Inactive [A] FBI VIRUS

Status
Not open for further replies.
mtmmatt

mtmmatt

Posts: 13   +0
My computer is like from 2002 and has windows xp. I recently have come across the FBI virus where it locks your screen and asks for $300 but I know it's fake. I've looked up videos and troubleshooted this problem on tons of websites but none have been able to help. When restart my computer normally and log in it instantly pops up. When I go to bios and do safe mode it won't even let me log in. When I go to safe mode with cmd prompt it won't let me log in. When I go to safe mode with network it lets me log in but immediately windows starts to shut down. Please help I have so much work and files on this computer that I need and can't access. Thanks!
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

I assume you're posting from some other computer?

Turn infected computer off.
Disconnect it from the internet (remove ethernet cable).
See if you can start it in normal or safe mode.
 
Yes I'm using my phone because its the only device I can use currently.
I disconnected the Internet from the computer and tried to run it in safe mode however I can't log on because its a work computer and all the log ins are on a network for work. So when I can only log in in safe mode with networking which gives me an
Error that pops up so fast u can't read it the the comp shuts off however if shows yes and no for a sec if I hit no it loads my desktop for about 2 sec the the computer shuts off. As for normal mode the desktop loads like normal and the FBI screen pops up
 
Since this is work computer I strongly suggest you contact your IT people.
This is not your property so I don't think you're permitted to make any changes to it.
 
I decided to take some pictures with my phone to help make sense of what I just said here is what it looks like when I log in in safe mode with networking and also normal mode.
image.jpg
And when I try to log in in safe mode and safe mode with cmd prompt
image.jpg
 
I see...

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
Hmm ok I will have to hold off on that step for a day so I can get a blank cd and get another computer to temporarily use.
Thanks
 
Oh I guess the HFMA-CHEALY(this computer) in the first picture is the person from
My old job that used this computer however I do
Not know that password I only know the one for HFMA_NT.
Is there any way of changing that password without knowing the old one so I can log in on safe mode
 
Update Part 1:

OTL logfile created on: 4/13/2013 9:16:05 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 4.21 Gb Free Space | 5.64% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (Yontoo Desktop Updater)
SRV - [2013/03/18 00:41:44 | 001,070,080 | ---- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/02/23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013/02/09 13:04:49 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/30 22:01:53 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/31 20:33:02 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/09 15:48:20 | 000,594,600 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\dldtcoms.exe -- (dldt_device)
SRV - [2009/07/09 15:48:14 | 000,098,984 | ---- | M] () [Disabled] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2000/03/21 17:24:00 | 000,032,256 | ---- | M] (ProdEx Technologies) [Disabled] -- C:\WINDOWS\system32\slpservice.exe -- (SLPMONX)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand] -- -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (STHDA)
DRV - File not found [Kernel | On_Demand] -- -- (sfng32)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (Monfilt)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (Ambfilt)
DRV - [2012/08/02 12:21:22 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV - [2011/06/02 12:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/30 01:22:30 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AE2500xp.sys -- (Linksys_adapter_H)
DRV - [2009/12/15 17:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/09/12 15:47:15 | 000,043,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/07/05 18:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/03/10 14:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/08/19 18:27:40 | 000,073,984 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:20:16 | 000,297,728 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ac97sis.sys -- (SiS7018) Service for AC'97 Sample Driver (WDM)
DRV - [2001/08/17 13:19:56 | 000,063,360 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ess.sys -- (ess) ESS Audio Driver (WDM)
DRV - [2001/08/17 08:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mytool.co/?babsrc=home&s=web&as=0&isid=9848
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\administrator.HFMA_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hfma.org/
IE - HKU\administrator.HFMA_NT_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acecomputers.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acecomputers.com

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acecomputers.com


IE - HKU\ymaltese_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\ymaltese_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=114576&fr=spigot-yhp-ie
IE - HKU\ymaltese_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\ymaltese_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\ymaltese_ON_C\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\ymaltese_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKU\ymaltese_ON_C\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKU\ymaltese_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\ymaltese_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame:
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:


[2013/03/30 03:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/14 18:49:21 | 000,003,751 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/14 19:06:11 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/08/20 02:52:49 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2009/01/19 15:36:41 | 000,000,762 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {0931BD3F-547E-45C1-B133-D0E995645DBA} - No CLSID value found.
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (GetSavin 5.0) - {3E30BD7A-5DBB-4DE2-864F-A663F91144C2} - C:\Documents and Settings\ymaltese\Local Settings\Application Data\getsavin\ie\getsavin_1362697201.dll ()
O2 - BHO: (SearchDonkey) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\SearchDonkey\IE\common.dll (WebAppTech Coding, LLC)
O2 - BHO: (no name) - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (no name) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - No CLSID value found.
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\ymaltese_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dare-U mouse] C:\Program Files\Gaming Mouse\DareUMonitor.exe ()
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\ymaltese_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\ymaltese_ON_C..\Run: [Yontoo Desktop] C:\Documents and Settings\ymaltese\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Documents and Settings\ymaltese\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
F3 - HKU\.DEFAULT WinNT: Load - (slpmonx.exe) - C:\WINDOWS\System32\slpmonx.exe (Seiko Instruments USA, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\administrator.HFMA_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: hfma.org ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hfma.org ([www] https in Trusted sites)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://secure2.edward.org/+CSCOL+/csvrloader32.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1296154842942 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://secure2.edward.org/CACHE/sdesktop/install/binaries/instweb.cab (Cisco Secure Desktop / HostScan Web Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hfma.prv
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\ymaltese_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\ymaltese_ON_C Winlogon: Shell - (C:\Documents and Settings\ymaltese\Application Data\AltShell.dat) - C:\Documents and Settings\ymaltese\Application Data\AltShell.dat ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/12 13:08:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5d59a0c1-4d7c-11db-806c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5d59a0c1-4d7c-11db-806c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d59a0c1-4d7c-11db-806c-806d6172696f}\Shell\AutoRun\command - "" = D:\EISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/04/10 13:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2013/04/09 16:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gaming Mouse
[2013/04/09 16:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Gaming Mouse
[2013/04/09 16:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ymaltese\Application Data\InstallShield
[2013/04/09 10:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ymaltese\Start Menu\Programs\Curse
[2013/04/09 09:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\SearchDonkey
[2013/04/09 09:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/04/09 09:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ymaltese\Application Data\Yahoo!
[2013/04/08 19:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ymaltese\Application Data\IObit Apps
[2013/04/08 19:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ymaltese\Application Data\Search Settings
[2013/04/08 19:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2013/04/08 19:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/04/08 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013/04/08 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Apps Toolbar
[2013/04/08 19:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/04/08 19:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ymaltese\Application Data\IObit
[2013/04/08 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ymaltese\Application Data\Curse Advertising
[2013/04/08 01:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ymaltese\My Documents\My Curse
[2013/03/30 03:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2013/03/30 03:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2013/03/30 03:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2013/03/30 02:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2013/03/29 21:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013/03/21 13:37:36 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/21 13:37:36 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2012/12/30 20:41:10 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtserv.dll
[2012/12/30 20:41:10 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomc.dll
[2012/12/30 20:41:10 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtusb1.dll
[2012/12/30 20:41:10 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldthbn3.dll
[2012/12/30 20:41:10 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtpmui.dll
[2012/12/30 20:41:10 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcoms.exe
[2012/12/30 20:41:10 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtlmpm.dll
[2012/12/30 20:41:10 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDThcp.dll
[2012/12/30 20:41:10 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomm.dll
[2012/12/30 20:41:10 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcfg.exe
[2012/12/30 20:41:10 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtinpa.dll
[2012/12/30 20:41:10 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtiesc.dll
[2012/12/30 20:41:10 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtih.exe
[2012/12/30 20:41:10 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtprox.dll
[2011/03/30 12:40:34 | 000,517,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[2011/03/30 12:40:32 | 001,566,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2011/03/30 12:40:32 | 000,095,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[1998/08/24 10:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\ymaltese\*.tmp files -> C:\Documents and Settings\ymaltese\*.tmp -> ]
 
Update Part 2:

========== Files - Modified Within 30 Days ==========

[2013/04/11 20:36:15 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\ymaltese\Application Data\AltShell.ini
[2013/04/11 20:36:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job
[2013/04/11 20:35:59 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/11 20:35:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/11 20:35:44 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job
[2013/04/11 20:35:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2143182490-1798586732-1235820382-1650.job
[2013/04/11 20:35:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
[2013/04/11 20:35:25 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Hybrid.job
[2013/04/11 20:35:22 | 3478,978,560 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/11 20:35:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/11 17:00:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0B52CC0C-97C3-4382-8831-37A3D8D9E7DF}.job
[2013/04/11 16:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/11 16:51:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/11 16:27:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2143182490-1798586732-1235820382-1650UA.job
[2013/04/10 17:57:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/10 16:41:49 | 000,523,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/10 16:41:49 | 000,097,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/10 11:21:06 | 000,000,212 | ---- | M] () -- C:\WINDOWS\tasks\IORRT.job
[2013/04/10 08:22:23 | 003,630,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 08:21:51 | 000,398,640 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/04/10 08:05:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 03:27:47 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\ymaltese\Desktop\Google Chrome.lnk
[2013/04/09 16:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gaming Mouse
[2013/04/09 13:27:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2143182490-1798586732-1235820382-1650Core.job
[2013/04/09 12:29:07 | 000,001,716 | -H-- | M] () -- C:\Documents and Settings\ymaltese\My Documents\Default.rdp
[2013/04/09 10:42:13 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\ymaltese\Desktop\Curse Client.appref-ms
[2013/04/09 09:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Open Freely
[2013/04/08 20:14:44 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/04/05 17:42:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2143182490-1798586732-1235820382-1650.job
[2013/04/04 10:09:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/30 03:17:19 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2013/03/30 03:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2013/03/30 00:10:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ymaltese\__ng3d.lock
[2013/03/29 23:19:16 | 000,000,996 | ---- | M] () -- C:\Documents and Settings\ymaltese\Desktop\WOW Bot.lnk
[2013/03/29 15:24:14 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\ymaltese\Desktop\System Mechanic.lnk
[2013/03/29 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic
[2013/03/28 21:23:25 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2013/03/28 21:23:25 | 000,000,655 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/03/18 00:59:00 | 000,041,616 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2013/03/18 00:58:52 | 000,023,568 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2013/03/18 00:43:56 | 002,097,472 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\ymaltese\*.tmp files -> C:\Documents and Settings\ymaltese\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/11 14:43:26 | 3478,978,560 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/10 12:32:54 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\ymaltese\Application Data\AltShell.ini
[2013/04/08 01:25:51 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\ymaltese\Desktop\Curse Client.appref-ms
[2013/03/30 03:17:11 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2013/03/30 00:10:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ymaltese\__ng3d.lock
[2013/03/29 23:19:16 | 000,000,996 | ---- | C] () -- C:\Documents and Settings\ymaltese\Desktop\WOW Bot.lnk
[2013/03/07 19:01:07 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/02/19 12:28:23 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2013/02/10 09:30:08 | 000,398,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/30 20:42:25 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldtcoin.dll
[2012/12/30 20:42:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldtvs.dll
[2012/12/30 20:41:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldtcaps.dll
[2012/12/30 20:41:41 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\dldtdrs.dll
[2012/12/30 20:41:41 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldtcnv4.dll
[2012/12/30 20:41:23 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dldtwupd.dll
[2012/12/30 20:41:23 | 000,017,064 | ---- | C] () -- C:\WINDOWS\System32\dldtwupd.exe
[2012/12/30 20:41:10 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\dldtutil.dll
[2012/12/30 20:41:10 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\DLDTinst.dll
[2012/12/30 20:41:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldtgrd.dll
[2012/12/30 20:41:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldtinsb.dll
[2012/12/30 20:41:10 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldtins.dll
[2012/12/30 20:41:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldtjswr.dll
[2012/12/30 20:41:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldtinsr.dll
[2012/12/30 20:41:10 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldtcub.dll
[2012/12/30 20:41:10 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDTcfg.dll
[2012/12/30 20:41:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldtcu.dll
[2012/12/30 20:41:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldtcur.dll
[2012/08/16 16:31:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/12 13:06:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat
[2012/08/11 00:08:40 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/07/19 13:21:08 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/07/06 07:59:00 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/04/12 12:11:54 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\ymaltese\Application Data\Adobe PNG Format CS5 Prefs
[2012/04/11 19:02:30 | 000,034,788 | ---- | C] () -- C:\Documents and Settings\ymaltese\Start Menu.rar
[2012/04/11 18:29:56 | 000,029,600 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/04/09 16:56:53 | 001,481,884 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2012/04/09 16:56:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2012/04/09 16:44:55 | 000,027,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sys8042.sys
[2011/07/19 15:01:53 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2011/07/14 22:43:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/26 19:43:09 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\ymaltese\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/30 12:40:32 | 000,097,152 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2011/03/30 12:40:32 | 000,044,624 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2011/02/13 19:01:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/26 18:30:30 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\ymaltese\Local Settings\Application Data\fusioncache.dat
[2011/01/21 13:26:15 | 000,001,002 | RHS- | C] () -- C:\Documents and Settings\ymaltese\ntuser.pol
[2010/06/02 06:22:54 | 001,412,902 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2010/06/02 06:22:54 | 001,127,217 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2010/06/02 06:22:54 | 000,273,960 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x64.cab
[2010/06/02 06:22:54 | 000,272,611 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x86.cab
[2010/06/02 06:22:54 | 000,182,361 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2010/06/02 06:22:54 | 000,138,017 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2010/06/02 06:22:54 | 000,086,037 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2010/06/02 06:22:54 | 000,045,359 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2010/06/02 06:22:52 | 001,906,878 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab
[2010/06/02 06:22:52 | 001,550,796 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab
[2010/06/02 06:22:52 | 000,965,421 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab
[2010/06/02 06:22:52 | 000,121,794 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x64.cab
[2010/06/02 06:22:52 | 000,092,684 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x86.cab
[2010/06/02 06:22:52 | 000,054,522 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab
[2010/06/02 06:22:52 | 000,021,851 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab
[2010/06/02 06:22:50 | 000,994,154 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab
[2010/06/02 06:22:50 | 000,196,762 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab
[2010/06/02 06:22:50 | 000,148,264 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab
[2010/06/02 06:22:50 | 000,046,144 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
[2010/06/02 06:22:50 | 000,018,496 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
[2010/06/02 06:22:48 | 001,802,058 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
[2010/06/02 06:22:48 | 001,709,360 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
[2010/06/02 06:22:48 | 000,864,600 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
[2010/06/02 06:22:48 | 000,803,884 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
[2010/06/02 06:22:48 | 000,273,018 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x86.cab
[2010/06/02 06:22:46 | 000,275,044 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x64.cab
[2010/06/02 06:22:46 | 000,121,506 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x64.cab
[2010/06/02 06:22:46 | 000,092,740 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x86.cab
[2010/06/02 06:22:38 | 000,054,600 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x64.cab
[2010/06/02 06:22:38 | 000,021,298 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x86.cab
[2010/06/02 06:22:36 | 001,973,702 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x64.cab
[2010/06/02 06:22:36 | 001,612,446 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x86.cab
[2010/06/02 06:22:36 | 001,067,160 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x64.cab
[2010/06/02 06:22:36 | 001,040,745 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x86.cab
[2010/06/02 06:22:36 | 000,251,194 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab
[2010/06/02 06:22:36 | 000,226,250 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab
[2010/06/02 06:22:36 | 000,122,336 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab
[2010/06/02 06:22:36 | 000,093,734 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab
[2010/06/02 06:22:34 | 001,769,862 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
[2010/06/02 06:22:34 | 001,443,282 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
[2010/06/02 06:22:34 | 000,818,260 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
[2010/06/02 06:22:34 | 000,055,058 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
[2010/06/02 06:22:34 | 000,021,867 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
[2010/06/02 06:22:32 | 000,937,246 | ---- | C] () -- C:\Program Files\Jun2010_d3dx9_43_x64.cab
[2010/06/02 06:22:32 | 000,844,884 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
[2010/06/02 06:22:32 | 000,768,036 | ---- | C] () -- C:\Program Files\Jun2010_d3dx9_43_x86.cab
[2010/06/02 06:22:32 | 000,278,060 | ---- | C] () -- C:\Program Files\Jun2010_XAudio_x86.cab
[2010/06/02 06:22:32 | 000,277,338 | ---- | C] () -- C:\Program Files\Jun2010_XAudio_x64.cab
[2010/06/02 06:22:32 | 000,124,596 | ---- | C] () -- C:\Program Files\Jun2010_XACT_x64.cab
[2010/06/02 06:22:32 | 000,093,686 | ---- | C] () -- C:\Program Files\Jun2010_XACT_x86.cab
[2010/06/02 06:22:30 | 000,762,188 | ---- | C] () -- C:\Program Files\Jun2010_d3dcsx_43_x86.cab
[2010/06/02 06:22:30 | 000,235,955 | ---- | C] () -- C:\Program Files\Jun2010_d3dx10_43_x64.cab
[2010/06/02 06:22:30 | 000,197,283 | ---- | C] () -- C:\Program Files\Jun2010_d3dx10_43_x86.cab
[2010/06/02 06:22:30 | 000,138,205 | ---- | C] () -- C:\Program Files\Jun2010_d3dx11_43_x64.cab
[2010/06/02 06:22:30 | 000,109,445 | ---- | C] () -- C:\Program Files\Jun2010_d3dx11_43_x86.cab
[2010/06/02 06:22:28 | 000,944,460 | ---- | C] () -- C:\Program Files\Jun2010_D3DCompiler_43_x64.cab
[2010/06/02 06:22:28 | 000,931,471 | ---- | C] () -- C:\Program Files\Jun2010_D3DCompiler_43_x86.cab
[2010/06/02 06:22:28 | 000,752,783 | ---- | C] () -- C:\Program Files\Jun2010_d3dcsx_43_x64.cab
[2010/06/02 06:22:20 | 000,269,024 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x86.cab
[2010/06/02 06:22:18 | 001,792,608 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab
[2010/06/02 06:22:18 | 001,463,878 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab
[2010/06/02 06:22:18 | 000,867,828 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab
[2010/06/02 06:22:18 | 000,849,919 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab
[2010/06/02 06:22:18 | 000,269,628 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x64.cab
[2010/06/02 06:22:18 | 000,152,909 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab
[2010/06/02 06:22:18 | 000,121,054 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x64.cab
[2010/06/02 06:22:18 | 000,093,128 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x86.cab
[2010/06/02 06:22:18 | 000,055,154 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab
[2010/06/02 06:22:18 | 000,021,905 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab
[2010/06/02 06:22:16 | 001,607,774 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
[2010/06/02 06:22:16 | 001,607,286 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
[2010/06/02 06:22:16 | 001,064,925 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2010/06/02 06:22:16 | 000,699,044 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
[2010/06/02 06:22:16 | 000,698,472 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
[2010/06/02 06:22:16 | 000,197,122 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab
[2010/06/02 06:22:16 | 000,180,785 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2010/06/02 06:22:16 | 000,133,671 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2010/06/02 06:22:14 | 001,336,002 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2010/06/02 06:22:14 | 000,277,191 | ---- | C] () -- C:\Program Files\Feb2010_XAudio_x86.cab
[2010/06/02 06:22:14 | 000,276,960 | ---- | C] () -- C:\Program Files\Feb2010_XAudio_x64.cab
[2010/06/02 06:22:14 | 000,122,446 | ---- | C] () -- C:\Program Files\Feb2010_XACT_x64.cab
[2010/06/02 06:22:14 | 000,093,180 | ---- | C] () -- C:\Program Files\Feb2010_XACT_x86.cab
[2010/06/02 06:22:12 | 000,194,675 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab
[2010/06/02 06:22:12 | 000,147,983 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab
[2010/06/02 06:22:12 | 000,054,678 | ---- | C] () -- C:\Program Files\Feb2010_X3DAudio_x64.cab
[2010/06/02 06:22:12 | 000,020,713 | ---- | C] () -- C:\Program Files\Feb2010_X3DAudio_x86.cab
[2010/06/02 06:22:10 | 000,178,359 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2010/06/02 06:22:10 | 000,132,409 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2010/06/02 06:22:04 | 001,084,720 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2010/06/02 06:22:02 | 001,574,376 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2010/06/02 06:22:02 | 001,362,796 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2010/06/02 06:22:02 | 001,247,499 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2010/06/02 06:22:02 | 001,013,225 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2010/06/02 06:22:02 | 000,192,475 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2010/06/02 06:22:02 | 000,145,599 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2010/06/02 06:22:00 | 001,571,154 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2010/06/02 06:22:00 | 001,357,976 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2010/06/02 06:22:00 | 001,079,456 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2010/06/02 06:22:00 | 000,273,264 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x64.cab
[2010/06/02 06:22:00 | 000,272,642 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x86.cab
[2010/06/02 06:22:00 | 000,212,807 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2010/06/02 06:22:00 | 000,191,720 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2010/06/02 06:22:00 | 000,122,408 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x64.cab
[2010/06/02 06:22:00 | 000,093,106 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x86.cab
[2010/06/02 06:21:58 | 000,930,116 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x64.cab
[2010/06/02 06:21:58 | 000,728,456 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x86.cab
[2010/06/02 06:21:58 | 000,232,635 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x64.cab
[2010/06/02 06:21:58 | 000,192,131 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x86.cab
[2010/06/02 06:21:58 | 000,136,301 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x64.cab
[2010/06/02 06:21:58 | 000,105,044 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x86.cab
[2010/06/02 06:21:56 | 003,319,740 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x86.cab
[2010/06/02 06:21:56 | 003,112,111 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x64.cab
[2010/06/02 06:21:56 | 000,900,598 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x86.cab
[2010/06/02 06:21:46 | 000,919,044 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x64.cab
[2010/06/02 06:21:46 | 000,271,412 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x64.cab
[2010/06/02 06:21:46 | 000,271,038 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x86.cab
[2010/06/02 06:21:44 | 001,794,084 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab
[2010/06/02 06:21:44 | 001,464,672 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab
[2010/06/02 06:21:44 | 000,849,167 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab
[2010/06/02 06:21:44 | 000,198,096 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab
[2010/06/02 06:21:44 | 000,153,012 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab
[2010/06/02 06:21:44 | 000,121,772 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x64.cab
[2010/06/02 06:21:44 | 000,092,996 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x86.cab
[2010/06/02 06:21:42 | 001,800,160 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
[2010/06/02 06:21:42 | 001,708,152 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
[2010/06/02 06:21:42 | 000,867,612 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab
[2010/06/02 06:21:42 | 000,852,286 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
[2010/06/02 06:21:42 | 000,796,867 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
[2010/06/02 06:21:40 | 001,350,542 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2010/06/02 06:21:40 | 001,077,644 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2010/06/02 06:21:40 | 000,182,903 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2010/06/02 06:21:40 | 000,137,235 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2010/06/02 06:21:40 | 000,087,142 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2010/06/02 06:21:40 | 000,053,302 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab
[2010/06/02 06:21:40 | 000,046,058 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2010/06/02 06:21:38 | 001,606,039 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
[2010/06/02 06:21:38 | 000,195,766 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab
[2010/06/02 06:21:38 | 000,151,225 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab
[2010/06/02 06:21:38 | 000,096,817 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab
[2010/06/02 06:21:36 | 001,607,358 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
[2010/06/02 06:21:36 | 000,698,612 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
[2010/06/02 06:21:36 | 000,695,865 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
[2010/06/02 06:21:34 | 000,046,010 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab
[2010/06/02 06:21:20 | 000,087,101 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2010/06/02 06:21:18 | 004,162,630 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2010/06/02 06:21:18 | 000,916,430 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2010/06/02 06:21:18 | 000,179,133 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2010/06/02 06:21:18 | 000,133,103 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2010/06/02 06:21:16 | 001,397,830 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2010/06/02 06:21:16 | 001,347,354 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2010/06/02 06:21:16 | 001,115,221 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2010/06/02 06:21:16 | 001,078,962 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
[2009/02/17 12:38:40 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DRILDOWN.INI
[2008/08/15 13:52:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/26 14:30:54 | 000,000,066 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/10/25 13:31:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/10/11 12:04:51 | 000,000,143 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2007/10/11 11:53:40 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\administrator.HFMA_NT\Local Settings\Application Data\fusioncache.dat
[2007/10/11 10:58:54 | 000,000,013 | ---- | C] () -- C:\WINDOWS\cpicnv.INI
[2007/10/11 10:58:50 | 000,000,009 | ---- | C] () -- C:\WINDOWS\ImgFax.INI
[2007/10/11 10:58:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\FaxPress.INI
[2007/10/11 08:53:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\ifmember.exe
[2007/05/09 12:31:12 | 000,000,141 | ---- | C] () -- C:\WINDOWS\DiagMan.ini
[2007/05/09 12:30:24 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\u2lpsql.dll
[2007/05/09 12:30:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\tslv.dll
[2007/05/09 12:30:21 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2007/05/09 12:30:20 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\exportmodeller.dll
[2007/05/04 16:00:53 | 000,000,163 | ---- | C] () -- C:\WINDOWS\FRX.INI
[2007/05/04 15:55:37 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\lsvbwrap.dll
[2007/05/04 15:55:35 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\FRxELM32.dll
[2006/10/31 17:05:36 | 000,000,042 | -H-- | C] () -- C:\Documents and Settings\administrator.HFMA_NT\default.pls
[2006/10/31 16:44:13 | 000,048,586 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2006/10/31 16:40:21 | 000,001,002 | RHS- | C] () -- C:\Documents and Settings\administrator.HFMA_NT\ntuser.pol
[2006/10/12 09:09:11 | 000,000,655 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/26 12:58:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/12 13:12:56 | 000,000,807 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/12 13:11:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/09/12 13:06:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/09/12 12:55:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/09/12 12:55:10 | 000,523,844 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/09/12 12:55:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/09/12 12:55:10 | 000,097,036 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/09/12 12:55:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/09/12 12:55:09 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/09/12 12:55:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/09/12 12:55:08 | 000,057,721 | ---- | C] () -- C:\Documents and Settings\ymaltese\Application Data\AltShell.dat
[2006/09/12 12:55:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/09/12 12:55:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/09/12 12:55:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/09/12 12:54:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/09/12 12:54:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/09/12 12:00:20 | 000,459,664 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/12 12:00:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2006/09/12 06:01:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/12 06:00:40 | 003,630,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/21 05:36:03 | 000,078,222 | -H-- | C] () -- C:\Documents and Settings\ymaltese\Application Data\YMalteselog.dat
[2003/06/11 18:39:12 | 006,270,976 | ---- | C] () -- C:\WINDOWS\System32\cricu19.dll
[1994/08/17 00:00:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2012/07/19 13:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2013/04/10 13:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/08/30 21:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\.minecraft
[2012/07/24 17:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Audacity
[2012/08/13 19:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\AVG Secure Search
[2012/01/20 23:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Babylon
[2012/08/15 05:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\BabylonToolbar
[2011/08/20 02:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Bandoo
[2013/03/29 02:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\BitTorrent
[2012/12/27 19:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Cisco
[2011/11/23 18:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/04/08 10:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Curse Advertising
[2012/09/29 16:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\DAEMON Tools Lite
[2012/08/14 03:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\DAEMON Tools Pro
[2013/01/13 20:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\DVDVideoSoft
[2013/01/13 20:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\DVDVideoSoftIEHelpers
[2011/08/20 22:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Easy MP3 Recorder
[2012/08/31 20:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\ElevatedDiagnostics
[2012/01/21 02:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\GameRanger
[2011/01/27 18:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\ICAClient
[2012/07/08 11:33:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ymaltese\Application Data\IFViewer
[2013/04/08 19:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\IObit
[2013/04/08 19:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\IObit Apps
[2012/08/16 14:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\iolo
[2012/05/08 20:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\LolClient
[2012/05/23 17:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\LolClient2
[2011/08/19 22:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\MAXON
[2011/05/26 19:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\MPEG Streamclip
[2011/05/26 19:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\OpenCandy
[2012/08/18 03:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Oracle
[2012/07/20 19:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\PDAppFlex
[2012/08/16 00:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\PriceGong
[2012/02/05 00:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Publish Providers
[2012/08/14 20:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\RotMG.Production
[2012/04/25 16:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\RunRev
[2013/04/08 19:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Search Settings
[2011/08/20 02:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\searchquband
[2012/09/29 11:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Solveig Multimedia
[2012/02/05 00:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Sony
[2012/06/17 22:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\SplitMediaLabs
[2012/07/20 14:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/04/09 16:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\SystemRequirementsLab
[2011/02/14 19:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Unity
[2012/07/20 16:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\uTorrent
[2012/10/12 16:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\WallpaperSS
[2013/04/11 20:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ymaltese\Application Data\Yontoo
[2013/03/30 02:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/07 18:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2009/01/13 11:34:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/08/15 05:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/20 23:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/03/30 02:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/06/12 12:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/08/14 19:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2013/04/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/08/13 19:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/29 16:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/08/10 16:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2012/08/15 15:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Inspector
[2011/12/05 19:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameKiller.net
[2012/03/25 17:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2012/08/15 14:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2012/04/11 18:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/04/08 19:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/29 21:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/12/19 00:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2012/04/28 07:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2013/03/29 17:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/01/20 23:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/11/07 21:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/06/17 22:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SplitMediaLabs
[2013/03/07 19:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/02/18 21:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/26 19:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2011/02/13 19:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/04/08 19:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/04/08 19:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/04/11 20:36:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\Browser Manager.job
[2013/04/11 20:35:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job
[2013/04/11 20:35:25 | 000,000,216 | ---- | M] () -- C:\WINDOWS\Tasks\Hybrid.job
[2013/04/10 11:21:06 | 000,000,212 | ---- | M] () -- C:\WINDOWS\Tasks\IORRT.job
[2013/04/11 17:00:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0B52CC0C-97C3-4382-8831-37A3D8D9E7DF}.job
[2013/04/11 20:35:44 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\Your File Updater.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code: 
:OTL
SRV - File not found [Disabled] -- -- (Yontoo Desktop Updater)
SRV - [2013/02/23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
DRV - File not found [File_System | On_Demand] -- -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (STHDA)
DRV - File not found [Kernel | On_Demand] -- -- (sfng32)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (Monfilt)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (Ambfilt)
IE - HKU\ymaltese_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKU\ymaltese_ON_C\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
[2012/08/14 19:06:11 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {0931BD3F-547E-45C1-B133-D0E995645DBA} - No CLSID value found.
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (no name) - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - No CLSID value found.
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (no name) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - No CLSID value found.
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\ymaltese_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\ymaltese_ON_C..\Run: [Yontoo Desktop] C:\Documents and Settings\ymaltese\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
O15 - HKU\.DEFAULT\..Trusted Domains: hfma.org ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hfma.org ([www] https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O20 - HKU\ymaltese_ON_C Winlogon: Shell - (C:\Documents and Settings\ymaltese\Application Data\AltShell.dat) - C:\Documents and Settings\ymaltese\Application Data\AltShell.dat ()
O33 - MountPoints2\{5d59a0c1-4d7c-11db-806c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5d59a0c1-4d7c-11db-806c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d59a0c1-4d7c-11db-806c-806d6172696f}\Shell\AutoRun\command - "" = D:\EISetup.exe
[2013/04/11 20:36:15 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\ymaltese\Application Data\AltShell.ini
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

:Services

:Reg

:Files
C:\Documents and Settings\ymaltese\Application Data\AltShell.dat 

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
Log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Yontoo Desktop Updater deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Application Updater deleted successfully.
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinRing0_1_2_0 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WDICA deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\USBAAPL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\STHDA deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sfng32 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PDRFRAME deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PDRELI deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PDFRAME deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PDCOMP deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PCIDump deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Monfilt deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lbrtfdc deleted successfully.
Service\Driver key IntcAzAudAddService) Service for Realtek HD Audio (WDM not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\i2omgmt deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HDAudBus deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EagleXNt deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EagleNT deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Changer deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Ambfilt deleted successfully.
Registry value HKEY_USERS\ymaltese_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Registry value HKEY_USERS\ymaltese_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0931BD3F-547E-45C1-B133-D0E995645DBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0931BD3F-547E-45C1-B133-D0E995645DBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files\Yontoo\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b278d9f8-0fa9-465e-9938-0c392605d8e3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\ymaltese_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\ymaltese_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Yontoo Desktop deleted successfully.
C:\Documents and Settings\ymaltese\Application Data\Yontoo\YontooDesktop.exe moved successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hfma.org\www\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hfma.org\www\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\administrator.HFMA_NT_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\ymaltese_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\administrator.HFMA_NT_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\ymaltese_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\administrator.HFMA_NT_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\ymaltese_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_USERS\ymaltese_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\ymaltese\Application Data\AltShell.dat deleted successfully.
C:\Documents and Settings\ymaltese\Application Data\AltShell.dat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d59a0c1-4d7c-11db-806c-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d59a0c1-4d7c-11db-806c-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d59a0c1-4d7c-11db-806c-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d59a0c1-4d7c-11db-806c-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d59a0c1-4d7c-11db-806c-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d59a0c1-4d7c-11db-806c-806d6172696f}\ not found.
File D:\EISetup.exe not found.
C:\Documents and Settings\ymaltese\Application Data\AltShell.ini moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\ymaltese\Application Data\AltShell.dat not found.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 04132013_232457
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
544
Mark Fuller
M
midian182
Infamous Russian hacker mocks the FBI by selling t-shirts featuring his "most wanted"...
Replies
8
Views
470
BuckarooBonzaii
B
Cal Jeffrey
Ransomware group scams its partner out of a share of $22 million by faking an FBI takedown
Replies
6
Views
254
ZedRM
ZedRM

Latest posts

Back