MalwareTips.com
Current time: 05-19-2013, 12:15 AM
Hello,is this your first visit?! If NOT use this login panel!
Nick:  
Password:     
If YES, you should join
our amazing community!
Create an account!
Follow us
Facebook MalwareTips.com Twitter MalwareTips.com Google Plus MalwareTips.com
  • Portal
    Home
  • News
    Headlines
  • Forums
    Community
  • Tutorials
    How-to's
  • Malware Help
    Assistance
    • Removal assistance
    • Malware removal guides
    • Security wizard
  • Reviews
    Products review
    • Video reviews
    • Written reviews
  • Giveaways
    Free stuff
    • Giveaways and promo
    • Discounts
    • Desktop enhancements
  • Malware Hub
    Virus Pipe
    • Virus Exchange
    • Virus List
  • Blogs
    Research
User Control Panel View New Posts View Today's Posts House Rules

MalwareTips.com / Malware Removal and Prevention Services / Malware Removal Assistance v
« Previous 1 ... 10 11 12 13 14 ... 19 Next »
/ FBI Ranson Virus
Pages (2): 1 2 Next »
Tweet
Post Reply 
Threaded Mode | Linear Mode
FBI Ranson Virus
01-05-2013, 10:23 PM
Post: #1
allstrick Offline
New member (Level 1)
 		Posts: 8
Joined: Jan 2013
Kudos 0
FBI Ranson Virus
Operating system: XP SP3
Architecture: 32 bit
Antivirus software and on-demand scanners on this system : McAfee
MalwareBytes - 1/1/2013
Date and how issue started: 12/28/2012 - Ransom screen took over computer while surfing sites.
Current issues and symptoms: Was not able to boot into safemode of either kind because of blue screen appearing.
Was able to load old McAfee cd and remove a trojan but virus returned also immediately
Cannot access cmd prompt. task mgr, internet, ftp or basically anything useful in removing virus. I can see my files still there but I'm not opening anything.
Steps taken in order to remove the infection: I have currently created the HitmanPro usb rescure scanner and I have rebooted to it from my affected machine. However, after the program started and once I enter my email address and again to confirm and then click Next, it appears to be stuck. I haven't rebooted and tried again. I wanted to make sure if this was normal or not. BTW, I have my Internet LAN cable unplugged. I can move the mouse but not the HitmanPro window. My harddrive light is flashing but it has been on this email screen for over an hour now. Is this common. I have a LOT of files and a virus scan usually takes several hours.
REQUESTED LOGS: aswMBR LOG
I have currently created the HitmanPro usb rescure scanner and I have rebooted to it from my affected machine. However, after the program started and once I enter my email address and again to confirm and then click Next, it appears to be stuck. I haven't rebooted and tried again. I wanted to make sure if this was normal or not. BTW, I have my Internet LAN cable unplugged. I can move the mouse but not the HitmanPro window. My harddrive light is flashing but it has been on this email screen for over an hour now. Is this common. I have a LOT of files and a virus scan usually takes several hours. Should I restart and try the USB boot again?
Find all posts by this user
Quote this message in a reply
01-05-2013, 10:33 PM
Post: #2
Fiery Offline
Community Admin
 		Posts: 1,588
Joined: Jan 2011
Kudos 495
RE: FBI Ranson Virus
Hi and welcome to MalwareTips! Smile

My name is Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.


Please print these instruction out so that you know what you are doing
  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Download List Parts and save it to the flash drive also.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Wait for the CD to detect your hardware and load the operating system
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • Next click List Parts and then click Scan
    It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.
Find all posts by this user
Quote this message in a reply
01-06-2013, 04:12 AM
Post: #3
allstrick Offline
New member (Level 1)
 		Posts: 8
Joined: Jan 2013
Kudos 0
RE: FBI Ranson Virus
Thank you so such quick response. Here is the log from the FRST scan and the ListParts scan
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2012
Ran by SYSTEM at 05-01-2013 22:01:20
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet004

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [] [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [1116920 2006-08-17] (Roxio)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-15] ( )
HKLM\...\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [241664 2003-12-22] (Hewlett-Packard Company)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128560 2007-06-08] (CyberLink Corp.)
HKLM\...\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [296056 2012-02-17] (RealNetworks, Inc.)
HKLM\...\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave [815704 2010-07-08] (GlavSoft LLC.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Documents and Settings\All Users\Application Data\ifgxpers.exe" [130192 2012-12-28] (?????????? ??????????)
HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-08-29] (Carbonite, Inc.)
HKLM\...\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize [387687 2005-10-21] (Defender Pro LLC)
HKLM\...\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe [151552 2003-07-08] (Motive Communications, Inc.)
HKLM\...\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe [36640 2007-06-21] ()
HKLM\...\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide [1082920 2007-01-19] (McAfee, Inc.)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Bruce\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Bruce\...\Run: [] [x]
HKU\Bruce\...\Run: [PCShowServer] "C:\Documents and Settings\Bruce\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [x]
HKU\Bruce\...\Run: [Jump Desktop] C:\Program Files\Jump Desktop\JumpDesktop.exe autorun [424040 2012-05-18] (Phase Five Systems)
Winlogon\Notify\TPSvc: TPSvc.dll [X]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\Bruce\Start Menu\Programs\Startup\JustCloud.lnk
ShortcutTarget: JustCloud.lnk -> C:\Program Files\JustCloud\JustCloud.exe (JustCloud.com)

==================== Services (Whitelisted) ===================

2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)
2 BackupStack; C:\Program Files\JustCloud\BackupStack.exe [34344 2012-12-25] (Just Develop It)
2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [4643912 2012-08-29] (Carbonite, Inc. (http://www.carbonite.com))
3 Emproxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [341584 2007-01-12] (McAfee, Inc.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [105832 2013-01-05] (SurfRight B.V.)
2 hnmsvc; "C:\Program Files\Dell Network Assistant\hnm_svc.exe" [112176 2007-05-25] (SingleClick Systems)
2 JumpDesktop; "C:\Program Files\Jump Desktop\JumpService.exe" [7680 2012-05-18] (Phase Five Systems)
2 kavsvc; "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe" [917610 2005-10-20] (Defender Pro LLC)
2 McAfee HackerWatch Service; "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" [540776 2007-02-13] (McAfee, Inc.)
3 mcmispupdmgr; C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe [689752 2007-01-05] (McAfee, Inc.)
2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [361560 2007-01-05] (McAfee, Inc.)
2 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [362064 2007-01-16] (McAfee, Inc.)
2 mcpromgr; C:\PROGRA~1\McAfee\MSC\mcpromgr.exe [493144 2007-01-05] (McAfee, Inc.)
2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144960 2006-12-22] (McAfee, Inc.)
2 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [643664 2007-01-25] (McAfee, Inc.)
2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [841256 2007-06-19] (McAfee, Inc.)
2 SiteAdvisor Service; C:\Program Files\SiteAdvisor\6145\SAService.exe [328992 2013-01-02] ()
2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.)
2 tvnserver; "C:\Program Files\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.)
3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
2 LinksysUpdater; "C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf" [x]
2 McNASvc; "c:\program files\common files\mcafee\mna\mcnasvc.exe" [x]
2 McRedirector; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
4 msvsmon80; "c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

==================== Drivers (Whitelisted) ====================

3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)
3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH)
3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [30616 2013-01-05] ()
3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2004-01-05] (HP)
3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-01-05] (HP)
3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2004-01-05] (HP)
3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [24216 2010-03-10] (Initio Corporation)
3 L6PODLV; C:\Windows\System32\Drivers\L6PODLV.sys [530560 2008-10-23] (Line 6)
3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [71496 2006-12-22] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34184 2006-12-22] (McAfee, Inc.)
3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [170408 2006-12-22] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [32008 2006-12-22] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [37480 2006-12-22] (McAfee, Inc.)
3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [109608 2007-03-02] (McAfee, Inc.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [27136 2009-01-09] (NCH Swift Sound)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems)
3 SAMFILT; C:\Windows\System32\drivers\samfilt.sys [34688 2006-02-10] (Dolphin, Inc.)
3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2007-12-13] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 USB_RNDIS_XP; C:\Windows\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
1 lbrtfdc; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 Simbad; [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-01-05 21:21 - 2013-01-05 21:56 - 00030616 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-01-05 21:19 - 2013-01-05 21:19 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-01-05 21:19 - 2013-01-05 21:19 - 00000000 ____D C:\Program Files\HitmanPro
2013-01-05 21:11 - 2013-01-05 21:11 - 00090112 ____A C:\Windows\Minidump\Mini010513-01.dmp
2013-01-05 16:10 - 2013-01-05 22:08 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-01-05 16:07 - 2013-01-05 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-01-03 21:47 - 2013-01-03 21:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2013-01-02 23:38 - 2013-01-05 22:01 - 00003118 ____A C:\Windows\System32\Config.MPF
2013-01-02 23:34 - 2013-01-02 23:34 - 00000666 ____A C:\Documents and Settings\All Users\Desktop\McAfee Easy Network.lnk
2013-01-02 23:33 - 2013-01-02 23:33 - 00000671 ____A C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
2013-01-02 23:20 - 2013-01-02 23:35 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\SiteAdvisor
2013-01-02 23:20 - 2013-01-02 23:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2013-01-02 23:18 - 2007-03-02 15:16 - 00109608 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\Mpfp.sys
2013-01-02 23:18 - 2006-12-22 17:02 - 00170408 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2013-01-02 23:18 - 2006-12-22 17:02 - 00071496 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2013-01-02 23:18 - 2006-12-22 17:02 - 00037480 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfesmfk.sys
2013-01-02 23:18 - 2006-12-22 17:02 - 00034184 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfebopk.sys
2013-01-02 23:18 - 2006-12-22 17:02 - 00032008 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdk.sys
2013-01-02 23:17 - 2013-01-02 23:17 - 00000352 ____A C:\Windows\Tasks\McQcTask.job
2013-01-02 23:17 - 2013-01-02 23:17 - 00000350 ____A C:\Windows\Tasks\McDefragTask.job
2013-01-02 23:16 - 2013-01-02 23:16 - 00000000 ____D C:\Program Files\McAfee.com
2013-01-02 22:57 - 2013-01-02 23:05 - 35984276 ____A C:\BellSouthIW.reg
2013-01-02 22:06 - 2005-06-14 20:22 - 00008200 ____A (Kaspersky Labs) C:\Windows\System32\Drivers\klin.sys
2013-01-02 22:06 - 2005-06-14 19:27 - 00038123 ____A (Kaspersky Labs) C:\Windows\System32\Drivers\klick.sys
2013-01-02 22:04 - 2013-01-02 22:04 - 00001983 ____A C:\Documents and Settings\Bruce\Desktop\Defender Pro PC Tune-up and Repair.lnk
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\PowerDVD DX
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InstallShield
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-01-01 16:36 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$
2013-01-01 16:36 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-01-01 16:35 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-01-01 16:35 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-01-01 16:35 - 2013-01-01 16:35 - 00008264 ____A C:\Windows\KB2779562.log
2013-01-01 16:33 - 2013-01-01 16:35 - 00016327 ____A C:\Windows\KB2761465-IE8.log
2013-01-01 15:56 - 2013-01-01 15:56 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\Malwarebytes
2012-12-28 19:46 - 2012-12-28 19:46 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-12-28 16:20 - 2012-12-28 16:20 - 00751078 ____A C:\Documents and Settings\All Users\Application Data\1.bmp
2012-12-28 14:14 - 2013-01-01 20:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-12-28 14:14 - 2012-12-28 14:16 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2012-12-28 14:14 - 2012-12-14 17:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-28 14:10 - 2012-12-28 14:11 - 00002698 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2012-12-28 14:02 - 2012-12-28 14:02 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2012-12-28 13:59 - 2012-12-28 13:59 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-12-28 13:55 - 2012-12-28 15:48 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-12-28 13:55 - 2012-12-28 14:08 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-12-28 13:55 - 2010-06-17 20:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2012-12-28 13:55 - 2008-01-04 09:24 - 00044976 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-12-28 13:55 - 2008-01-04 09:24 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Google Gadgets
2012-12-28 13:55 - 2008-01-04 09:24 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Roxio
2012-12-28 13:55 - 2008-01-04 09:24 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Roxio
2012-12-28 13:55 - 2008-01-04 09:21 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SingleClick Systems
2012-12-28 13:55 - 2008-01-04 09:21 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2012-12-28 13:55 - 2004-08-10 13:57 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2012-12-28 13:37 - 2012-12-28 13:37 - 00000000 __SHD C:\found.000
2012-12-28 12:53 - 2012-12-28 12:53 - 00130192 ____A (?????????? ??????????) C:\Documents and Settings\All Users\Application Data\ifgxpers.exe
2012-12-14 17:09 - 2013-01-01 16:36 - 00022511 ____A C:\Windows\KB2758857.log
2012-12-07 13:17 - 2012-12-07 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\MFAData
2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\Avg2013
2012-12-06 22:04 - 2012-12-06 22:04 - 00111508 ___AH C:\Windows\System32\mlfcache.dat
2012-12-06 22:02 - 2012-12-06 22:02 - 00001854 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk
2012-12-06 22:02 - 2012-12-06 22:02 - 00000000 ____D C:\Program Files\Safari
2012-12-06 22:01 - 2012-12-22 12:23 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-12-06 22:01 - 2012-12-06 22:01 - 00000000 ____D C:\Program Files\Apple Software Update


==================== One Month Modified Files and Folders ========

2013-01-05 22:22 - 2011-05-07 18:11 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{DA2FC216-6A7D-45AC-8027-0EBD2CAB2220}.job
2013-01-05 22:13 - 2011-12-07 22:13 - 00000486 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-01-05 22:08 - 2013-01-05 16:10 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-01-05 22:08 - 2008-02-26 21:41 - 00000000 ____D C:\MDT
2013-01-05 22:08 - 2008-01-09 23:38 - 00003120 ___AC C:\Windows\D9H7ADHB.ocx
2013-01-05 22:08 - 2008-01-09 23:38 - 00003120 ____A C:\Windows\System32\HAF9SE8J.ocx
2013-01-05 22:07 - 2004-08-10 14:02 - 01067755 ____A C:\Windows\WindowsUpdate.log
2013-01-05 22:03 - 2004-08-10 13:59 - 00000159 ____A C:\Windows\wiadebug.log
2013-01-05 22:03 - 2004-08-10 13:59 - 00000048 ____A C:\Windows\wiaservc.log
2013-01-05 22:02 - 2010-08-12 21:46 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-05 22:02 - 2008-01-09 21:35 - 00000062 __ASH C:\Documents and Settings\Bruce\Local Settings\desktop.ini
2013-01-05 22:02 - 2004-08-10 14:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-01-05 22:02 - 2004-08-10 14:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-01-05 22:02 - 2004-08-10 14:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-05 22:01 - 2013-01-05 22:01 - 00000000 ____D C:\FRST
2013-01-05 22:01 - 2013-01-02 23:38 - 00003118 ____A C:\Windows\System32\Config.MPF
2013-01-05 22:01 - 2008-01-09 21:35 - 00000278 ___SH C:\Documents and Settings\Bruce\ntuser.ini
2013-01-05 22:01 - 2004-08-10 14:08 - 00032358 ____A C:\Windows\SchedLgU.Txt
2013-01-05 21:56 - 2013-01-05 21:21 - 00030616 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-01-05 21:19 - 2013-01-05 21:19 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-01-05 21:19 - 2013-01-05 21:19 - 00000000 ____D C:\Program Files\HitmanPro
2013-01-05 21:11 - 2013-01-05 21:11 - 00090112 ____A C:\Windows\Minidump\Mini010513-01.dmp
2013-01-05 21:11 - 2011-04-20 21:12 - 00000000 ____D C:\Windows\Minidump
2013-01-05 16:07 - 2013-01-05 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-01-05 16:06 - 2004-08-10 13:51 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-01-03 21:47 - 2013-01-03 21:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2013-01-03 21:35 - 2009-07-19 10:31 - 00987101 ____A C:\Windows\setupapi.log
2013-01-03 02:31 - 2012-11-09 21:21 - 00000000 ____D C:\Program Files\Staples CD Labeler v5
2013-01-02 23:35 - 2013-01-02 23:20 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\SiteAdvisor
2013-01-02 23:34 - 2013-01-02 23:34 - 00000666 ____A C:\Documents and Settings\All Users\Desktop\McAfee Easy Network.lnk
2013-01-02 23:34 - 2008-05-01 20:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2013-01-02 23:33 - 2013-01-02 23:33 - 00000671 ____A C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
2013-01-02 23:20 - 2013-01-02 23:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2013-01-02 23:20 - 2009-07-18 21:50 - 00000000 ____D C:\Program Files\SiteAdvisor
2013-01-02 23:20 - 2009-07-18 21:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2013-01-02 23:19 - 2009-07-18 23:10 - 00000000 ____D C:\Program Files\McAfee
2013-01-02 23:18 - 2009-07-18 23:10 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-01-02 23:17 - 2013-01-02 23:17 - 00000352 ____A C:\Windows\Tasks\McQcTask.job
2013-01-02 23:17 - 2013-01-02 23:17 - 00000350 ____A C:\Windows\Tasks\McDefragTask.job
2013-01-02 23:16 - 2013-01-02 23:16 - 00000000 ____D C:\Program Files\McAfee.com
2013-01-02 23:06 - 2008-01-09 21:43 - 00000000 ___AC C:\Windows\BJCFDins.log
2013-01-02 23:05 - 2013-01-02 22:57 - 35984276 ____A C:\BellSouthIW.reg
2013-01-02 22:44 - 2008-07-26 13:29 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\FileZilla
2013-01-02 22:04 - 2013-01-02 22:04 - 00001983 ____A C:\Documents and Settings\Bruce\Desktop\Defender Pro PC Tune-up and Repair.lnk
2013-01-02 22:04 - 2008-01-09 23:33 - 00000000 ____D C:\Program Files\Defender Pro
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\PowerDVD DX
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InstallShield
2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-01-01 20:57 - 2012-12-28 14:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-01 20:55 - 2013-01-01 16:36 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$
2013-01-01 20:55 - 2013-01-01 16:36 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-01-01 20:55 - 2013-01-01 16:35 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-01-01 20:55 - 2013-01-01 16:35 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-01-01 17:10 - 2004-08-10 13:57 - 00507400 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-01 16:36 - 2012-12-14 17:09 - 00022511 ____A C:\Windows\KB2758857.log
2013-01-01 16:36 - 2004-08-10 13:57 - 02190163 ____A C:\Windows\FaxSetup.log
2013-01-01 16:36 - 2004-08-10 13:57 - 01079774 ____A C:\Windows\ocgen.log
2013-01-01 16:36 - 2004-08-10 13:57 - 00841945 ____A C:\Windows\tsoc.log
2013-01-01 16:36 - 2004-08-10 13:57 - 00724294 ____A C:\Windows\comsetup.log
2013-01-01 16:36 - 2004-08-10 13:57 - 00442348 ____A C:\Windows\ntdtcsetup.log
2013-01-01 16:36 - 2004-08-10 13:57 - 00272356 ____A C:\Windows\iis6.log
2013-01-01 16:36 - 2004-08-10 13:57 - 00119375 ____A C:\Windows\ocmsn.log
2013-01-01 16:36 - 2004-08-10 13:57 - 00109735 ____A C:\Windows\msgsocm.log
2013-01-01 16:36 - 2004-08-10 13:57 - 00001355 ____A C:\Windows\imsins.log
2013-01-01 16:36 - 2004-08-10 13:57 - 00001355 ____A C:\Windows\imsins.BAK
2013-01-01 16:35 - 2013-01-01 16:35 - 00008264 ____A C:\Windows\KB2779562.log
2013-01-01 16:35 - 2013-01-01 16:33 - 00016327 ____A C:\Windows\KB2761465-IE8.log
2013-01-01 16:35 - 2008-01-04 09:10 - 00881144 ____A C:\Windows\System32\TZLog.log
2013-01-01 16:35 - 2008-01-04 09:08 - 00339552 ____A C:\Windows\updspapi.log
2013-01-01 16:33 - 2008-01-04 09:08 - 00000000 ___HD C:\Windows\$hf_mig$
2013-01-01 16:30 - 2008-01-13 10:06 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-01 16:15 - 2004-08-10 13:57 - 00593386 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-01 15:56 - 2013-01-01 15:56 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\Malwarebytes
2012-12-28 19:46 - 2012-12-28 19:46 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-12-28 16:20 - 2012-12-28 16:20 - 00751078 ____A C:\Documents and Settings\All Users\Application Data\1.bmp
2012-12-28 15:55 - 2011-05-19 15:01 - 00000286 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2592898406-2242705440-3200713710-1006.job
2012-12-28 15:49 - 2011-08-15 21:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2570222$
2012-12-28 15:48 - 2012-12-28 13:55 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-12-28 14:16 - 2012-12-28 14:14 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2012-12-28 14:11 - 2012-12-28 14:10 - 00002698 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2012-12-28 14:08 - 2012-12-28 13:55 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-12-28 14:02 - 2012-12-28 14:02 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2012-12-28 13:59 - 2012-12-28 13:59 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-12-28 13:37 - 2012-12-28 13:37 - 00000000 __SHD C:\found.000
2012-12-28 12:53 - 2012-12-28 12:53 - 00130192 ____A (?????????? ??????????) C:\Documents and Settings\All Users\Application Data\ifgxpers.exe
2012-12-26 21:11 - 2012-12-02 21:10 - 00000000 ____D C:\Program Files\JustCloud
2012-12-22 12:23 - 2012-12-06 22:01 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-12-14 17:49 - 2012-12-28 14:14 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-11 12:59 - 2012-04-12 17:27 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-12-11 12:59 - 2011-05-12 22:21 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-12-08 11:44 - 2009-05-14 15:03 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\Apple Computer
2012-12-07 13:19 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\MFAData
2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\Avg2013
2012-12-06 22:04 - 2012-12-06 22:04 - 00111508 ___AH C:\Windows\System32\mlfcache.dat
2012-12-06 22:02 - 2012-12-06 22:02 - 00001854 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk
2012-12-06 22:02 - 2012-12-06 22:02 - 00000000 ____D C:\Program Files\Safari
2012-12-06 22:02 - 2009-02-19 22:40 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\Apple Computer
2012-12-06 22:01 - 2012-12-06 22:01 - 00000000 ____D C:\Program Files\Apple Software Update

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-01-02 23:33 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1490

RP: -> 2013-01-01 16:30 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1487

RP: -> 2012-12-31 17:59 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1486

RP: -> 2012-12-27 17:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1485

RP: -> 2012-12-26 16:55 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1484

RP: -> 2012-12-25 13:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1483

RP: -> 2012-12-24 07:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1482

RP: -> 2012-12-23 01:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1481

RP: -> 2012-12-21 19:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1480

RP: -> 2012-12-20 13:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1479

RP: -> 2012-12-19 07:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1478

RP: -> 2012-12-18 01:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1477

RP: -> 2012-12-16 19:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1476

RP: -> 2012-12-15 13:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1475

RP: -> 2012-12-14 10:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1474

RP: -> 2012-12-13 01:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1473

RP: -> 2012-12-11 19:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1472

RP: -> 2012-12-10 13:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1471

RP: -> 2012-12-09 07:39 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1470

RP: -> 2012-12-08 01:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1469

RP: -> 2012-12-06 22:01 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1468

RP: -> 2012-12-05 23:43 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1467

RP: -> 2012-12-04 13:52 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1466

RP: -> 2012-12-03 01:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1465

RP: -> 2012-12-01 19:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1464

RP: -> 2012-11-30 16:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1463

RP: -> 2012-11-29 07:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1462

RP: -> 2012-11-28 01:41 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1461

RP: -> 2012-11-26 19:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1460

RP: -> 2012-11-25 13:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1459

RP: -> 2012-11-24 12:57 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1458

RP: -> 2012-11-22 15:26 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1457

RP: -> 2012-11-21 09:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1456

RP: -> 2012-11-20 03:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1455

RP: -> 2012-11-18 21:26 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1454

RP: -> 2012-11-17 15:26 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1453

RP: -> 2012-11-16 08:58 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1452

RP: -> 2012-11-15 22:30 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1451

RP: -> 2012-11-15 22:23 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1450

RP: -> 2012-11-15 22:22 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1449

RP: -> 2012-11-15 21:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1448

RP: -> 2012-11-15 20:55 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1447

RP: -> 2012-11-14 21:56 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1446

RP: -> 2012-11-09 07:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1445

RP: -> 2012-11-08 01:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1444

RP: -> 2012-11-06 19:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1443

RP: -> 2012-11-05 13:50 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1442

RP: -> 2012-11-04 07:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441

RP: -> 2012-11-03 01:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1440

RP: -> 2012-11-01 20:15 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1439

RP: -> 2012-10-31 13:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1438

RP: -> 2012-10-30 07:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1437

RP: -> 2012-10-29 01:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1436

RP: -> 2012-10-27 19:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1435

RP: -> 2012-10-26 13:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1434

RP: -> 2012-10-25 07:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1433

RP: -> 2012-10-24 01:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1432

RP: -> 2012-10-22 20:22 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1431

RP: -> 2012-10-21 13:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1430

RP: -> 2012-10-20 07:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1429

RP: -> 2012-10-19 01:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1428

RP: -> 2012-10-17 19:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1427

RP: -> 2012-10-16 13:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1426

RP: -> 2012-10-15 07:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1425

RP: -> 2012-10-14 01:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1424


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 3061.11 MB
Available physical RAM: 2749.37 MB
Total Pagefile: 2885.82 MB
Available Pagefile: 2816.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:74.45 GB) (Free:18.9 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (HITMANPRO) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32
5 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 2 Online 74 GB 0 B

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 74 GB 47 MB
=========================================================

Disk: 2
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 47 MB Healthy
=========================================================

Disk: 2
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C NTFS Partition 74 GB Healthy
=========================================================
==================== End Of Log ============================

ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 05-01-2013 at 22:03:16
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 3061.11 MB
Available physical RAM: 2836.72 MB
Total Pagefile: 2885.82 MB
Available Pagefile: 2823.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:74.45 GB) (Free:18.9 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (HITMANPRO) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32
5 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 2 Online 74 GB 0 B

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 74 GB 47 MB
================================================================================​======================

Disk: 2
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 47 MB Healthy
================================================================================​======================

Disk: 2
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C NTFS Partition 74 GB Healthy
================================================================================​======================

****** End Of Log ******
Find all posts by this user
Quote this message in a reply
01-06-2013, 04:37 AM
Post: #4
Fiery Offline
Community Admin
 		Posts: 1,588
Joined: Jan 2011
Kudos 495
RE: FBI Ranson Virus
Hi there,

Don't connect your PC to the internet just yet, keep it offline.

On a clean PC, open notepad and copy & paste the following:

Quote:HKLM\...\Run: [Adobe ARM] "C:\Documents and Settings\All Users\Application Data\ifgxpers.exe" [130192 2012-12-28] (?????????? ??????????)
HKU\Bruce\...\Run: [] [x]
2 kavsvc; "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe" [917610 2005-10-20] (Defender Pro LLC)
C:\Documents and Settings\All Users\Application Data\ifgxpers.exe
C:\Program Files\Defender Pro
C:\Windows\$NtUninstallKB2770660$
C:\Windows\$NtUninstallKB2779562$
C:\Windows\$NtUninstallKB2758857$
C:\Windows\$NtUninstallKB2779030$
C:\Windows\$NtUninstallKB2570222$

and save it as fixlist.txt onto your flash drive.

Then, boot to OTLPE, plug in your flash drive, open FRST and click fix. Post the generated log.

While in OTLPE, double click the OTLPE icon. [Image: otlico.png]
  • Select the Windows folder of the infected drive if it asks for a location.
  • When asked Do you wish to load the remote registry, select Yes.
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes.
  • Ensure the box Automatically Load All Remaining Users is checked and press OK.
  • OTL should now start
  • Click the Scan All Users checkbox.
  • Change Standard Registry to All
  • Check the boxes beside LOP Check and Purity Check
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
Find all posts by this user
Quote this message in a reply
01-06-2013, 07:37 PM
Post: #5
allstrick Offline
New member (Level 1)
 		Posts: 8
Joined: Jan 2013
Kudos 0
RE: FBI Ranson Virus
Thank you for your help. Here is the results of the OTListIt log, however the Extra.txt log never appeared. I triple checked my settings from above. The only difference is that my version of OTLPE doesn't have a checkbox for Scan All Users.
OTL logfile created on: 1/6/2013 1:21:04 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 18.90 Gb Free Space | 25.39% Space Free | Partition Type: NTFS
Drive D: | 7.46 Gb Total Space | 7.46 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/01/05 21:19:18 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/01/02 23:20:03 | 000,328,992 | ---- | M] () [Auto] -- C:\Program Files\SiteAdvisor\6145\SAService.exe -- (SiteAdvisor Service)
SRV - [2012/12/25 21:32:21 | 000,034,344 | ---- | M] (Just Develop It) [Auto] -- C:\Program Files\JustCloud\BackupStack.exe -- (BackupStack) Computer Backup (JustCloud)
SRV - [2012/12/11 12:59:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 15:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (http://www.carbonite.com)) [Auto] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2012/05/18 06:12:04 | 000,007,680 | ---- | M] (Phase Five Systems) [Auto] -- C:\Program Files\Jump Desktop\JumpService.exe -- (JumpDesktop)
SRV - [2010/07/08 08:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/06/17 20:47:06 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () [Auto] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/06/19 09:55:24 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/09 05:36:10 | 002,213,416 | ---- | M] (McAfee, Inc.) [Auto] -- C:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2007/02/13 13:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007/01/25 19:01:58 | 000,643,664 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/01/16 19:03:36 | 000,362,064 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/01/15 12:25:22 | 000,248,416 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe -- (McRedirector)
SRV - [2007/01/12 17:13:24 | 000,341,584 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe -- (Emproxy)
SRV - [2007/01/05 17:22:18 | 000,689,752 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\MSC\mcupdmgr.exe -- (mcmispupdmgr)
SRV - [2007/01/05 17:22:12 | 000,361,560 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/01/05 17:21:40 | 000,493,144 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcpromgr.exe -- (mcpromgr)
SRV - [2006/12/22 17:02:26 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2006/12/02 07:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2004/01/05 02:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/01/05 21:56:04 | 000,030,616 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2010/03/10 08:18:20 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/01/09 21:09:12 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/10/23 17:51:00 | 000,530,560 | ---- | M] (Line 6) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L6PODLV.sys -- (L6PODLV)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2007/12/13 19:28:36 | 000,005,504 | ---- | M] () [File_System | System] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/06/13 21:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/02 15:16:52 | 000,109,608 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/12/22 17:02:40 | 000,071,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/12/22 17:02:34 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/12/22 17:02:34 | 000,037,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2006/12/22 17:02:34 | 000,034,184 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/12/22 17:02:34 | 000,032,008 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/12/12 12:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/02/10 18:55:36 | 000,034,688 | ---- | M] (Dolphin, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\samfilt.sys -- (SAMFILT)
DRV - [2005/12/21 10:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/s...chcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/e...nel=us-smb
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/e...nel=us-smb
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Bruce_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104
IE - HKU\Bruce_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Bruce_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Bruce_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/e...nel=us-smb
IE - HKU\Bruce_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Bruce_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Bruce_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecorde​xt.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/10 13:58:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/17 13:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/17 10:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 10:30:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/15 23:02:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6145\FF\ [2013/01/02 23:20:08 | 000,000,000 | ---D | M]

[2012/01/05 15:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/01 20:51:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/17 13:47:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/14 23:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/05/20 14:46:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/19 18:35:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/08 10:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/06/24 08:26:10 | 000,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 08:26:11 | 000,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/06/24 08:26:12 | 000,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2012/07/30 16:52:13 | 000,103,904 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012/02/17 10:30:25 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2011/02/11 23:50:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/02/11 23:50:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/02/11 23:50:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/02/11 23:50:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/02/11 23:50:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/02/17 10:31:44 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2012/02/17 10:30:02 | 000,108,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/06/24 06:27:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 06:27:00 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 06:27:00 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 06:27:00 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 06:27:00 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 06:27:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 06:27:00 | 000,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll ()
O3 - HKU\Bruce_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Bruce_ON_C\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Bruce_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Bruce_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Bruce_ON_C\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KAVPersonal50] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Bruce_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Bruce_ON_C..\Run: [Jump Desktop] C:\Program Files\Jump Desktop\JumpDesktop.exe (Phase Five Systems)
O4 - HKU\Bruce_ON_C..\Run: [PCShowServer] File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware] File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Bruce\Start Menu\Programs\Startup\JustCloud.lnk = C:\Program Files\JustCloud\JustCloud.exe (JustCloud.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explor​er: NoDriveTypeAutoRun = 145
O7 - HKU\Bruce_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Bruce_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explore​r: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo​rer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/...plugin.cab (QuickTime Object)
O16 - DPF: {22945B86-3F07-4220-85EA-3A44F14AADD6} http://208.47.112.231/web1000/web1000msrdp60clip.cab (setClip Class)
O16 - DPF: {4D9D14F9-D68F-46D3-95B0-D061C25E9B40} https://www.adpalliance.com/306/ADPUpdates.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupd...6261281618 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fla...rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstal...s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/01/05 22:01:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/05 21:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2013/01/05 21:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/01/05 16:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/03 21:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
[2013/01/03 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
[2013/01/02 23:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013/01/02 23:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
[2013/01/02 23:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\SiteAdvisor
[2013/01/02 23:18:17 | 000,032,008 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2013/01/02 23:18:16 | 000,037,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2013/01/02 23:18:16 | 000,034,184 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2013/01/02 23:18:14 | 000,170,408 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2013/01/02 23:18:14 | 000,071,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2013/01/02 23:18:04 | 000,109,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2013/01/02 23:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2013/01/02 22:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defender Pro
[2013/01/02 22:06:03 | 000,038,123 | ---- | C] (Kaspersky Labs) -- C:\WINDOWS\System32\drivers\klick.sys
[2013/01/02 22:06:03 | 000,008,200 | ---- | C] (Kaspersky Labs) -- C:\WINDOWS\System32\drivers\klin.sys
[2013/01/02 22:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\Defender Pro
[2013/01/01 20:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/01 20:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/01/01 20:57:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/01/01 20:57:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/01/01 20:57:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/01/01 20:57:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/01/01 20:57:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/01/01 20:57:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PowerDVD DX
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2013/01/01 17:25:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/01/01 15:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Malwarebytes
[2012/12/28 19:46:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2012/12/28 14:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/12/28 14:14:33 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/28 14:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/28 14:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/12/28 14:02:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012/12/28 13:59:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/12/28 13:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/12/28 13:55:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/12/28 13:55:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/12/28 13:55:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/12/28 13:55:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SingleClick Systems
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Roxio
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Roxio
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Google Gadgets
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/12/28 13:37:46 | 000,000,000 | -HSD | C] -- C:\found.000
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/05 22:22:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA2FC216-6A7D-45AC-8027-0EBD2CAB2220}.job
[2013/01/05 22:13:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013/01/05 22:08:41 | 000,003,120 | ---- | M] () -- C:\WINDOWS\D9H7ADHB.ocx
[2013/01/05 22:08:40 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\HAF9SE8J.ocx
[2013/01/05 22:08:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/05 22:02:59 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/05 22:02:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/05 22:02:55 | 3209,871,360 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/05 22:01:41 | 000,003,118 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2013/01/05 21:56:04 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/01/05 21:19:18 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2013/01/05 21:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2013/01/05 16:06:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/02 23:34:04 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee Easy Network.lnk
[2013/01/02 23:34:04 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Easy Network.lnk
[2013/01/02 23:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013/01/02 23:33:55 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2013/01/02 23:17:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2013/01/02 23:17:09 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2013/01/02 23:05:59 | 035,984,276 | ---- | M] () -- C:\BellSouthIW.reg
[2013/01/02 22:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defender Pro
[2013/01/02 22:04:08 | 000,001,983 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Defender Pro PC Tune-up and Repair.lnk
[2013/01/02 22:04:08 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Defender Pro PC Tune-up and Repair.lnk
[2013/01/02 21:57:37 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2013/01/01 20:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/01 17:10:02 | 000,507,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/01 16:36:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/01 16:15:28 | 000,491,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/01 16:15:28 | 000,091,154 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/28 16:20:20 | 000,751,078 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2012/12/28 16:20:04 | 000,114,890 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2012/12/28 15:55:41 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2592898406-2242705440-3200713710-1006.job
[2012/12/28 14:16:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/25 17:18:13 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2012/12/22 12:23:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/11 12:59:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/11 12:59:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/08 11:43:19 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/05 21:21:01 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/01/05 21:19:18 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2013/01/05 16:10:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/02 23:38:51 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2013/01/02 23:34:04 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee Easy Network.lnk
[2013/01/02 23:34:04 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Easy Network.lnk
[2013/01/02 23:33:55 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2013/01/02 23:17:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2013/01/02 23:17:09 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2013/01/02 22:57:59 | 035,984,276 | ---- | C] () -- C:\BellSouthIW.reg
[2013/01/02 22:04:08 | 000,001,983 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Defender Pro PC Tune-up and Repair.lnk
[2013/01/02 22:04:08 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Defender Pro PC Tune-up and Repair.lnk
[2012/12/28 16:20:20 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2012/12/28 16:20:04 | 000,114,890 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2012/12/28 15:49:35 | 3209,871,360 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/28 14:14:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/28 13:55:14 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/28 13:55:14 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/12/28 13:55:07 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/12/28 13:55:07 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/12/28 13:55:07 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/12/06 22:04:08 | 000,111,508 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/17 10:57:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/07 22:13:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/07 22:13:21 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/16 22:06:00 | 000,236,049 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\debuggee.mdmp
[2011/05/17 21:17:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/17 21:16:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\downloads.m3u
[2011/04/08 20:25:40 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\default.rss
[2010/03/13 21:45:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/10/14 00:12:17 | 000,000,538 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/01 20:52:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/10 21:02:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\rx_image.Cache
[2009/04/22 21:38:28 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTSHDW3.dll
[2009/02/05 10:26:28 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2009/02/05 10:26:28 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\flvvideo.dll
[2009/02/05 10:26:28 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/05 10:26:28 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/09/09 21:21:05 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/09/09 20:39:20 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/03/15 10:48:46 | 000,003,968 | ---- | C] () -- C:\WINDOWS\WJETNET.INI
[2008/02/28 20:44:08 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Burn and Go Nitro.ini
[2008/02/26 23:17:41 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/26 22:03:48 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/02/23 17:21:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/02/23 15:50:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\fusioncache.dat
[2008/01/20 19:12:48 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/01/20 19:12:48 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/01/10 21:36:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/01/10 21:36:16 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/01/10 21:36:15 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/01/10 20:00:42 | 000,131,576 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2008/01/10 20:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2008/01/10 14:33:57 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/09 23:44:55 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2008/01/09 23:44:55 | 000,029,232 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2008/01/09 23:34:28 | 000,000,064 | ---- | C] () -- C:\WINDOWS\tsiwinfile.dat
[2008/01/09 21:43:32 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/01/09 21:43:12 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2008/01/09 21:43:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2008/01/04 09:24:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/04 09:21:17 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/01/04 09:19:47 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/01/04 09:19:47 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/04 08:56:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/04 08:56:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/01/04 08:54:46 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/03/13 13:13:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\rd60clip.dll
[2006/11/13 17:35:18 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[2006/11/13 17:00:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,507,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,491,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,091,154 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/05 02:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/28 00:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
[1998/12/06 16:56:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\verinst.exe
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== LOP Check ==========

[2009/07/25 21:03:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2008/01/24 21:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\1&1
[2012/10/11 10:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Cool Record Edit Deluxe
[2011/07/31 13:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Cool Record Edit Pro
[2012/05/24 13:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\DTV
[2013/01/02 22:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\FileZilla
[2009/04/09 08:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2011/04/08 20:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\ImgBurn
[2008/11/18 21:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Line 6
[2009/06/10 22:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\MPEG Streamclip
[2009/01/09 21:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\NCH Swift Sound
[2008/02/23 17:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\pdf995
[2012/11/14 21:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Phase Five Systems
[2012/06/15 12:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\TaxCut
[2009/08/17 20:20:58 | 000,000,000 | ---D | M]
Find all posts by this user
Quote this message in a reply
01-06-2013, 07:44 PM
Post: #6
allstrick Offline
New member (Level 1)
 		Posts: 8
Joined: Jan 2013
Kudos 0
RE: FBI Ranson Virus
Sorry , the last post was cut short, here is the entire reply again;
OTL logfile created on: 1/6/2013 1:21:04 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 18.90 Gb Free Space | 25.39% Space Free | Partition Type: NTFS
Drive D: | 7.46 Gb Total Space | 7.46 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/01/05 21:19:18 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/01/02 23:20:03 | 000,328,992 | ---- | M] () [Auto] -- C:\Program Files\SiteAdvisor\6145\SAService.exe -- (SiteAdvisor Service)
SRV - [2012/12/25 21:32:21 | 000,034,344 | ---- | M] (Just Develop It) [Auto] -- C:\Program Files\JustCloud\BackupStack.exe -- (BackupStack) Computer Backup (JustCloud)
SRV - [2012/12/11 12:59:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 15:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (http://www.carbonite.com)) [Auto] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2012/05/18 06:12:04 | 000,007,680 | ---- | M] (Phase Five Systems) [Auto] -- C:\Program Files\Jump Desktop\JumpService.exe -- (JumpDesktop)
SRV - [2010/07/08 08:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/06/17 20:47:06 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () [Auto] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/06/19 09:55:24 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/09 05:36:10 | 002,213,416 | ---- | M] (McAfee, Inc.) [Auto] -- C:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2007/02/13 13:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007/01/25 19:01:58 | 000,643,664 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/01/16 19:03:36 | 000,362,064 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/01/15 12:25:22 | 000,248,416 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe -- (McRedirector)
SRV - [2007/01/12 17:13:24 | 000,341,584 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe -- (Emproxy)
SRV - [2007/01/05 17:22:18 | 000,689,752 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\MSC\mcupdmgr.exe -- (mcmispupdmgr)
SRV - [2007/01/05 17:22:12 | 000,361,560 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/01/05 17:21:40 | 000,493,144 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcpromgr.exe -- (mcpromgr)
SRV - [2006/12/22 17:02:26 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2006/12/02 07:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2004/01/05 02:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/01/05 21:56:04 | 000,030,616 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2010/03/10 08:18:20 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/01/09 21:09:12 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/10/23 17:51:00 | 000,530,560 | ---- | M] (Line 6) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L6PODLV.sys -- (L6PODLV)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2007/12/13 19:28:36 | 000,005,504 | ---- | M] () [File_System | System] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/06/13 21:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/02 15:16:52 | 000,109,608 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/12/22 17:02:40 | 000,071,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/12/22 17:02:34 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/12/22 17:02:34 | 000,037,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2006/12/22 17:02:34 | 000,034,184 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/12/22 17:02:34 | 000,032,008 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/12/12 12:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/02/10 18:55:36 | 000,034,688 | ---- | M] (Dolphin, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\samfilt.sys -- (SAMFILT)
DRV - [2005/12/21 10:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/s...chcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/e...nel=us-smb
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/e...nel=us-smb
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Bruce_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080104
IE - HKU\Bruce_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Bruce_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Bruce_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/e...nel=us-smb
IE - HKU\Bruce_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Bruce_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Bruce_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecorde​xt.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/10 13:58:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/17 13:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/17 10:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 10:30:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/15 23:02:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6145\FF\ [2013/01/02 23:20:08 | 000,000,000 | ---D | M]

[2012/01/05 15:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/01 20:51:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/17 13:47:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/14 23:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/05/20 14:46:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/19 18:35:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/08 10:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/06/24 08:26:10 | 000,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 08:26:11 | 000,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/06/24 08:26:12 | 000,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2012/07/30 16:52:13 | 000,103,904 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012/02/17 10:30:25 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2011/02/11 23:50:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/02/11 23:50:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/02/11 23:50:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/02/11 23:50:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/02/11 23:50:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/02/17 10:31:44 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2012/02/17 10:30:02 | 000,108,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/06/24 06:27:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 06:27:00 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 06:27:00 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 06:27:00 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 06:27:00 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 06:27:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 06:27:00 | 000,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll ()
O3 - HKU\Bruce_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Bruce_ON_C\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Bruce_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Bruce_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Bruce_ON_C\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KAVPersonal50] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Bruce_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Bruce_ON_C..\Run: [Jump Desktop] C:\Program Files\Jump Desktop\JumpDesktop.exe (Phase Five Systems)
O4 - HKU\Bruce_ON_C..\Run: [PCShowServer] File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware] File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Bruce\Start Menu\Programs\Startup\JustCloud.lnk = C:\Program Files\JustCloud\JustCloud.exe (JustCloud.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explor​er: NoDriveTypeAutoRun = 145
O7 - HKU\Bruce_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Bruce_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explore​r: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo​rer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/...plugin.cab (QuickTime Object)
O16 - DPF: {22945B86-3F07-4220-85EA-3A44F14AADD6} http://208.47.112.231/web1000/web1000msrdp60clip.cab (setClip Class)
O16 - DPF: {4D9D14F9-D68F-46D3-95B0-D061C25E9B40} https://www.adpalliance.com/306/ADPUpdates.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupd...6261281618 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fla...rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstal...s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/01/05 22:01:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/05 21:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2013/01/05 21:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/01/05 16:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/03 21:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
[2013/01/03 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
[2013/01/02 23:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013/01/02 23:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
[2013/01/02 23:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\SiteAdvisor
[2013/01/02 23:18:17 | 000,032,008 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2013/01/02 23:18:16 | 000,037,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2013/01/02 23:18:16 | 000,034,184 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2013/01/02 23:18:14 | 000,170,408 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2013/01/02 23:18:14 | 000,071,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2013/01/02 23:18:04 | 000,109,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2013/01/02 23:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2013/01/02 22:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defender Pro
[2013/01/02 22:06:03 | 000,038,123 | ---- | C] (Kaspersky Labs) -- C:\WINDOWS\System32\drivers\klick.sys
[2013/01/02 22:06:03 | 000,008,200 | ---- | C] (Kaspersky Labs) -- C:\WINDOWS\System32\drivers\klin.sys
[2013/01/02 22:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\Defender Pro
[2013/01/01 20:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/01 20:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/01/01 20:57:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/01/01 20:57:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/01/01 20:57:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/01/01 20:57:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/01/01 20:57:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/01/01 20:57:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PowerDVD DX
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories
[2013/01/01 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2013/01/01 17:25:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/01/01 15:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Malwarebytes
[2012/12/28 19:46:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2012/12/28 14:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/12/28 14:14:33 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/28 14:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/28 14:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/12/28 14:02:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012/12/28 13:59:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/12/28 13:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/12/28 13:55:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/12/28 13:55:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/12/28 13:55:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/12/28 13:55:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SingleClick Systems
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Roxio
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Roxio
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Google Gadgets
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2012/12/28 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/12/28 13:37:46 | 000,000,000 | -HSD | C] -- C:\found.000
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/05 22:22:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA2FC216-6A7D-45AC-8027-0EBD2CAB2220}.job
[2013/01/05 22:13:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013/01/05 22:08:41 | 000,003,120 | ---- | M] () -- C:\WINDOWS\D9H7ADHB.ocx
[2013/01/05 22:08:40 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\HAF9SE8J.ocx
[2013/01/05 22:08:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/05 22:02:59 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/05 22:02:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/05 22:02:55 | 3209,871,360 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/05 22:01:41 | 000,003,118 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2013/01/05 21:56:04 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/01/05 21:19:18 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2013/01/05 21:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2013/01/05 16:06:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/02 23:34:04 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee Easy Network.lnk
[2013/01/02 23:34:04 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Easy Network.lnk
[2013/01/02 23:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013/01/02 23:33:55 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2013/01/02 23:17:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2013/01/02 23:17:09 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2013/01/02 23:05:59 | 035,984,276 | ---- | M] () -- C:\BellSouthIW.reg
[2013/01/02 22:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defender Pro
[2013/01/02 22:04:08 | 000,001,983 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Defender Pro PC Tune-up and Repair.lnk
[2013/01/02 22:04:08 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Defender Pro PC Tune-up and Repair.lnk
[2013/01/02 21:57:37 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2013/01/01 20:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/01 17:10:02 | 000,507,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/01 16:36:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/01 16:15:28 | 000,491,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/01 16:15:28 | 000,091,154 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/28 16:20:20 | 000,751,078 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2012/12/28 16:20:04 | 000,114,890 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2012/12/28 15:55:41 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2592898406-2242705440-3200713710-1006.job
[2012/12/28 14:16:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/25 17:18:13 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2012/12/22 12:23:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/11 12:59:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/11 12:59:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/08 11:43:19 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/05 21:21:01 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/01/05 21:19:18 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2013/01/05 16:10:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/02 23:38:51 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2013/01/02 23:34:04 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee Easy Network.lnk
[2013/01/02 23:34:04 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Easy Network.lnk
[2013/01/02 23:33:55 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2013/01/02 23:17:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2013/01/02 23:17:09 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2013/01/02 22:57:59 | 035,984,276 | ---- | C] () -- C:\BellSouthIW.reg
[2013/01/02 22:04:08 | 000,001,983 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Defender Pro PC Tune-up and Repair.lnk
[2013/01/02 22:04:08 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Defender Pro PC Tune-up and Repair.lnk
[2012/12/28 16:20:20 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2012/12/28 16:20:04 | 000,114,890 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2012/12/28 15:49:35 | 3209,871,360 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/28 14:14:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/28 13:55:14 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/28 13:55:14 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/12/28 13:55:07 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/12/28 13:55:07 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/12/28 13:55:07 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/12/06 22:04:08 | 000,111,508 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/17 10:57:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/07 22:13:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/07 22:13:21 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/16 22:06:00 | 000,236,049 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\debuggee.mdmp
[2011/05/17 21:17:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/17 21:16:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\downloads.m3u
[2011/04/08 20:25:40 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\default.rss
[2010/03/13 21:45:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/10/14 00:12:17 | 000,000,538 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/01 20:52:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/10 21:02:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\rx_image.Cache
[2009/04/22 21:38:28 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTSHDW3.dll
[2009/02/05 10:26:28 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2009/02/05 10:26:28 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\flvvideo.dll
[2009/02/05 10:26:28 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/05 10:26:28 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/09/09 21:21:05 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/09/09 20:39:20 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/03/15 10:48:46 | 000,003,968 | ---- | C] () -- C:\WINDOWS\WJETNET.INI
[2008/02/28 20:44:08 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Burn and Go Nitro.ini
[2008/02/26 23:17:41 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/26 22:03:48 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/02/23 17:21:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/02/23 15:50:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\fusioncache.dat
[2008/01/20 19:12:48 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/01/20 19:12:48 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/01/10 21:36:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/01/10 21:36:16 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/01/10 21:36:15 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/01/10 20:00:42 | 000,131,576 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2008/01/10 20:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2008/01/10 14:33:57 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/09 23:44:55 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2008/01/09 23:44:55 | 000,029,232 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2008/01/09 23:34:28 | 000,000,064 | ---- | C] () -- C:\WINDOWS\tsiwinfile.dat
[2008/01/09 21:43:32 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/01/09 21:43:12 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2008/01/09 21:43:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2008/01/04 09:24:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/04 09:21:17 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/01/04 09:19:47 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/01/04 09:19:47 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/04 08:56:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/04 08:56:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/01/04 08:54:46 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/03/13 13:13:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\rd60clip.dll
[2006/11/13 17:35:18 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[2006/11/13 17:00:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,507,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,491,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,091,154 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/05 02:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/28 00:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
[1998/12/06 16:56:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\verinst.exe
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== LOP Check ==========

[2009/07/25 21:03:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2008/01/24 21:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\1&1
[2012/10/11 10:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Cool Record Edit Deluxe
[2011/07/31 13:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Cool Record Edit Pro
[2012/05/24 13:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\DTV
[2013/01/02 22:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\FileZilla
[2009/04/09 08:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2011/04/08 20:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\ImgBurn
[2008/11/18 21:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Line 6
[2009/06/10 22:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\MPEG Streamclip
[2009/01/09 21:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\NCH Swift Sound
[2008/02/23 17:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\pdf995
[2012/11/14 21:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Phase Five Systems
[2012/06/15 12:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\TaxCut
[2009/08/17 20:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/08/25 19:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Da
Find all posts by this user
Quote this message in a reply
01-06-2013, 07:54 PM
Post: #7
allstrick Offline
New member (Level 1)
 		Posts: 8
Joined: Jan 2013
Kudos 0
RE: FBI Ranson Virus
I have attached the OTListIt.txt file. Apparently it was too long to add as text to the reply. Thanks!

(01-06-2013 04:37 AM)Fiery wrote:  Hi there,

Don't connect your PC to the internet just yet, keep it offline.

On a clean PC, open notepad and copy & paste the following:

Quote:HKLM\...\Run: [Adobe ARM] "C:\Documents and Settings\All Users\Application Data\ifgxpers.exe" [130192 2012-12-28] (?????????? ??????????)
HKU\Bruce\...\Run: [] [x]
2 kavsvc; "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe" [917610 2005-10-20] (Defender Pro LLC)
C:\Documents and Settings\All Users\Application Data\ifgxpers.exe
C:\Program Files\Defender Pro
C:\Windows\$NtUninstallKB2770660$
C:\Windows\$NtUninstallKB2779562$
C:\Windows\$NtUninstallKB2758857$
C:\Windows\$NtUninstallKB2779030$
C:\Windows\$NtUninstallKB2570222$

and save it as fixlist.txt onto your flash drive.

Then, boot to OTLPE, plug in your flash drive, open FRST and click fix. Post the generated log.

While in OTLPE, double click the OTLPE icon. [Image: otlico.png]
  • Select the Windows folder of the infected drive if it asks for a location.
  • When asked Do you wish to load the remote registry, select Yes.
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes.
  • Ensure the box Automatically Load All Remaining Users is checked and press OK.
  • OTL should now start
  • Click the Scan All Users checkbox.
  • Change Standard Registry to All
  • Check the boxes beside LOP Check and Purity Check
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Attached File(s)
.txt  OTListIt.txt (Size: 478.3 KB / Downloads: 28)
Find all posts by this user
Quote this message in a reply
01-06-2013, 11:40 PM
Post: #8
Fiery Offline
Community Admin
 		Posts: 1,588
Joined: Jan 2011
Kudos 495
RE: FBI Ranson Virus
Hi, did you run the FRST fix? Can I see the log?

Open OTLPE. Under custom scan/fixes, copy and paste the content in my attached file at the bottom of this post. It's long so i suggest you use ctrl a to highlight the entire document.

Then click Run Fix. Please post the generated log.


Then, try booting to normal mode and see if you can run the following tools (if not, try safe mode)

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+


Attached File(s)
.txt  OTLPE.txt (Size: 172.53 KB / Downloads: 24)
Find all posts by this user
Quote this message in a reply
01-07-2013, 12:14 AM
Post: #9
allstrick Offline
New member (Level 1)
 		Posts: 8
Joined: Jan 2013
Kudos 0
RE: FBI Ranson Virus
Thank you. Here are the results for the OTLPE Fix.
========== OTL ==========
ADS C:\WINDOWS\Wudf01000Inst.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\wmsetup10.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\wmp11.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\WMFDist11.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\wiaservc.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\twunk_32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\twunk_16.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\twain.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\tsiwinfile.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\tasks\User_Feed_Synchronization-{DA2FC216-6A7D-45AC-8027-0EBD2CAB2220}.job:KAVICHS deleted successfully.
ADS C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2592898406-2242705440-3200713710-1006.job:KAVICHS deleted successfully.
ADS C:\WINDOWS\tasks\AppleSoftwareUpdate.job:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\xpsp2res.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\xpsp1res.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wups2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wups.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WUDFx.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WudfPlatform.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WudfHost.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WUDFCoinstaller.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wsock32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wsnmp32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wshtcpip.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wshnetbs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wscsvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ws2help.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpdsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpdshextres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpdshextautoplay.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpdmtpus.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpdmtp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpdconns.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wowexec.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMVXENCD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMVSENCD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMVSDECD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMVENCOD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmvdmoe2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMVCore.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMVADVE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMVADVD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMSPDMOE.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmsdmoe2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmsdmod.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpshell.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpns.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpasf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmidx.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmerror.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmdrmnet.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmdrmdev.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmdmlog.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMADMOE.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wlnotify.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wldap32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wkssvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winsta.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winsrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winspool.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winscard.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winoldap.mod:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winlogon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winhttp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\win32spl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\win32k.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wiaservc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WebFlowIDPersist.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\webclnt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wdmaud.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wdigest.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wdfapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\w32time.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\version.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\uwdf.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usp10.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\user32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\user.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usbmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\urlmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\umpnpmgr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TZLog.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsd32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsbyuv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\trkwks.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\telephon.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tcpmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tapi32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sxs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\svchost.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sti.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\stdole32.tlb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\srvsvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\srsvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sqlwoa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sqlwid.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\spoolsv.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\softpub.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\snmpaxctrl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\smss.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\skin.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shlwapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shimeng.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shgina.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shellstyle.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shell.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sfc_os.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sfc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\services.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\services.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sens.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\security.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\secur32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\seclogon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\schedsvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\scesrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\scecli.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\samsrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\samlib.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rundll32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rtutils.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RTSndMgr.CPL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsaenh.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rpcss.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ReportReader.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\regapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\redir.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rd60clip.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rastls.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasman.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\raschap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasadhlp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qutil.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qmgr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qasf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pstorsvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\psbase.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Prounstl.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\profmap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\powrprof.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PortableDeviceWMDRM.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PortableDeviceClassExtension.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pjlmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfproc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfos.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfdisk.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfc009.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pdh.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\onex.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\olepro32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oledlg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oleaut32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ole32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oembios.bin:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\odbcint.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\odbcbcp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntshrui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntoskrnl.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntio.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdos.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\normaliz.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NicInstE.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NicEtCoE.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NicCo.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netrap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netman.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netlogon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nddeapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ncscrt8.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ncscolib.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Ncs2Setp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ncobjapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mydocs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mtxclu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msyuv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxml4.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxml3.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvidc32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvfw32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvcrt40.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSVCRT10.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvcp60.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msv1_0.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msutb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mstask.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msrle32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msprivs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mspatcha.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msnsspc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msls31.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msimtf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msiexec.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msidntld.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mshtml.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msgina.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msdmo.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msdelta.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msctfime.ime:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mscoree.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mscms.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mscdexnt.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msaud32.acm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msasn1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msapsspc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msacm32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mprapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mpr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MPG4DMOD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MPG4DECD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MP43DMOD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MP43DECD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mlang.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\midimap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mfc71u.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MFC71ENU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mfc42u.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mfc42.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MDT2FW95.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mcicda.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mcd32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mapistub.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mapi32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MAPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\main.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lsass.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lsasrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LoopyMusic.wav:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lodctr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\localspl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\loadperf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lmhsvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LAPRXY.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\langwrbk.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\l3codeca.acm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ksuser.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\krnl386.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kdcom.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdycl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdycc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbduzb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdur.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdtuq.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdtuf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdtat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdsl1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdsl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdru1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdru.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdro.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdpl1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdpl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdlv1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdlv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdlt1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdlt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdkyr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdkaz.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhu1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhept.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhela3.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhela2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhe319.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhe220.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhe.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdgkl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdest.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdcz2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdcz1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdcz.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdcr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdbu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdblr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdazel.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdaze.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\java.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iyuv_32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ISUSPM.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ir50_32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ir41_32.ax:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iphlpapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\inetpp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iglicd32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igldev32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxext.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxexps.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxcfg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iertutil.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ieframe.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ie4uinit.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\icfgnt5.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iccvid.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzisn12.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzipt12.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzinw12.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hnetcfg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\himem.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hhctrl.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Grengine.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\geo.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gdi32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gdi.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fixmapi.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\eventlog.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\esent.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ersvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\eappprxy.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\eappcfg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\eapolqec.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\e1e5132.din:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\e1000msg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\duser.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dssenh.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drwtsn32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drmstor.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\wpdusb.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ohci1394.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\MarvinBus.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\kmixer.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ipnat.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\intelppm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\http.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\hdaudbus.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\gm.dls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\DRVNDDM.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\DRVMCDB.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\DLARTL_M.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\DLACDBHM.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\acpi.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dot3dlg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dot3api.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dosx.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dnsrslvr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dnsapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmvdmoe2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmvdmod.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\WMSPDMOE.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmsdmoe2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmsdmod.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmidx.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmdmps.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmdmlog.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmasf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\WMADMOE.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\WMADMOD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\qasf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\mswmdm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\msscp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\mspmsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\mspmsnsv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\msnetobj.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\LAPRXY.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\drmv2clt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cewmdm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\blackbox.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dimsntfy.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\digest.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\devenum.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\deskmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\deskadp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ddraw.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dciman32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dbgeng.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3dim.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3d9.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3d8thk.dll:KAVICHS deleted successfully.
Unable to delete ADS C:\WINDOWS\System32\ctl3dv2.dll:KAVICHS .
ADS C:\WINDOWS\System32\ctfmon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\csrss.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\csrsrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cscui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cryptui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cryptsvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cryptnet.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cryptdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\crtdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\credui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\country.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comsvcs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\command.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comct232.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\colbact.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cnbjmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\clusapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\clb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\certcli.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cabinet.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_875.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_869.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_866.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_865.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_863.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_861.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_860.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_857.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_855.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_852.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_775.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_737.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28605.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28603.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28599.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28592.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_21866.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20866.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20261.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10082.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10081.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10079.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10029.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10017.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10010.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10007.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10006.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10000.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BuzzingBee.wav:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\browser.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BJInstaller.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BJAXSecurityManager.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BinaryAggregator1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\basesrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\authz.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\audiosrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atl71.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\asferror.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ALSNDMGR.CPL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\alg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\advpack.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\advapi32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\adsldpc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\actxprxy.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ActiveUtils.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\activeds.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\acctres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\setuplog.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\setupact.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\SchedLgU.Txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\regopt.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\pdf995.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\ocmsn.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\MSCompPackV1.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KPCMS.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB939683.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB929399.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB923723.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\iun6002.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\ie7Uninst.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\iccsigs.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\hpomdl03.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\hpoins03.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\hpiins06.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\Dell.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\_default.pif:KAVICHS deleted successfully.
ADS C:\unPDVDDX.log:KAVICHS deleted successfully.
ADS C:\unPDVDDX.iss:KAVICHS deleted successfully.
ADS C:\TDSSKiller.2.6.22.0_07.12.2011_21.57.22_log.txt:KAVICHS deleted successfully.
ADS C:\Program Files\TightVNC\tvnserver.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe:KAVICHS deleted successfully.
ADS C:\program files\real\realplayer\update\realsched.exe:KAVICHS deleted successfully.
ADS C:\Program Files\QuickTime Alternative\qttask.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:KAVICHS deleted successfully.
ADS C:\Program Files\McAfee\MPF\MPFSrv.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Jump Desktop\JumpService.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Jump Desktop\JumpDesktop.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Java\jre6\bin\jqs.exe:KAVICHS deleted successfully.
ADS C:\Program Files\HP\hpcoretech\hpcmpmgr.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Google\Update\GoogleUpdate.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Dell Support Center\bin\sprtsvc.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Dell Network Assistant\hnm_svc.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe:KAVICHS deleted successfully.
ADS C:\program files\common files\mcafee\mna\mcnasvc.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Common Files\Java\Java Update\jusched.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe:KAVICHS deleted successfully.
ADS C:\MyDocuments\info.txt:KAVICHS deleted successfully.
ADS C:\MyDocuments\config.inc:KAVICHS deleted successfully.
ADS C:\MyDocuments\_sbrIndex.sbr:KAVICHS deleted successfully.
ADS C:\MyDocuments\_sbrCache.sbr:KAVICHS deleted successfully.
ADS C:\MyDocuments\.htaccess:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Bruce\Start Menu\Programs\Windows Media Player.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Bruce\Start Menu\Programs\Startup\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Bruce\Local Settings\Application Data\fusioncache.dat:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Bruce\Desktop\Windows Media Player.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Logo Design Shop.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Bruce\Application Data\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Logo Design Shop.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop\Roxio Creator Home.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop\Owner's Manual.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop\Logo Design Shop.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\1.bmp:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Administrator\ntuser.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\Administrator\Application Data\desktop.ini:KAVICHS deleted successfully.
ADS C:\BellSouthIW.re~:KAVICHS deleted successfully.
ADS C:\aaw7boot.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Zapotec.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\xpsp1hfm.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\WMSysPr9.prx:KAVICHS deleted successfully.
ADS C:\WINDOWS\winnt256.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\winnt.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\wininit.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\winhelp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\vmmreg32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\vbaddin.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\vb.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\updspapi.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\uninst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job:KAVICHS deleted successfully.
ADS C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job:KAVICHS deleted successfully.
ADS C:\WINDOWS\TASKMAN.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\xpsp3res.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\xpob2res.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\xmllite.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\xenroll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wzcsapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wzcdlg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wupdmgr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wucltui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuauserv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuaueng.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuaucpl.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuaucpl.cpl.mui:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuaucpl.cpl.manifest:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuauclt.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wshom.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wshisn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wshext.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wshatm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wscui.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wscript.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpdtrace.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wowfaxui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wowfax.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wowdeb.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wow32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmspdmod.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpeffects.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpdxm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMNetmgr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmiprop.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmimgmt.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmerrenu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winstrm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winspool.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winrnr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winnls.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winmsd.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winipsec.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winhlp32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winhelp.hlp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winfax.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WindowsLogon.manifest:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winchat.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\win87em.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\win.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wifeman.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wiavusd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wiashext.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wiasf.ax:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wiaacmgr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\webhits.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\webfldrs.msi:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\webcheck.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wdl.trm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbocx.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbhelp2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.sve:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.nld:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.ita:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.fra:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.esn:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.enu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.deu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.sve:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.nld:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.ita:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.fra:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.esn:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.enu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.deu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\watchdog.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\w32topl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\w32tm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vssvc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vssapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vssadmin.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vss_ps.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vsjitdebugger.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vjoy.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\View Channels.scf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vga64k.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vga256.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vfwwdm32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\verifier.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\verclsid.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ver.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VEN2232.OLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vdmdbg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vcdex.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vbscript.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAME.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VB5DB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\v7vga.rom:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\utilman.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrvpa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrvoica.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrv80a.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrv42a.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrsvpia.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrshuta.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrsdpia.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrrtosa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrprbda.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrmlnka.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrlogon.cmd:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrlbva.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrfaxa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrdtea.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrdpa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrcoina.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrcntra.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\userinit.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\url.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ureg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ups.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\upnp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\unlodctr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\uniplat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\unimdm.tsp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\UMLoader.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\uiautomationcore.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ufat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tzchange.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\typelib.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\twext.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsshutdn.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tslabels.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tslabels.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tskill.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsgqec.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsdiscon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tscupgrd.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tscon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsappcmp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tracert6.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tourstart.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\toolhelp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\timedate.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\themeui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tftp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\termsrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\telnet.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tcpmon.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tcmsetup.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\taskman.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tapiui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tapisrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\t2embed.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\systray.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sysprtj.sep:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sysprint.sep:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sysmon.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\syskey.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sysinv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sysedit.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sysdm.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\synceng.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\syncapp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\swprv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\svcpack.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\subst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\subrange.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\strmfilt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\strmdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\streamci.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\storage.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\stobject.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sti_ci.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\stdole2.tlb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ssdpapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SQLServerManager.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sqlnclir.rll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sqlctr90.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\spxcoins.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sprio800.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sprio600.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sprestrt.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\spoolss.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\spnike.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sorttbls.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sndrec32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\smlogsvc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\slbrccsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\slbcsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sl_anet.acm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\skdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sisbkup.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shmgrate.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shimgvw.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shiftjis.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shdoclc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\share.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shadow.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sfmapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sfcfiles.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sfc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\setver.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\setupdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\setup.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sessmgr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\serwvdrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\serialui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\senscfg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\secupd.sig:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\secupd.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sdpblb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\scrrun.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\scrobj.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\scredir.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SCP32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sccbase.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\scardsvr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\scardssp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SBFM40.XLA:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sbe.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\savedump.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rwinsta.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\runas.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rtm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsvpcnts.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsvp.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsmui.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsmsink.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsaci.rat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rpcns4.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ROXECDC6Inst.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\routetab.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\routemon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\route.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rnr20.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\resutils.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\reset.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\replace.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rend.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\regwiz.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\regsvr32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\REGOBJ.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\regini.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\regedt32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\reg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\recover.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rcbdyctl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rastapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasser.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasrad.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasqec.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasppp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasmxs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasmontr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasmans.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasdlg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasdial.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasctrs.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasctrnm.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasautou.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RACMGR32.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qwinsta.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\query.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\quartz.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qosname.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qdvd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qappsrv.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pubprn.vbs:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PUB3BRSH.ANI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\psnppagn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pscript.sep:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pschdprf.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pschdcnt.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\progman.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\prodspec.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\print.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\prflbmsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\powercfg.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pngfilt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pmspl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\plustab.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ping6.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pifmgr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfwci.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfwci.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfnet.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfi009.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfh009.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perffilt.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perffilt.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfd009.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfctrs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfci.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfci.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pentnt.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pdfmona.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pcl.sep:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pathping.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\paqsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\panmap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\packager.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OUTLWAB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\osuninst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\osk.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\olesvr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\olecnv32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\olecli32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\olecli.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oleaccrc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ole2nls.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ole2disp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ole2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\odbcad32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\odbc16gt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\occache.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntvdm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntsdexts.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntsd.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntmsevt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntmarta.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntlsapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntlanui2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntlanui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntlanman.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntkrnlpa.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntio804.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntio412.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntio411.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntio404.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntimage.gif:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdos804.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdos412.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdos411.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdos404.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\notepad.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.tha:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.sve:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.nld:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.ita:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.fra:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.esn:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.enu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.eng:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.deu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.cht:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.chs:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nlsfunc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netui2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netui1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netui0.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netsetup.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\neth.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netfxperf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netdde.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netcfgx.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\net.hlp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ndptsp.tsp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ncxpnt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NCTAudioVisualizationEx2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NCTAudioDisplay2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NCTAudioDesign2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ncpa.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nbtstat.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\narrhook.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\narrator.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mucltui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mtxoci.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxmlr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxml6.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxml4a.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxml2r.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mswebdvd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvideo.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvcp70.dll:KAVICHS deleted successf
Find all posts by this user
Quote this message in a reply
01-07-2013, 12:16 AM
Post: #10
Fiery Offline
Community Admin
 		Posts: 1,588
Joined: Jan 2011
Kudos 495
RE: FBI Ranson Virus
Hi,

the log got cut off since it's extremely long. Can you attach it?
Find all posts by this user
Quote this message in a reply
« Next Oldest | Next Newest »
Pages (2): 1 2 Next »
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Polistyran Virus (like FBI virus but Swedish Version) prun 5 216 04-03-2013 05:53 PM
Last Post: kuttus
  AFP virus - malware not detecting any virus nikitaTR 23 1,142 02-14-2013 03:25 PM
Last Post: Fiery

  • View a Printable Version
  • Send this Thread to a Friend
  • Subscribe to this thread


User(s) browsing this thread: 1 Guest(s)

 


Proudly powered by MyBB.
Copyright - MalwareTips.com © 2012. All rights reserved. | Webdesign by End Soft Design
Contact Us | Privacy policy | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication | Members List | Forum Team

MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.