Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Dept of Justice MoneyPak Virus
Message
<blockquote data-quote="great_mazinga" data-source="post: 116906" data-attributes="member: 7506"><p>OTL logfile created on: 4/16/2013 10:36:21 PM - Run </p><p>OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE</p><p>Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM</p><p>Internet Explorer (Version = 8.0.6001.18702)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free</p><p>2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free</p><p>Paging file location(s): C:\pagefile.sys 288 576 [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 55.88 Gb Total Space | 21.73 Gb Free Space | 38.89% Space Free | Partition Type: NTFS</p><p>Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS</p><p> </p><p>Computer Name: REATOGO | User Name: SYSTEM</p><p>Boot Mode: Normal | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p>Using ControlSet: ControlSet003</p><p> </p><p><span style="color: #E56717">========== Win32 Services (SafeList) ==========</span></p><p> </p><p>SRV - File not found [Disabled] -- -- (HidServ)</p><p>SRV - File not found [On_Demand] -- -- (AppMgmt)</p><p>SRV - [2013/03/12 21:57:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)</p><p>SRV - [2012/05/26 07:14:43 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)</p><p>SRV - [2007/03/14 22:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)</p><p>SRV - [2007/03/14 22:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)</p><p>SRV - [2007/03/14 22:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)</p><p>SRV - [2007/02/12 20:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)</p><p>SRV - [2007/01/10 19:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)</p><p>SRV - [2006/11/21 20:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)</p><p>SRV - [2006/11/21 20:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)</p><p>SRV - [2006/09/02 19:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)</p><p>SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)</p><p>SRV - [2005/07/08 04:13:14 | 000,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)</p><p>SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)</p><p>SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - File not found [Kernel | On_Demand] -- -- (WDICA)</p><p>DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)</p><p>DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)</p><p>DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)</p><p>DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)</p><p>DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)</p><p>DRV - File not found [Kernel | System] -- -- (PCIDump)</p><p>DRV - File not found [Kernel | System] -- -- (lbrtfdc)</p><p>DRV - File not found [Kernel | System] -- -- (i2omgmt)</p><p>DRV - File not found [Kernel | System] -- -- (Changer)</p><p>DRV - [2013/02/14 12:01:02 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130322.005\NAVEX15.SYS -- (NAVEX15)</p><p>DRV - [2013/02/14 12:01:02 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130322.005\NAVENG.SYS -- (NAVENG)</p><p>DRV - [2012/07/31 20:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)</p><p>DRV - [2012/07/31 20:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)</p><p>DRV - [2011/11/03 14:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)</p><p>DRV - [2011/11/03 14:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)</p><p>DRV - [2007/05/22 18:49:26 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)</p><p>DRV - [2007/02/12 20:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)</p><p>DRV - [2007/02/12 20:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)</p><p>DRV - [2007/01/10 19:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)</p><p>DRV - [2006/09/06 17:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)</p><p>DRV - [2006/09/06 17:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)</p><p>DRV - [2005/11/14 16:30:03 | 000,015,872 | ---- | M] () [Kernel | On_Demand] -- C:\Documents and Settings\Myles\Local Settings\Temp\bfastfao.sys -- (bfastfao)</p><p>DRV - [2005/08/09 18:46:27 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)</p><p>DRV - [2005/06/29 02:01:58 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)</p><p>DRV - [2005/06/17 18:17:48 | 000,352,000 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)</p><p>DRV - [2005/06/17 18:17:00 | 000,038,144 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)</p><p>DRV - [2005/06/11 00:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)</p><p>DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)</p><p>DRV - [2005/05/25 05:39:44 | 000,465,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)</p><p>DRV - [2005/05/09 18:17:06 | 000,031,360 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)</p><p>DRV - [2005/05/05 17:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)</p><p>DRV - [2005/03/31 20:08:02 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)</p><p>DRV - [2005/03/31 19:08:46 | 001,034,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)</p><p>DRV - [2005/03/31 19:08:00 | 000,714,880 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)</p><p>DRV - [2004/12/02 19:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)</p><p>DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)</p><p>DRV - [2003/09/19 19:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)</p><p>DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)</p><p>DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html</p><p>IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart</p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart</p><p> </p><p>IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com</p><p>IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search</p><p>IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7</p><p>IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/</p><p>IE - HKU\Myles_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>IE - HKU\Myles_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1</p><p> </p><p>IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart</p><p> </p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/27 19:53:48 | 000,000,000 | ---D | M]</p><p> </p><p> </p><p>O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)</p><p>O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)</p><p>O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)</p><p>O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)</p><p>O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)</p><p>O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()</p><p>O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>O3 - HKU\Myles_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)</p><p>O3 - HKU\Myles_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>O4 - HKLM..\Run: [] File not found</p><p>O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)</p><p>O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)</p><p>O4 - HKLM..\Run: [CFSServ.exe] File not found</p><p>O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe (Корпорация Майкрософт)</p><p>O4 - HKLM..\Run: [NDSTray.exe] File not found</p><p>O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe ()</p><p>O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)</p><p>O4 - HKLM..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)</p><p>O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()</p><p>O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)</p><p>O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)</p><p>O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)</p><p>O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)</p><p>O4 - HKU\Myles_ON_C..\Run: [EapAuthenticationMgmt] File not found</p><p>O4 - HKU\Myles_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</p><p>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found</p><p>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</p><p>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\Myles_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)</p><p>O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)</p><p>O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)</p><p>O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.)</p><p>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)</p><p>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355885119625 (WUWebControl Class)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)</p><p>O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)</p><p>O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)</p><p>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)</p><p>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)</p><p>O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2005/08/09 17:19:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]</p><p>O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *) - File not found</p><p>O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/04/13 00:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood</p><p>[2013/04/02 21:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>[2013/03/23 00:06:01 | 000,039,936 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe</p><p>[2013/03/22 05:48:05 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys</p><p>[2013/03/22 05:48:05 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys</p><p>[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]</p><p>[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/04/13 00:57:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job</p><p>[2013/04/13 00:51:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Myles\Desktop\Notebook Maximizer.LNK</p><p>[2013/04/13 00:50:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</p><p>[2013/04/13 00:49:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</p><p>[2013/04/13 00:49:01 | 2011,373,568 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/04/02 21:09:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat</p><p>[2013/04/02 21:09:04 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat</p><p>[2013/03/23 00:26:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/03/23 00:26:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/03/23 00:16:25 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp</p><p>[2013/03/23 00:16:11 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg</p><p>[2013/03/23 00:05:58 | 000,039,936 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe</p><p>[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]</p><p>[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/03/23 00:16:25 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp</p><p>[2013/03/23 00:16:06 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg</p><p>[2012/05/28 08:16:11 | 000,111,227 | ---- | C] () -- C:\Documents and Settings\Myles\Application Data\icarus-dxdiag.xml</p><p>[2012/02/17 07:11:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</p><p>[2011/08/27 19:44:21 | 000,165,913 | ---- | C] () -- C:\WINDOWS\hpoins44.dat</p><p>[2011/08/27 19:44:20 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat</p><p>[2011/08/26 02:44:17 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe</p><p>[2010/08/21 21:23:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat</p><p>[2009/11/28 21:29:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat</p><p>[2009/11/28 21:29:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat</p><p>[2009/01/16 02:39:01 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe</p><p>[2007/05/22 19:19:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI</p><p>[2007/01/18 19:43:43 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Myles\presets.ini</p><p>[2006/07/09 22:41:24 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini</p><p>[2006/05/02 23:59:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll</p><p>[2006/04/25 02:15:26 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Myles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2006/03/31 22:18:12 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe</p><p>[2006/03/31 22:18:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe</p><p>[2006/03/31 22:18:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe</p><p>[2006/03/31 22:17:47 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe</p><p>[2006/03/31 22:17:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe</p><p>[2006/01/24 11:19:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini</p><p>[2005/08/09 19:59:11 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini</p><p>[2005/08/09 19:59:11 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini</p><p>[2005/08/09 19:36:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI</p><p>[2005/08/09 19:00:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini</p><p>[2005/08/09 18:45:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat</p><p>[2005/08/09 18:39:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini</p><p>[2005/08/09 18:37:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll</p><p>[2005/08/09 18:37:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll</p><p>[2005/08/09 18:37:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll</p><p>[2005/08/09 18:37:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll</p><p>[2005/08/09 18:37:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll</p><p>[2005/08/09 18:37:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll</p><p>[2005/08/09 18:36:54 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini</p><p>[2005/08/09 18:32:32 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini</p><p>[2005/08/09 18:32:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll</p><p>[2005/08/09 18:32:32 | 000,009,362 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini</p><p>[2005/08/09 18:32:32 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini</p><p>[2005/08/09 18:00:49 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe</p><p>[2005/08/09 18:00:49 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys</p><p>[2005/08/09 17:26:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI</p><p>[2005/08/09 17:21:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat</p><p>[2005/08/09 17:16:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat</p><p>[2005/08/09 17:15:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini</p><p>[2005/08/09 16:41:18 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI</p><p>[2005/08/09 16:38:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat</p><p>[2005/08/09 16:38:18 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat</p><p>[2005/08/09 16:38:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat</p><p>[2005/08/09 16:38:18 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat</p><p>[2005/08/09 16:38:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat</p><p>[2005/08/09 16:38:16 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat</p><p>[2005/08/09 16:38:14 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin</p><p>[2005/08/09 16:38:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat</p><p>[2005/08/09 16:38:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat</p><p>[2005/08/09 16:38:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin</p><p>[2005/08/09 16:37:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat</p><p>[2005/08/09 16:37:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin</p><p>[2005/08/09 10:10:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI</p><p>[2005/08/09 10:09:39 | 000,157,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT</p><p>[2005/06/30 16:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini</p><p>[2005/06/10 19:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat</p><p>[2004/11/12 00:08:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll</p><p>[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2005/08/09 18:39:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\InterTrust</p><p>[2005/08/09 18:07:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba</p><p>[2012/03/13 11:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\adawaretb</p><p>[2012/06/04 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Ad-Aware Antivirus</p><p>[2012/08/19 16:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\adawaretb</p><p>[2010/04/04 19:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\FunWebProducts</p><p>[2005/08/09 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\InterTrust</p><p>[2007/11/14 01:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\InterVideo</p><p>[2006/05/02 23:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Leadertech</p><p>[2012/10/07 11:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Smart PDF Creator Pro</p><p>[2006/08/15 21:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\toshiba</p><p>[2013/02/28 12:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection</p><p>[2011/08/27 17:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications</p><p>[2013/04/13 00:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>[2005/08/09 18:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint</p><p>[2010/12/13 21:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo</p><p>[2012/07/29 09:21:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p>< End of report ></p></blockquote><p></p>
[QUOTE="great_mazinga, post: 116906, member: 7506"] OTL logfile created on: 4/16/2013 10:36:21 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 288 576 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.88 Gb Total Space | 21.73 Gb Free Space | 38.89% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled] -- -- (HidServ) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2013/03/12 21:57:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/26 07:14:43 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2007/03/14 22:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2007/03/14 22:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2007/03/14 22:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2007/02/12 20:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2007/01/10 19:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) SRV - [2006/11/21 20:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2006/11/21 20:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2006/09/02 19:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate) SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2005/07/08 04:13:14 | 000,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS) SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2013/02/14 12:01:02 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130322.005\NAVEX15.SYS -- (NAVEX15) DRV - [2013/02/14 12:01:02 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130322.005\NAVENG.SYS -- (NAVENG) DRV - [2012/07/31 20:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/07/31 20:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011/11/03 14:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2011/11/03 14:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2007/05/22 18:49:26 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2007/02/12 20:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2007/02/12 20:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2007/01/10 19:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2006/09/06 17:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT) DRV - [2006/09/06 17:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL) DRV - [2005/11/14 16:30:03 | 000,015,872 | ---- | M] () [Kernel | On_Demand] -- C:\Documents and Settings\Myles\Local Settings\Temp\bfastfao.sys -- (bfastfao) DRV - [2005/08/09 18:46:27 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2005/06/29 02:01:58 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/06/17 18:17:48 | 000,352,000 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA) DRV - [2005/06/17 18:17:00 | 000,038,144 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD) DRV - [2005/06/11 00:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup) DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf) DRV - [2005/05/25 05:39:44 | 000,465,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005/05/09 18:17:06 | 000,031,360 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr) DRV - [2005/05/05 17:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr) DRV - [2005/03/31 20:08:02 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI) DRV - [2005/03/31 19:08:46 | 001,034,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/03/31 19:08:00 | 000,714,880 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/12/02 19:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2003/09/19 19:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv) DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\Myles_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\Myles_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/27 19:53:48 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\Myles_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKU\Myles_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CFSServ.exe] File not found O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe (Корпорация Майкрософт) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe () O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe () O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKU\Myles_ON_C..\Run: [EapAuthenticationMgmt] File not found O4 - HKU\Myles_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Myles_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355885119625 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/09 17:19:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/04/13 00:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013/04/02 21:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2013/03/23 00:06:01 | 000,039,936 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe [2013/03/22 05:48:05 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013/03/22 05:48:05 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/04/13 00:57:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/04/13 00:51:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Myles\Desktop\Notebook Maximizer.LNK [2013/04/13 00:50:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/13 00:49:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/13 00:49:01 | 2011,373,568 | -HS- | M] () -- C:\hiberfil.sys [2013/04/02 21:09:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2013/04/02 21:09:04 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2013/03/23 00:26:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/03/23 00:26:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/03/23 00:16:25 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp [2013/03/23 00:16:11 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg [2013/03/23 00:05:58 | 000,039,936 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/03/23 00:16:25 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp [2013/03/23 00:16:06 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg [2012/05/28 08:16:11 | 000,111,227 | ---- | C] () -- C:\Documents and Settings\Myles\Application Data\icarus-dxdiag.xml [2012/02/17 07:11:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/08/27 19:44:21 | 000,165,913 | ---- | C] () -- C:\WINDOWS\hpoins44.dat [2011/08/27 19:44:20 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat [2011/08/26 02:44:17 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010/08/21 21:23:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/11/28 21:29:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2009/11/28 21:29:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2009/01/16 02:39:01 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe [2007/05/22 19:19:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2007/01/18 19:43:43 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Myles\presets.ini [2006/07/09 22:41:24 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/05/02 23:59:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006/04/25 02:15:26 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Myles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/03/31 22:18:12 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe [2006/03/31 22:18:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe [2006/03/31 22:18:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2006/03/31 22:17:47 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe [2006/03/31 22:17:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe [2006/01/24 11:19:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/08/09 19:59:11 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini [2005/08/09 19:59:11 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini [2005/08/09 19:36:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2005/08/09 19:00:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini [2005/08/09 18:45:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005/08/09 18:39:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2005/08/09 18:37:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/08/09 18:37:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/08/09 18:37:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/08/09 18:37:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/08/09 18:37:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/08/09 18:37:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/08/09 18:36:54 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/08/09 18:32:32 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2005/08/09 18:32:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2005/08/09 18:32:32 | 000,009,362 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2005/08/09 18:32:32 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2005/08/09 18:00:49 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe [2005/08/09 18:00:49 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys [2005/08/09 17:26:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/08/09 17:21:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005/08/09 17:16:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005/08/09 17:15:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/09 16:41:18 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/09 16:38:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005/08/09 16:38:18 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005/08/09 16:38:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2005/08/09 16:38:18 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005/08/09 16:38:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2005/08/09 16:38:16 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2005/08/09 16:38:14 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005/08/09 16:38:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/08/09 16:38:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2005/08/09 16:38:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2005/08/09 16:37:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2005/08/09 16:37:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2005/08/09 10:10:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/08/09 10:09:39 | 000,157,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005/06/30 16:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/06/10 19:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2004/11/12 00:08:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2005/08/09 18:39:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\InterTrust [2005/08/09 18:07:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba [2012/03/13 11:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\adawaretb [2012/06/04 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Ad-Aware Antivirus [2012/08/19 16:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\adawaretb [2010/04/04 19:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\FunWebProducts [2005/08/09 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\InterTrust [2007/11/14 01:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\InterVideo [2006/05/02 23:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Leadertech [2012/10/07 11:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Smart PDF Creator Pro [2006/08/15 21:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\toshiba [2013/02/28 12:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection [2011/08/27 17:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2013/04/13 00:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2005/08/09 18:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2010/12/13 21:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo [2012/07/29 09:21:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [color=#E56717]========== Purity Check ==========[/color] < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top