fences\FencesMenu.dll
d:\program files\stardock\fences\DesktopDock.dll
.
Completion time: 2010-06-05 22:36:21
ComboFix-quarantined-files.txt 2010-06-06 03:36

Pre-Run: 41,214,996,480 bytes free
Post-Run: 41,180,192,768 bytes free

- - End Of File - - 26ACB92E56D024C225FFE7A676E97D9B
Cursedby27
Active Member
 
Posts: 11
Joined: May 30th, 2010, 3:19 am

Re: ohtgnoenriga.com redirect

Unread postby melboy » June 6th, 2010, 12:07 pm

Check a file
  • Go to VirusTotal or Jotti's
    c:\windows\system32\apcupsk.dll
  • Copy/Paste the file above into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed,(VirusTotal) click Reanalyze file Now.
    • File has been scanned before(Jotti), click Scan again.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ohtgnoenriga.com redirect

Unread postby Cursedby27 » June 6th, 2010, 1:41 pm

Curious.
c:\windows\system32\apcupsk.dll

That file does not exist on my machine. A search for "apcupsk" in Windows Explorer found nothing in all of C:\ either. There is a file called apcups.dll.
Cursedby27
Active Member
 
Posts: 11
Joined: May 30th, 2010, 3:19 am

Re: ohtgnoenriga.com redirect

Unread postby melboy » June 6th, 2010, 1:48 pm

Hi

Do this and see if it's there.

Show Hidden Folders

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click Apply
  • Click OK.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Ah-ha!

Unread postby Cursedby27 » June 7th, 2010, 1:23 pm

You found it! With my luck I didn't have high hopes of this issue getting found let alone getting fixed!


Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.07 -
AhnLab-V3 2010.06.06.00 2010.06.06 -
AntiVir 8.2.2.6 2010.06.07 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.07 -
Avast 4.8.1351.0 2010.06.07 -
Avast5 5.0.332.0 2010.06.07 -
AVG 9.0.0.787 2010.06.07 -
BitDefender 7.2 2010.06.07 -
CAT-QuickHeal None 2010.06.07 -
ClamAV 0.96.0.3-git 2010.06.07 -
Comodo 5019 2010.06.07 -
DrWeb 5.0.2.03300 2010.06.07 -
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7615 2010.06.07 -
F-Prot 4.6.0.103 2010.06.07 -
F-Secure 9.0.15370.0 2010.06.07 -
Fortinet 4.1.133.0 2010.06.06 -
GData 21 2010.06.07 -
Ikarus T3.1.1.84.0 2010.06.07 -
Jiangmin 13.0.900 2010.06.07 -
Kaspersky 7.0.0.125 2010.06.07 -
McAfee 5.400.0.1158 2010.06.07 -
McAfee-GW-Edition 2010.1 2010.06.07 -
Microsoft 1.5802 2010.06.07 -
NOD32 5180 2010.06.07 -
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-07.01 2010.06.07 -
Panda 10.0.2.7 2010.06.06 -
PCTools 7.0.3.5 2010.06.07 -
Prevx 3.0 2010.06.07 High Risk Cloaked Malware
Rising 22.51.00.04 2010.06.07 -
Sophos 4.53.0 2010.06.07 -
Sunbelt 6416 2010.06.07 -
Symantec 20101.1.0.89 2010.06.07 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.07 -
VBA32 3.12.12.5 2010.06.07 -
ViRobot 2010.6.7.2341 2010.06.07 -
VirusBuster 5.0.27.0 2010.06.07 -
Additional information
File size: 85504 bytes
MD5...: b459670e03cbdb6e2f0216f7267dd844
SHA1..: 7d2ada21cf9b2c1f568fb6072e2ffbfd258a6c54
SHA256: 114642806c411b8818ab2f2bde09662481d325e130c87ae3f2ca55a2f6929062
ssdeep: 1536:R1TwNvtf/zSnAvNe7Gctw624RojfDbxoSxJAdHV+TrPJNLPivSYVEQLl+7:
R1inzSnAle3bpADbxDxJAd1+PP3PySsK
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xa9cd
timedatestamp.....: 0x4548598f (Wed Nov 01 08:23:43 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9a7a 0x9c00 6.35 fa043b62364e320c1d1be7208f8518c5
.rdata 0xb000 0x11c6 0x1200 5.30 28ef8c075f0418e3d9c27fd005ef56e1
.data 0xd000 0x11704 0x8c00 5.41 446b59ee5798f5a907544587d9de16f9
.rsrc 0x1f000 0x528 0x600 2.99 7eb23e001db689aa7aa32dbfe003421c
.reloc 0x20000 0x970 0xa00 5.57 30a0493dc714031b8ad8c1b3df6566a0

( 7 imports )
> KERNEL32.dll: DisableThreadLibraryCalls, CreateThread, GetComputerNameW, CreateEventW, SetLastError, GetShortPathNameW, TlsAlloc, GetModuleFileNameW, GetEnvironmentVariableW, GetTempPathW, InitializeCriticalSection, CreateFileW, WriteFile, OutputDebugStringA, BeginUpdateResourceW, EndUpdateResourceW, FindResourceW, SizeofResource, LoadResource, LockResource, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, MultiByteToWideChar, GetComputerNameA, QueryPerformanceCounter, InterlockedCompareExchange, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetVersionExW, GetModuleHandleW, GetFileAttributesW, Sleep, InterlockedExchange, SetErrorMode, ExitProcess, FreeLibrary, LoadLibraryW, GetLastError, FormatMessageW, GetCommandLineW, GetCurrentProcess, GetTickCount, GetSystemDirectoryW, CreateProcessW, WaitForSingleObject, GetProcAddress, lstrlenW, LocalAlloc, WideCharToMultiByte, lstrlenA, LocalFree, CloseHandle, GetVersion, VirtualProtect, SetEnvironmentVariableW
> USER32.dll: VkKeyScanW, VkKeyScanA, GetFocus, SystemParametersInfoW, LoadIconW, CreateWindowExW, RegisterClassW, DestroyWindow, LoadCursorW, UnregisterClassW, SetWindowLongW, PostMessageW, GetWindow, SetWindowPos, IsRectEmpty, SetWindowRgn, ToUnicode, GetKeyboardState, GetPropW, RemovePropW, UpdateWindow, RedrawWindow, OffsetRect, IsWindow
> ADVAPI32.dll: ChangeServiceConfigW, GetSecurityDescriptorDacl, RegSetValueExW, LsaOpenPolicy, FreeSid, LookupAccountSidW, AllocateAndInitializeSid, MakeSelfRelativeSD, RegNotifyChangeKeyValue, LookupAccountNameW, IsValidSid, LsaEnumerateAccountRights, UnlockServiceDatabase, LockServiceDatabase, CloseServiceHandle, GetLengthSid, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AddAccessAllowedAce, InitializeAcl, InitializeSecurityDescriptor, RegQueryValueExW, RegOpenKeyExW, GetAclInformation, ConvertSidToStringSidW, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey
> GDI32.dll: CreateFontIndirectW, DeleteObject, CreateRectRgnIndirect, CombineRgn, LPtoDP, SetBkMode, SelectObject
> ole32.dll: CoCreateInstance, CoTaskMemAlloc, CoTaskMemFree
> RPCRT4.dll: RpcBindingFree, RpcBindingSetAuthInfoA, NdrClientCall2, RpcNetworkIsProtseqValidA, RpcBindingFromStringBindingA, RpcEpResolveBinding
> MSVCRT.dll: time, sprintf, _snprintf, strchr, _strnicmp, strncpy, memset, _wcslwr, wcscmp, wcsncpy, _wcsicmp, wcslen, wcsstr, free, malloc, _mbslen, _CxxThrowException, _wcsdup, _stricmp, wcstombs, memcpy, wcstoul, _XcptFilter, _amsg_exit, _adjust_fdiv, _cexit, _exit, exit, _wcmdln, _initterm, wcschr, _wtoi, iswalpha, _except_handler3, __CxxFrameHandler

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: ActiveX Data Objects Resources
original name: msader15.dll
internal name: msader15.dll
file version.: 6.1.7000.0 (winmain_win7beta.081212-1400)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=82C03881000F0A084EA101EA9FBDF8004BC88A20' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=82C03881000F0A084EA101EA9FBDF8004BC88A20</a>
Cursedby27
Active Member
 
Posts: 11
Joined: May 30th, 2010, 3:19 am

Re: ohtgnoenriga.com redirect

Unread postby melboy » June 7th, 2010, 2:06 pm

Hi

Just the one hit at virustotal isn't usually conclusive proof but other research leads me to believe this could be the culprit.

let me know how things are running after running the CFScript below.



COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    http://malwareremoval.com/forum/viewtopic.php?p=526598#p526598
    
    Collect:: 
    c:\windows\Tasks\NCFPSDR.job
    c:\windows\system32\apcupsk.dll 
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

===========
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ohtgnoenriga.com redirect

Unread postby Cursedby27 » June 7th, 2010, 3:55 pm

ComboFix 10-06-07.01 - NAME REDACTED 06/07/2010 14:46:51.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2460 [GMT -5:00]
Running from: c:\documents and settings\NAME REDACTED\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\NAME REDACTED\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

file zipped: c:\windows\system32\apcupsk.dll
file zipped: c:\windows\Tasks\NCFPSDR.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\apcupsk.dll
c:\windows\Tasks\NCFPSDR.job

.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 19:26 . 2010-06-07 19:26 -------- d-----w- c:\program files\PamFax
2010-06-07 19:11 . 2010-06-07 19:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 06:07 . 2010-06-04 06:07 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-04 06:07 . 2010-06-04 06:07 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-04 06:04 . 2010-06-04 06:04 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-01 19:33 . 2010-06-01 19:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-30 16:32 . 2010-05-30 16:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-05-30 07:11 . 2010-05-30 07:11 -------- d-----w- C:\rsit
2010-05-30 07:06 . 2010-05-30 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-30 04:57 . 2010-05-30 04:58 -------- d-----w- c:\windows\system32\NtmsData
2010-05-30 02:17 . 2010-05-30 02:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-28 21:26 . 2010-05-28 21:26 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Malwarebytes
2010-05-28 21:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-28 21:26 . 2010-05-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 21:26 . 2010-05-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-28 21:26 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 17:02 . 2010-05-30 07:11 -------- d-----w- c:\program files\Trend Micro
2010-05-27 00:09 . 2010-05-27 00:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-27 00:09 . 2010-05-27 00:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stardock
2010-05-27 00:09 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-26 20:04 . 2010-05-26 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-25 18:26 . 2010-05-25 18:26 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Artisteer
2010-05-19 05:01 . 2007-02-21 07:09 2781184 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-05-17 16:29 . 2010-06-07 19:32 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\FileZilla
2010-05-17 05:01 . 2010-05-17 05:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-15 16:28 . 2010-05-15 16:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-15 16:27 . 2010-06-03 16:48 -------- d-----w- c:\program files\Google
2010-05-15 07:12 . 2010-06-02 02:27 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\dvdcss
2010-05-15 07:10 . 2010-05-15 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-14 06:10 . 2010-06-04 06:08 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-14 06:10 . 2010-06-04 06:04 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-14 06:10 . 2010-06-04 06:04 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-14 06:09 . 2010-05-14 06:09 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-14 06:09 . 2010-05-14 06:09 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-14 06:09 . 2010-05-14 06:09 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-14 06:09 . 2010-05-14 06:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-14 06:09 . 2010-06-04 06:08 -------- d-----w- c:\program files\DivX
2010-05-14 06:09 . 2010-06-04 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-14 05:58 . 2010-05-23 01:27 -------- d-----w- c:\documents and settings\NAME REDACTED\dwhelper
2010-05-13 05:18 . 2010-05-13 05:18 -------- d-----w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\HuluDesktop
2010-05-13 03:35 . 2010-05-13 03:35 134148 ----a-w- c:\windows\ColorPic Uninstaller.exe
2010-05-13 03:33 . 2008-07-10 18:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-13 03:33 . 2010-05-13 03:33 -------- d-----w- c:\windows\system32\QuickTime
2010-05-13 03:33 . 2010-05-13 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-05-13 03:33 . 2010-05-13 03:33 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-05-13 03:29 . 2010-05-13 03:29 -------- d-----w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Apple
2010-05-13 03:29 . 2010-05-17 05:00 -------- d-----w- c:\program files\Apple Software Update
2010-05-13 03:29 . 2010-05-13 03:29 -------- d-----w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Apple Computer
2010-05-13 03:15 . 2010-05-13 03:15 -------- d-----w- c:\program files\VSTplugins
2010-05-13 03:15 . 2010-05-13 03:15 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Publish Providers
2010-05-13 03:15 . 2010-05-13 03:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-13 03:14 . 2010-05-13 03:47 -------- d-----w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Sony
2010-05-13 03:14 . 2010-05-13 03:47 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Sony
2010-05-13 03:01 . 2010-05-13 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-05-13 02:55 . 2010-05-13 02:55 -------- d-----w- c:\program files\JRE
2010-05-13 02:18 . 2010-05-14 18:14 1 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-13 02:17 . 2010-05-13 02:17 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\OpenOffice.org
2010-05-13 01:28 . 2010-05-13 01:28 503808 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5fd61cd7-n\msvcp71.dll
2010-05-13 01:28 . 2010-05-13 01:28 499712 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5fd61cd7-n\jmc.dll
2010-05-13 01:28 . 2010-05-13 01:28 61440 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f14fd62-n\decora-sse.dll
2010-05-13 01:28 . 2010-05-13 01:28 348160 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5fd61cd7-n\msvcr71.dll
2010-05-13 01:28 . 2010-05-13 01:28 12800 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f14fd62-n\decora-d3d.dll
2010-05-13 01:28 . 2010-05-13 01:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-13 01:28 . 2010-05-13 02:52 -------- d-----w- c:\program files\Java
2010-05-13 00:16 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-13 00:16 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-13 00:11 . 2010-05-13 00:11 39936 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2010-05-13 00:11 . 2010-05-13 00:11 -------- d-----w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\ABBYY
2010-05-13 00:11 . 2010-05-13 00:11 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\ABBYY
2010-05-13 00:09 . 2010-05-13 00:23 -------- d-----w- c:\program files\ABBYY
2010-05-13 00:04 . 2010-05-13 00:04 -------- d-----w- C:\Kpcms
2010-05-13 00:02 . 2004-01-08 16:39 184320 ----a-w- c:\windows\system32\MSM0CW.dll
2010-05-13 00:02 . 2003-04-25 00:00 35589 ----a-w- c:\windows\system32\MSMWUD10.dll
2010-05-13 00:02 . 2002-10-08 23:53 41733 ----a-w- c:\windows\system32\MSMB1W.dll
2010-05-13 00:02 . 2002-07-30 21:12 73728 ----a-w- c:\windows\system32\MSME0w.dll
2010-05-13 00:02 . 2002-05-21 19:25 37589 ----a-w- c:\windows\system32\MSMD2w.dll
2010-05-13 00:02 . 2002-01-14 19:58 37564 ----a-w- c:\windows\system32\MSMDEw.dll
2010-05-13 00:02 . 2001-12-26 13:47 35563 ----a-w- c:\windows\system32\MSMWUD.dll
2010-05-13 00:02 . 2003-07-17 21:12 12499 ----a-w- c:\windows\system32\Msmusd7.dll
2010-05-13 00:02 . 2003-06-11 17:03 15396 ----a-w- c:\windows\system32\Msmusd5.dll
2010-05-13 00:02 . 2001-06-20 20:44 13962 ----a-w- c:\windows\system32\Msmusd6.dll
2010-05-13 00:02 . 2010-05-13 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-13 00:01 . 2010-05-13 00:01 -------- d-----w- c:\program files\Microtek
2010-05-12 21:52 . 2010-05-12 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-05-12 20:21 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-05-12 20:21 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-05-12 20:21 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-05-12 20:21 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-05-12 18:54 . 2010-05-12 18:55 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\boswars
2010-05-11 17:50 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-11 17:50 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-05-11 17:50 . 2010-05-11 17:50 -------- d-----w- c:\windows\Logs
2010-05-11 17:50 . 2010-05-11 17:50 -------- d-----w- c:\program files\Winamp Toolbar
2010-05-11 17:50 . 2010-05-11 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2010-05-11 05:17 . 2010-05-11 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-05-11 04:54 . 2010-05-11 04:54 -------- d-----w- c:\program files\Bonjour
2010-05-11 04:26 . 2010-05-11 04:26 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-05-10 02:38 . 2010-06-07 19:42 18006 ----a-w- c:\windows\system32\tablet.dat
2010-05-10 02:38 . 2010-05-10 02:38 -------- d-----w- c:\windows\system32\WTablet
2010-05-10 02:38 . 2001-04-09 18:45 8138 ----a-w- c:\windows\system32\drivers\PenClass.sys
2010-05-10 02:38 . 2005-10-19 20:53 102400 ----a-w- c:\windows\system32\Wintab32.dll
2010-05-10 02:38 . 2005-10-19 20:31 749568 ----a-w- c:\windows\system32\Tablet.exe
2010-05-10 02:32 . 2010-05-10 02:40 -------- d-----w- c:\program files\Tablet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 19:44 . 2010-05-08 03:46 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Skype
2010-06-07 19:44 . 2010-05-08 03:47 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\skypePM
2010-06-07 07:47 . 2010-05-08 01:35 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-06 20:21 . 2010-05-08 05:37 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\vlc
2010-06-06 19:26 . 2010-06-04 06:08 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\DivX
2010-05-28 22:45 . 2010-05-08 01:50 25736 ----a-w- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 04:56 . 2010-05-08 03:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 05:31 . 2010-05-11 17:47 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Winamp
2010-05-13 22:48 . 2010-05-08 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-05-13 02:55 . 2010-05-13 02:10 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-13 02:10 . 2010-05-13 01:28 -------- d-----w- c:\program files\Common Files\Java
2010-05-13 02:04 . 2010-05-13 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-05-13 01:52 . 2010-05-13 01:52 -------- d-----w- c:\program files\EPSON
2010-05-13 00:01 . 2010-05-08 00:41 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-12 20:42 . 2010-05-12 20:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-05-12 20:21 . 2010-05-12 20:20 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\ManyCam
2010-05-10 02:29 . 2010-05-08 05:57 -------- d-----w- c:\program files\TabletPlugins
2010-05-10 02:27 . 2010-05-08 03:45 -------- d-----r- c:\program files\Skype
2010-05-08 04:30 . 2010-05-08 04:30 -------- d-----w- c:\program files\MSBuild
2010-05-08 04:30 . 2010-05-08 04:30 -------- d-----w- c:\program files\Reference Assemblies
2010-05-08 04:21 . 2010-05-08 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-08 04:05 . 2010-05-08 04:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-08 04:05 . 2010-05-08 04:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-08 03:48 . 2010-05-08 00:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-08 03:47 . 2010-05-08 03:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-08 03:46 . 2010-05-08 03:46 -------- d-----w- c:\program files\Common Files\Skype
2010-05-08 03:45 . 2010-05-08 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-08 03:30 . 2010-05-08 03:30 -------- d-----w- c:\program files\Alwil Software
2010-05-08 03:30 . 2010-05-08 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-08 03:20 . 2010-05-08 03:20 -------- d-----w- c:\program files\MSXML 4.0
2010-05-08 01:50 . 2010-05-08 01:50 -------- d-----w- c:\program files\Common Files\Stardock
2010-05-08 01:49 . 2010-05-08 01:49 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Stardock
2010-05-08 01:49 . 2010-05-08 01:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-05-08 01:47 . 2010-05-08 01:47 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Ahead
2010-05-08 01:47 . 2010-05-08 01:23 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-08 01:35 . 2010-05-08 01:35 -------- d-----w- c:\documents and settings\NAME REDACTED\Application Data\Thunderbird
2010-05-08 01:30 . 2010-05-08 01:30 0 ----a-w- c:\windows\nsreg.dat
2010-05-08 01:11 . 2010-05-08 01:11 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-05-08 01:11 . 2010-05-08 01:11 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-05-08 01:09 . 2010-05-08 01:09 -------- d-----w- c:\program files\C-Media
2010-05-08 00:22 . 2010-05-08 00:22 -------- d-----w- c:\program files\microsoft frontpage
2010-05-08 00:19 . 2010-05-08 00:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-06 20:59 . 2010-05-08 03:30 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2010-05-08 03:30 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-05-08 03:30 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-05-08 03:30 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-05-08 03:30 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-05-08 03:30 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-05-08 03:30 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-05-08 03:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-05-08 03:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-27 18:40 . 2010-06-04 06:08 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2010-06-04 06:08 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2010-05-11 17:47 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-04-27 18:40 . 2010-05-11 17:47 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-04-27 18:40 . 2010-05-11 17:47 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2010-05-11 17:47 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-08 07:50 . 2010-05-08 04:35 1496064 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-08 07:50 . 2010-05-08 04:35 43008 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-08 07:50 . 2010-05-08 04:35 338944 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-08 07:50 . 2010-05-08 04:35 346112 ----a-w- c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-10 19:29 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-06_03.35.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-07 19:42 . 2010-06-07 19:42 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
+ 2010-06-07 19:42 . 2010-06-07 19:42 16384 c:\windows\Temp\Perflib_Perfdata_168.dat
+ 2010-06-07 19:11 . 2010-06-07 19:11 38400 c:\windows\Installer\88a3096.msi
+ 2010-06-07 19:11 . 2010-06-07 19:11 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-07 19:11 . 2010-06-07 19:11 20242432 c:\windows\Installer\88a30a1.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"Google Update"="c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-08 136176]
"ManyCam"="d:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216]
"nwiz"="nwiz.exe" [2005-01-10 1490944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-01-10 86016]
"C-Media Mixer"="Mixer.exe" [2002-03-04 1454080]
"C-Media Echo Control"="d:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"Microtek_Scanner_Server"="c:\program files\Microtek\ScanWizard Pro\LANServer.exe" [2004-09-01 225280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

c:\documents and settings\NAME REDACTED\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Stardock ObjectDock.lnk - d:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-5-7 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2010-5-9 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "d:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microtek\\ScanWizard Pro\\LANServer.exe"=
"d:\\Program Files\\Synergy\\synergys.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"d:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/7/2010 10:30 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/7/2010 10:31 PM 19024]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/15/2010 11:27 AM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 16:27]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 16:27]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-839522115-1003Core.job
- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 03:56]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-839522115-1003UA.job
- c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 03:56]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\88n35o1d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\NAME REDACTED\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\NAME REDACTED\Local Settings\Application Data\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 14:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-07 14:51:53
ComboFix-quarantined-files.txt 2010-06-07 19:51
ComboFix2.txt 2010-06-06 03:36

Pre-Run: 41,332,445,184 bytes free
Post-Run: 41,355,522,048 bytes free

- - End Of File - - FF23F915769B8CBDDF0159DAB6C5CC7C
Upload was successful
Cursedby27
Active Member
 
Posts: 11
Joined: May 30th, 2010, 3:19 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware