Solved Hard drive cluster/system check virus

To make sure I got this straight. Even though I disabled the firewallI, I must completely uninstall ca security before running combofix or it won't run properly and it will mess up my computer in the process. Sorry for all the questions. I just want to make sure I'm understanding the steps correctly.
 
Yes.
But because you're uninstalling CA make sure to enable Windows firewall instead.
You never want to be without any firewall.
 
Ok I figured out how to get to windows firewall. do I enable after I run combofix or before? I also started the appremover process.
 
Go Start>Control Panel. Double click on the Security Center icon. Click on the Windows Firewall icon beneath the status updates. Click On, then OK.
Yes to your other question.
 
I started the combofix and a warning message popped up to remove mcaffee antivirus and anti spyware before pressing ok. I don't have this virus protection on my computer but I have the mcaffee siteadvisor toolbar unselected in internet explorer. This also didn't show up in appremover.
 
I removed the site advisor toolbar but now it says that the mcaffee is still on there and its still active but combofix shall continue to run. Kindly note that this is at your own risk. What do I do. I didn't press ok yet. Do I run appremover again before pressing ok?
 
ComboFix 12-01-19.02 - Mona 01/19/2012 22:18:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2692 [GMT -5:00]
Running from: c:\documents and settings\Mona\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\15292460
c:\documents and settings\All Users\Application Data\EX45vFk6aoeoSF
c:\documents and settings\All Users\Application Data\gvextw6g8lpw1ewy4vnx0n142a7r
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPLE.tmp
c:\documents and settings\Mona\Application Data\5A50.759
c:\documents and settings\Mona\GoToAssistDownloadHelper.exe
c:\documents and settings\Mona\My Documents\8BE337D9.tmp
c:\documents and settings\Mona\Start Menu\Programs\System Check
c:\documents and settings\Mona\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Mona\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Mona\Templates\gvextw6g8lpw1ewy4vnx0n142a7r
C:\install.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\wpcap.dll
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_10
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-19 16:21 . 2012-01-19 16:21 -------- d-----w- c:\documents and settings\Mona\Application Data\Dell
2012-01-19 16:20 . 2012-01-19 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-01-19 16:18 . 2012-01-19 16:20 -------- d-----w- c:\program files\Dell Support Center
2012-01-19 16:14 . 2012-01-19 16:15 -------- d-----w- c:\documents and settings\Mona\Application Data\PCDr
2012-01-16 20:33 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 19:17 . 2012-01-16 19:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-16 16:42 . 2012-01-16 16:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-12-25 02:38 . 2011-12-25 02:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-25 00:19 . 2011-12-25 00:19 9072 ----a-w- c:\windows\system32\drivers\28046
2011-11-23 13:29 . 2008-04-25 16:16 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2011-12-15 03:19 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-25 16:16 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-25 16:16 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-25 16:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-21 04:04 . 2011-11-28 21:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Zynga\prxtbZyn2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\prxtbZyn2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Optimum Online net guide"="c:\program files\Optimum Online\Netsurf.exe" [2010-09-01 1630208]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"LoadMSvcmm"="c:\program files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe" [2010-01-28 454856]
.
c:\documents and settings\Shawn\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Mona\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-10-23 229376]
Seagate 2GE4L98S Product Registration.lnk - c:\documents and settings\Mona\Application Data\Leadertech\PowerRegister\Seagate 2GE4L98S Product Registration.exe [2011-1-13 1731736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-9-1 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-1 692224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-10-28 15:52 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/1/2010 6:39 PM 10640]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [9/1/2010 6:30 PM 98984]
S0 mnegmu;mnegmu;c:\windows\system32\drivers\tvjmp.sys --> c:\windows\system32\drivers\tvjmp.sys [?]
S2 0113701327027611mcinstcleanup;McAfee Application Installer Cleanup (0113701327027611);c:\docume~1\Mona\LOCALS~1\Temp\011370~1.EXE -cleanup -nolog --> c:\docume~1\Mona\LOCALS~1\Temp\011370~1.EXE -cleanup -nolog [?]
S3 23084;23084;c:\windows\system32\drivers\23084 [6/12/2011 1:13 AM 9072]
S3 23236;23236;c:\windows\system32\drivers\23236 [4/14/2011 2:00 PM 9072]
S3 28046;28046;c:\windows\system32\drivers\28046 [12/24/2011 7:19 PM 9072]
S3 4135;4135;c:\windows\system32\drivers\4135 [5/27/2011 1:47 PM 9072]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [12/13/2011 8:36 PM 21744]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 0113701327027611MCINSTCLEANUP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3179336198-101048220-3685835499-1005Core.job
- c:\documents and settings\Mona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 08:31]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3179336198-101048220-3685835499-1005UA.job
- c:\documents and settings\Mona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\documents and settings\Mona\Application Data\Mozilla\Firefox\Profiles\5aonw9s9.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 22:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\23084]
"ImagePath"="System32\DRIVERS\23084"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\23236]
"ImagePath"="System32\DRIVERS\23236"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\28046]
"ImagePath"="System32\DRIVERS\28046"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4135]
"ImagePath"="System32\DRIVERS\4135"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(1716)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxducoms.exe
c:\progra~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ICO.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\windows\system32\Pmxmiced.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2012-01-19 22:29:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 03:29
.
Pre-Run: 459,614,720,000 bytes free
Post-Run: 462,352,064,512 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 13B2AAC1B9584E31C5BFD072735D6BC3
 
We have one system file missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
i8042prt.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook 30.07.11 by jpshortstuff
Log created at 23:23 on 19/01/2012 by Mona
Administrator - Elevation successful

========== filefind ==========

Searching for "i8042prt.sys"
No files found.

-= EOF =-
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\drivers\28046
c:\windows\system32\drivers\23084
c:\windows\system32\drivers\23236
c:\windows\system32\drivers\4135


Folder::

Driver::
23084
23236
28046
4135


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\23084]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\23236]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\28046]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4135]

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-01-19.02 - Mona 01/19/2012 23:39:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2804 [GMT -5:00]
Running from: c:\documents and settings\Mona\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mona\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\windows\system32\drivers\23084"
"c:\windows\system32\drivers\23236"
"c:\windows\system32\drivers\28046"
"c:\windows\system32\drivers\4135"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\23084
c:\windows\system32\drivers\23236
c:\windows\system32\drivers\28046
c:\windows\system32\drivers\4135
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_23084
-------\Legacy_23236
-------\Legacy_28046
-------\Legacy_4135
-------\Service_23084
-------\Service_23236
-------\Service_28046
-------\Service_4135
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-19 16:21 . 2012-01-19 16:21 -------- d-----w- c:\documents and settings\Mona\Application Data\Dell
2012-01-19 16:20 . 2012-01-19 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-01-19 16:18 . 2012-01-19 16:20 -------- d-----w- c:\program files\Dell Support Center
2012-01-19 16:14 . 2012-01-19 16:15 -------- d-----w- c:\documents and settings\Mona\Application Data\PCDr
2012-01-16 20:33 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 19:17 . 2012-01-16 19:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-16 16:42 . 2012-01-16 16:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-12-25 02:38 . 2011-12-25 02:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:29 . 2008-04-25 16:16 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2011-12-15 03:19 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-25 16:16 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-25 16:16 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-25 16:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-21 04:04 . 2011-11-28 21:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_03.26.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 04:43 . 2012-01-20 04:43 16384 c:\windows\Temp\Perflib_Perfdata_218.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Zynga\prxtbZyn2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\prxtbZyn2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"LoadMSvcmm"="c:\program files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe" [2010-01-28 454856]
.
c:\documents and settings\Shawn\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Mona\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-10-23 229376]
Seagate 2GE4L98S Product Registration.lnk - c:\documents and settings\Mona\Application Data\Leadertech\PowerRegister\Seagate 2GE4L98S Product Registration.exe [2011-1-13 1731736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-9-1 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-1 692224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-10-28 15:52 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/1/2010 6:39 PM 10640]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [9/1/2010 6:30 PM 98984]
S0 mnegmu;mnegmu;c:\windows\system32\drivers\tvjmp.sys --> c:\windows\system32\drivers\tvjmp.sys [?]
S2 0113701327027611mcinstcleanup;McAfee Application Installer Cleanup (0113701327027611);c:\docume~1\Mona\LOCALS~1\Temp\011370~1.EXE -cleanup -nolog --> c:\docume~1\Mona\LOCALS~1\Temp\011370~1.EXE -cleanup -nolog [?]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [12/13/2011 8:36 PM 21744]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3179336198-101048220-3685835499-1005Core.job
- c:\documents and settings\Mona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 08:31]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3179336198-101048220-3685835499-1005UA.job
- c:\documents and settings\Mona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\documents and settings\Mona\Application Data\Mozilla\Firefox\Profiles\5aonw9s9.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 23:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(1708)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\lxducoms.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxducoms.exe
c:\progra~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
c:\windows\system32\fxssvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ICO.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2012-01-19 23:45:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 04:45
ComboFix2.txt 2012-01-20 03:29
.
Pre-Run: 462,373,920,768 bytes free
Post-Run: 462,362,157,056 bytes free
.
- - End Of File - - C2DE19CF51F10D224A4D44D659452EF5
 
To make sure I'm on the right track. I went to the page in your last post, clicked on the download this file in the middle of the page directly under UrL:http://www.filedropper.com/i8042prt_1 and an embedded link, which then showed an arrow pointing down to 7-ZIP 4.2 with another download link that's 1.0 MB. It then takes you to another page that says get the best compression utility in the World- 7 Zip. Is this right because there was no other download other than what I mentioned?


Also, I was going over the posts again. Should I run rkill after running combofix the next time?
 
You have to click on big black button "Download this file".

You don't need to run rKill if Combofix runs fine.
Please read my instructions carefully.
 
I was having a duh moment this morning lol. I would click on the download black button and enter the characters for the next step and kept wondering why the run dialog box was not opening. Apparently I was entering a space where it looked like one in which there was actually none to begin with.



SystemLook 30.07.11 by jpshortstuff
Log created at 13:02 on 20/01/2012 by Mona
Administrator - Elevation successful

========== filefind ==========

Searching for "i8042prt.sys"
C:\WINDOWS\LastGood\system32\drivers\i8042prt.sys --a---- 52480 bytes [18:00 20/01/2012] [17:57 20/01/2012] F641D64E8FD069D91E60511BB5CF4A2D
C:\WINDOWS\system32\dllcache\i8042prt.sys --a--c- 52480 bytes [17:57 20/01/2012] [05:48 14/04/2008] 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\system32\drivers\i8042prt.sys --a---- 52480 bytes [17:57 20/01/2012] [05:48 14/04/2008] 4A0B06AA8943C1E332520F7440C0AA30

-= EOF =-
 
Good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
My computer seems to be doing ok so far.

OTL log:

OTL logfile created on: 1/20/2012 2:13:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mona\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 83.42% Memory free
5.09 Gb Paging File | 4.70 Gb Available in Paging File | 92.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.71 Gb Total Space | 430.84 Gb Free Space | 92.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MONIQUE | User Name: Mona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/20 14:08:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mona\Desktop\OTL.exe
PRC - [2011/10/21 08:36:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2010/01/28 13:03:12 | 000,454,856 | ---- | M] (Blockbuster) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
PRC - [2010/01/28 13:02:40 | 001,867,464 | ---- | M] (Blockbuster) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/09/10 06:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2008/09/10 06:11:09 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2008/05/23 07:58:34 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe
PRC - [2008/05/23 07:58:22 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduserv.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/23 03:00:00 | 000,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/04/11 14:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2006/11/08 15:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/06/27 16:31:50 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/12 13:32:26 | 000,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/03/08 07:56:00 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\MtdAcqu.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/17 23:28:11 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ba370ba1\mscorlib.dll
MOD - [2012/01/17 23:28:09 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_044e8cb5\system.drawing.dll
MOD - [2012/01/17 23:28:05 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cf6e7352\system.xml.dll
MOD - [2012/01/17 23:28:01 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c9e5f823\system.windows.forms.dll
MOD - [2012/01/17 23:27:51 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_8e7bb095\system.dll
MOD - [2012/01/17 23:27:42 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/01/17 23:27:42 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/17 23:27:40 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/10/14 02:26:34 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:26:18 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 02:24:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 02:24:49 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 02:24:38 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 02:24:15 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008/09/10 06:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2008/09/10 06:11:09 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
MOD - [2008/09/10 05:28:56 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2008/09/10 05:28:45 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2008/09/10 05:28:44 | 001,036,288 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2008/09/10 05:14:35 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\lxduoem.dll
MOD - [2008/09/10 05:11:05 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll
MOD - [2008/09/10 05:08:35 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2008/05/26 22:36:57 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.monitor.core.dll
MOD - [2008/05/26 22:36:57 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.monitor.common.dll
MOD - [2008/05/26 22:35:58 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008/05/23 07:17:14 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdudrpp.dll
MOD - [2008/05/23 07:17:13 | 000,198,144 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdudr.dll
MOD - [2008/05/23 07:17:13 | 000,149,504 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdudrui.dll
MOD - [2008/05/23 07:14:38 | 000,811,008 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduptpc.dll
MOD - [2008/05/23 07:02:14 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdudatr.dll
MOD - [2008/05/09 08:42:20 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\lxducaps.dll
MOD - [2008/05/09 08:42:13 | 001,036,288 | ---- | M] () -- C:\WINDOWS\system32\lxdudrs.dll
MOD - [2008/05/09 08:29:16 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxducnv4.dll
MOD - [2008/04/30 19:41:53 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXDUPMON.DLL
MOD - [2008/04/25 16:35:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2008/04/25 16:35:57 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/04/25 16:35:57 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2008/04/25 16:35:56 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/04/14 07:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/04/02 10:07:19 | 001,388,544 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduhpec.dll
MOD - [2008/03/24 23:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2006/06/12 13:32:26 | 000,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2006/05/19 14:20:50 | 000,188,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0113701327027611mcinstcleanup) McAfee Application Installer Cleanup (0113701327027611)
SRV - [2010/10/28 10:52:18 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/28 13:02:40 | 001,867,464 | ---- | M] (Blockbuster) [Auto | Running] -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe -- (Movielink Core Service)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/05/23 07:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/05/23 07:58:22 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/13 20:36:04 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 21:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/09/24 22:12:06 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/09/24 22:11:52 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/07/01 17:13:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/07/01 17:13:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/07/01 17:13:24 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/07/16 21:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/11 14:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 14:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 14:32:46 | 000,010,640 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mona\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1B84E892-AE2C-4976-BC26-07692EA71334}: C:\Documents and Settings\Mona\Local Settings\Application Data\{1B84E892-AE2C-4976-BC26-07692EA71334}\ [2011/03/30 20:38:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/16 14:15:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/25 09:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Extensions
[2011/08/22 21:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\5aonw9s9.default\extensions
[2011/08/22 17:02:37 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\5aonw9s9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}(2)
[2011/11/28 16:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/19 21:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/05 16:14:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/04 21:46:20 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/05 16:14:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Secure Search (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mona\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Rampage = C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Mona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.119.1_0\

O1 HOSTS File: ([2012/01/19 23:43:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [LoadMSvcmm] C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe (Blockbuster)
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Mona\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Mona\Start Menu\Programs\Startup\Seagate 2GE4L98S Product Registration.lnk = C:\Documents and Settings\Mona\Application Data\Leadertech\PowerRegister\Seagate 2GE4L98S Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFEF9639-8120-46E7-BD1A-AEF26EF609D2}: DhcpNameServer = 167.206.254.2 167.206.254.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mona\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mona\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/20 14:08:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mona\Desktop\OTL.exe
[2012/01/20 13:00:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/19 22:17:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/19 22:12:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/19 22:12:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/19 22:12:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/19 22:12:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/19 22:11:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/19 21:37:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 21:13:22 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Mona\Desktop\AppRemover.exe
[2012/01/19 20:17:28 | 004,388,721 | R--- | C] (Swearware) -- C:\Documents and Settings\Mona\Desktop\ComboFix.exe
[2012/01/19 18:54:02 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mona\Desktop\tdsskiller.exe
[2012/01/19 11:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Application Data\Dell
[2012/01/19 11:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/01/19 11:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2012/01/19 11:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/01/19 11:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Application Data\PCDr
[2012/01/19 10:56:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mona\Recent
[2012/01/16 15:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 15:33:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/04 19:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/01 18:28:07 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDUhcp.dll
[2010/09/01 18:28:07 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduinpa.dll
[2010/09/01 18:28:06 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduserv.dll
[2010/09/01 18:28:06 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduusb1.dll
[2010/09/01 18:28:06 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdupmui.dll
[2010/09/01 18:28:06 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdulmpm.dll
[2010/09/01 18:28:06 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduiesc.dll
[2010/09/01 18:28:05 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduhbn3.dll
[2010/09/01 18:28:05 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduih.exe
[2010/09/01 18:28:04 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomc.dll
[2010/09/01 18:28:04 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducoms.exe
[2010/09/01 18:28:04 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomm.dll
[2010/09/01 18:28:04 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducfg.exe
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/20 14:11:31 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\Microsoft Office Word 2007.lnk
[2012/01/20 14:08:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mona\Desktop\OTL.exe
[2012/01/20 13:41:13 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3179336198-101048220-3685835499-1005UA.job
[2012/01/20 09:41:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3179336198-101048220-3685835499-1005Core.job
[2012/01/19 23:46:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/19 23:43:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/19 23:43:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 23:43:36 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 23:22:32 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\SystemLook.exe
[2012/01/19 22:17:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/19 22:11:36 | 004,388,721 | R--- | M] (Swearware) -- C:\Documents and Settings\Mona\Desktop\ComboFix.exe
[2012/01/19 21:34:55 | 000,504,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/19 21:34:55 | 000,097,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/19 21:24:54 | 000,954,316 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2012/01/19 21:13:32 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mona\Desktop\AppRemover.exe
[2012/01/19 18:56:42 | 000,000,301 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2012/01/19 18:56:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2012/01/19 18:56:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2012/01/19 18:56:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2012/01/19 18:56:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2012/01/19 18:56:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2012/01/19 18:56:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2012/01/19 18:56:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2012/01/19 18:54:08 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mona\Desktop\tdsskiller.exe
[2012/01/19 18:38:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/19 17:42:50 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\unhide.exe
[2012/01/19 13:12:15 | 000,000,063 | ---- | M] () -- C:\pclog_5928.dat
[2012/01/16 15:33:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 14:27:28 | 000,001,312 | ---- | M] () -- C:\Documents and Settings\Mona\Start Menu\Programs\Startup\Seagate 2GE4L98S Product Registration.lnk
[2012/01/16 10:24:23 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\b5fc2777
[2012/01/16 10:24:22 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\7887c66f
[2012/01/15 21:32:58 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\mcs.rma
[2012/01/15 21:32:58 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\7C4920
[2012/01/04 19:44:06 | 000,000,063 | ---- | M] () -- C:\pclog_3216.dat
[2011/12/24 19:18:09 | 000,001,014 | -HS- | M] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\gvextw6g8lpw1ewy4vnx0n142a7r
[2011/12/21 19:44:45 | 000,000,063 | ---- | M] () -- C:\pclog_2060.dat
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
otl log cont'd

========== Files Created - No Company Name ==========

[2012/01/19 23:22:31 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Mona\Desktop\SystemLook.exe
[2012/01/19 22:17:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/19 22:17:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/19 22:12:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/19 22:12:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/19 22:12:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/19 22:12:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/19 22:12:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/19 17:42:49 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Mona\Desktop\unhide.exe
[2012/01/19 17:11:18 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/19 13:12:15 | 000,000,063 | ---- | C] () -- C:\pclog_5928.dat
[2012/01/16 16:07:48 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 15:33:43 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 10:24:20 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\7887c66f
[2012/01/16 10:24:20 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\b5fc2777
[2012/01/04 19:44:06 | 000,000,063 | ---- | C] () -- C:\pclog_3216.dat
[2011/12/24 19:18:09 | 000,001,014 | -HS- | C] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\gvextw6g8lpw1ewy4vnx0n142a7r
[2011/12/21 19:44:45 | 000,000,063 | ---- | C] () -- C:\pclog_2060.dat
[2011/09/05 17:40:02 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/04 22:08:40 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2011/04/04 22:07:27 | 004,108,304 | ---- | C] () -- C:\WINDOWS\System32\win32cpr.dll
[2011/04/04 22:07:27 | 002,760,720 | ---- | C] () -- C:\WINDOWS\System32\svcprs32.exe
[2011/04/04 22:07:26 | 003,207,184 | ---- | C] () -- C:\WINDOWS\System32\mdmcls32.exe
[2011/04/04 22:07:26 | 001,744,912 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2011/03/30 20:38:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Etilapuqazefijoc.dat
[2011/03/30 20:38:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jxilipenoxokexaq.bin
[2011/03/25 09:40:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/23 11:04:28 | 000,778,320 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/06 09:47:44 | 000,000,750 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/23 18:29:37 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2010/10/22 02:33:20 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\mcs.rma
[2010/10/22 02:33:20 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\7C4920
[2010/10/08 16:21:55 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/01 23:24:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/01 19:05:33 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/01 19:05:32 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/01 19:05:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/09/01 19:05:31 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/01 19:05:30 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/09/01 18:30:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxduvs.dll
[2010/09/01 18:30:27 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxducoin.dll
[2010/09/01 18:30:13 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdudrs.dll
[2010/09/01 18:30:13 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxducaps.dll
[2010/09/01 18:30:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxducnv4.dll
[2010/09/01 18:29:59 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxduoem.dll
[2010/09/01 18:29:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDUPMON.DLL
[2010/09/01 18:29:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDUFXPU.DLL
[2010/09/01 18:28:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdurwrd.ini
[2010/09/01 18:28:07 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDUinst.dll
[2010/09/01 18:28:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdugrd.dll
[2010/09/01 18:24:43 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\fusioncache.dat
[2010/09/01 16:40:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/01 16:34:44 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FontZoom.exe
[2010/09/01 16:34:44 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2010/08/27 07:54:26 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/08/27 07:54:26 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/27 07:54:26 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/08/27 07:54:26 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/08/27 07:54:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/08/27 07:54:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/08/27 07:54:18 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2010/08/27 07:54:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2010/08/27 07:52:40 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/25 16:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 16:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 11:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 11:16:22 | 000,504,180 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 11:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 11:16:22 | 000,097,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 11:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 11:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 11:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 11:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 11:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 11:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 11:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 11:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 04:21:52 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2010/09/01 18:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5600-6600 Series
[2011/09/05 07:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/10/28 10:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/05/28 01:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dNh06511cLkOo06511
[2011/06/12 15:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2011/09/13 21:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2010/10/10 15:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series
[2011/04/12 19:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Movielink
[2011/03/25 01:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2012/01/19 11:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/03/23 10:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/06/02 17:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/01/20 01:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/10/14 14:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2010/09/01 18:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/09/22 15:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/09/13 01:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\5600-6600 Series
[2011/04/19 16:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\262E6BE9085BBA1B2F8C02EEA0CF7F08
[2010/10/14 14:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\5600-6600 Series
[2011/04/01 10:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Blackberry Desktop
[2011/04/04 22:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\CallingID
[2010/09/02 03:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/12/28 03:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Individual Software
[2011/01/13 08:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Leadertech
[2010/09/03 17:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Lexmark Productivity Studio
[2011/03/25 01:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\muvee Technologies
[2012/01/19 11:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\PCDr
[2011/03/23 11:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Research In Motion
[2010/12/22 19:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Unity
[2010/09/30 23:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shawn\Application Data\5600-6600 Series
[2010/10/01 00:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shawn\Application Data\Lexmark Productivity Studio
[2010/12/22 16:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shawn\Application Data\Unity

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/25 16:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/01 18:23:52 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/19 22:17:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/04 22:16:53 | 000,257,433 | ---- | M] () -- C:\caisslog.old
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/01/19 23:46:27 | 000,012,645 | ---- | M] () -- C:\ComboFix.txt
[2008/04/25 16:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/27 07:54:40 | 000,006,457 | R--- | M] () -- C:\dell.sdr
[2010/09/01 17:53:41 | 000,135,168 | ---- | M] (Netsurfer, Inc.) -- C:\DHCPD.exe
[2010/09/01 17:53:41 | 000,458,752 | ---- | M] (Netsurfer, Inc.) -- C:\Dist32.dll
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/11/09 08:56:01 | 000,000,268 | ---- | M] () -- C:\faxfile.log
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/01/19 23:43:36 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2011/09/13 21:26:12 | 000,001,859 | ---- | M] () -- C:\INSTALL.LOG
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/04/25 16:29:32 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2008/04/25 16:29:32 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2010/09/01 17:53:41 | 000,045,056 | ---- | M] (Netsurfer, Inc.) -- C:\NetUtils.dll
[2010/09/01 17:53:39 | 000,000,036 | ---- | M] () -- C:\ns_info.ini
[2010/08/27 07:54:51 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/27 07:54:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/19 23:43:34 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/11/14 13:03:15 | 000,000,063 | ---- | M] () -- C:\pclog_1576.dat
[2011/12/21 19:44:45 | 000,000,063 | ---- | M] () -- C:\pclog_2060.dat
[2011/10/14 19:49:57 | 000,000,063 | ---- | M] () -- C:\pclog_2940.dat
[2011/09/21 16:45:15 | 000,000,189 | ---- | M] () -- C:\pclog_2996.dat
[2012/01/04 19:44:06 | 000,000,063 | ---- | M] () -- C:\pclog_3216.dat
[2011/11/30 21:10:05 | 000,000,063 | ---- | M] () -- C:\pclog_3728.dat
[2012/01/19 13:12:15 | 000,000,063 | ---- | M] () -- C:\pclog_5928.dat
[2010/09/01 17:53:40 | 000,790,528 | ---- | M] (Netsurfer, Inc.) -- C:\setup32.exe
[2010/09/01 18:43:49 | 000,000,000 | ---- | M] () -- C:\SoftCast.fl
[2010/09/01 17:54:14 | 000,000,000 | ---- | M] () -- C:\SoftCast.ini
[2012/01/19 17:05:34 | 000,061,168 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_19.01.2012_17.04.01_log.txt
[2012/01/19 18:55:49 | 000,062,450 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_19.01.2012_18.54.19_log.txt
[2012/01/19 19:28:27 | 000,060,440 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_19.01.2012_19.06.55_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/09/01 17:53:41 | 000,344,064 | ---- | M] (Netsurfer, Inc.) -- C:\Yampa.exe

< %systemroot%\Fonts\*.com >
[2006/04/18 22:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 21:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 22:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 21:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/25 16:29:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/05/23 07:17:14 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdudrpp.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/04/25 04:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/04/25 04:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/04/25 04:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/04/25 16:29:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/01 18:24:51 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/23 12:46:53 | 127,104,112 | ---- | M] (Research In Motion Ltd. ) -- C:\Documents and Settings\Mona\Desktop\9550AMEA_PBr5.0.0_rel1656_PL4.2.0.442_A5.0.0.1015.exe
[2012/01/19 21:13:32 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mona\Desktop\AppRemover.exe
[2011/03/23 10:53:18 | 113,284,440 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\blackberry.exe
[2012/01/19 22:11:36 | 004,388,721 | R--- | M] (Swearware) -- C:\Documents and Settings\Mona\Desktop\ComboFix.exe
[2009/02/28 23:13:23 | 014,929,905 | ---- | M] ( ) -- C:\Documents and Settings\Mona\Desktop\klcodec470f.exe
[2012/01/20 14:08:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mona\Desktop\OTL.exe
[2012/01/19 23:22:32 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\SystemLook.exe
[2012/01/19 18:54:08 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mona\Desktop\tdsskiller.exe
[2012/01/19 17:42:50 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\unhide.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2008/04/14 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/01 18:24:50 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Mona\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/01 18:05:19 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\All Users\FastPics.log
[2010/09/03 17:16:15 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\All Users\lxduDiagnostics.log
[2011/11/08 01:30:47 | 000,029,724 | ---- | M] () -- C:\Documents and Settings\All Users\lxduJSW.log
[2010/09/01 18:39:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\UpdaterLog.txt

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/20 14:12:03 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Mona\Cookies\desktop.ini
[2012/01/20 14:12:03 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Mona\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 06:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 06:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 06:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 12:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 06:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 06:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 06:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 06:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 06:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mona\My Documents\Release Agreement.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mona\My Documents\Prayer.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mona\My Documents\Dave & Bust. Birthday_Packages_NorthEast.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mona\My Documents\Bills.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mona\My Documents\1080_Group_Job_Info ---[.doc:Roxio EMC Stream

< End of report >
 
You must log in or register to reply here.

Similar threads

Jess_123
My num pad + doesn't work ...
Replies
0
Views
260
Jess_123
Jess_123
I
  • Locked
Inactive Virus or rootkit on Windows and Linux
Replies
9
Views
2K
Broni
Broni
K
Question Assistance Needed for HPE DL30 Proliant Server Error Codes
Replies
0
Views
605
KJ707
K

Latest posts

Back