Help! XP Security 2012 rogue

furious32 · July 4, 2011

Hi Ali,

Here are the 2 logs;

OTL logfile created on: 04/07/2011 15:46:43 - Run 1

OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WASCP\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 73.97% Memory free

3.81 Gb Paging File | 3.47 Gb Available in Paging File | 91.21% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.92 Gb Total Space | 131.01 Gb Free Space | 87.97% Space Free | Partition Type: NTFS

Computer Name: BOBCOLLINS | User Name: Bob Collins | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/04 15:39:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WASCP\My Documents\Downloads\OTL.scr

PRC - [2011/06/16 06:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/06/10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/06/12 18:09:14 | 000,408,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe

========== Modules (SafeList) ==========

MOD - [2011/07/04 15:39:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WASCP\My Documents\Downloads\OTL.scr

MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)

SRV - File not found [Disabled | Stopped] -- -- (AMService)

SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/06/12 18:09:16 | 002,521,880 | ---- | M] (Intel) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®

SRV - [2007/06/12 18:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®

SRV - [2007/06/12 18:09:14 | 000,109,336 | ---- | M] (Intel) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

SRV - [2007/01/23 04:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)

========== Driver Services (SafeList) ==========

DRV - [2007/09/25 04:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2007/07/24 03:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)

DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007/01/23 04:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thecollegespartnership.co.uk/content.asp?ContentID=1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 08:20:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 17:03:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/24 10:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WASCP\Application Data\Mozilla\Extensions

[2011/06/24 10:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WASCP\Application Data\Mozilla\Firefox\Profiles\rfkfg9b9.default\extensions

[2011/06/24 10:25:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WASCP\Application Data\Mozilla\Firefox\Profiles\rfkfg9b9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/07/01 17:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2011/06/16 06:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/01/01 10:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/06/24 10:23:07 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 10:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2010/01/01 10:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2010/01/01 10:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)

O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)

O15 - HKCU\..Trusted Domains: tribalhosted.co.uk ([csg2] https in Trusted sites)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228722288531 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\WASCP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\WASCP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 23:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 14:01:18 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/04 14:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/04 14:01:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/04 14:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/04 10:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/04 10:00:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/01 17:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Desktop\Richies tools

[2011/07/01 17:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2011/07/01 16:23:41 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/07/01 16:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/07/01 16:15:10 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2011/07/01 15:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\Malwarebytes

[2011/07/01 15:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/06/24 15:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\win

[2011/06/24 10:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Local Settings\Application Data\Mozilla

[2011/06/24 10:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\Mozilla

[2011/06/24 10:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/06/24 08:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced PC Tweaker

[2011/06/23 11:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\MSNInstaller

[2011/06/23 10:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/06/21 12:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/06/21 12:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2011/06/21 11:17:57 | 000,000,000 | ---D | C] -- C:\svest

[2011/06/20 13:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation

[2011/06/10 08:22:59 | 000,000,000 | ---D | C] -- C:\found.000

[2011/06/08 14:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google

========== Files - Modified Within 30 Days ==========

[2011/07/04 15:45:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/04 15:45:07 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/04 15:45:04 | 2101,964,800 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/04 15:45:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/04 14:42:02 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/04 14:01:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/04 12:45:25 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/07/04 12:10:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/04 11:27:44 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2011/07/04 09:53:19 | 000,467,220 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/07/04 09:53:19 | 000,080,310 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/07/01 17:03:46 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/07/01 17:03:46 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/07/01 16:23:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/06/24 12:12:25 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\One-Click Tweak.job

[2011/06/24 10:59:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/24 10:24:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2011/06/23 11:02:24 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2011/06/21 13:46:17 | 000,002,312 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== Files Created - No Company Name ==========

[2011/07/04 15:45:04 | 2101,964,800 | -HS- | C] () -- C:\hiberfil.sys

[2011/07/04 14:01:18 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/04 11:27:43 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2011/07/01 17:03:46 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/07/01 17:03:46 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/07/01 17:03:46 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/07/01 16:23:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/07/01 16:23:43 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/06/24 10:24:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/06/24 08:57:01 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\One-Click Tweak.job

[2011/06/20 08:32:26 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011/05/24 08:13:03 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2011/05/11 15:01:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/09/22 08:17:46 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\WASCP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/30 11:07:16 | 000,038,433 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Comma Separated Values (Windows).ADR

[2009/01/29 12:49:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/10/16 20:44:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/10/16 20:44:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll

[2008/10/16 20:44:13 | 000,001,167 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/10/16 12:00:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/10/16 11:56:13 | 000,002,312 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/25 23:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/04/25 23:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/25 23:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/25 18:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/25 18:16:22 | 000,467,220 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/25 18:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/25 18:16:22 | 000,080,310 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/25 18:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/25 18:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/25 18:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/25 18:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/04/25 18:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/25 18:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/25 18:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/25 18:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/25 11:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/04/25 11:21:52 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/02/28 06:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll

[2007/01/23 04:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

========== LOP Check ==========

[2011/07/01 16:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/07/04 12:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/10/22 07:56:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/10/22 07:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/07/04 11:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/02/03 13:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i

[2010/10/22 08:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\AVG10

[2011/05/13 08:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Avidat

[2011/02/03 13:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\FinalTorrent

[2011/05/31 14:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Geaw

[2009/02/12 09:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\ICAClient

[2011/06/24 08:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\MSNInstaller

[2010/10/26 10:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Registry Mechanic

[2011/06/10 08:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Vytea

[2009/03/30 10:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Windows Desktop Search

[2009/07/01 09:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Windows Search

[2011/06/24 12:12:25 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\One-Click Tweak.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/16 06:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/16 06:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/16 06:32:40 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/16 06:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/16 06:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/16 06:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 14:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 14:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 14:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 12:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\@: C:\Program Files (x86)\Internet Explorer\iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >