Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Many programs blocked from updating/running, i give up!

  1. 2011-05-18, 00:07 #1
    rune1990
    rune1990 is offline
    Member
    Join Date
    Nov 2010
    Posts
    63

    Default Many programs blocked from updating/running, i give up!

    I can't update most of my spyware/maleware/firewall programs nor run scans as they abort without me being able to continue.

    I tried to run erunt and dds, however those will not run either.

    I am really at a loss, any help would be greatly appreciated.
  2. 2011-05-20, 14:47 #2
    vict0r
    vict0r is offline
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Hello and welcome to the forum.

    My name is vict0r and I will help you with the malware issues on your computer.

    Please read the following information carefully.

    IMPORTANT: Whatever repairs we make, are for fixing this computer only and by no means should be used on another computer.

    To make cleaning this machine easier:
    • Continue to respond to this thread until I I tell you that the logs are clean!
    • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
    • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
    • Please follow all instructions in the order posted.
    • If you have any questions or do not understand instructions, please ask before continuing.
    • Please reply to this thread. Do not start a new topic.
    • Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.



    Download/run Rkill:

    Please download Rkill from one of the following links and save it to your Desktop:

    One, Two,Three, Four or Five

    • Double click on Rkill.
    • A command window will open then disappear upon completion, this is normal.
    • A notepad window will open, please post the contents in your next reply
    • This log can also be found at C:\rkill.log
    • Please leave Rkill on the Desktop until otherwise advised.


    Note: If your security software warns about Rkill, please ignore/allow the download/execution to continue.


    random's system information tool (RSIT)

    • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt (<<will be maximized)
      • info.txt (<<will be minimized)
        You can also find the logs here: C:\rsit
    • Post both of these logs. Please use one reply per log.



    When finished, please post:
    • rkill log.
    • RSIT logs.
  3. 2011-05-20, 19:20 #3
    rune1990
    rune1990 is offline
    Member
    Join Date
    Nov 2010
    Posts
    63

    Default

    Thank you for the assistance!

    I dl'd rkill from all 5 locations and everytime I try to run any of them I get the message that windows cannot locate the exe file.

    Unfortunatly the same thing happened with rsit. When I tried to run it the first time I did not choose run as admin and I get two security warnings which I click run..and nothing. When run as admin I get the now familiar windows cannot locate /rsit.exe as well.

    I also forgot to mention I noticed alot of my permissions for running/altering programs get changed without any notification.
  4. 2011-05-20, 19:26 #4
    vict0r
    vict0r is offline
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Scan with exeHelper:

    Please download exeHelper and save it to your desktop.

    • Right-click on exeHelper.com And select " Run as administrator " to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    • Please post the contents of the log.txt file in your next reply.
    • Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).



    Now please retry RSIT (run as administrator) and if RSIT will not run try rkill and then RSIT again.
    Last edited by vict0r; 2011-05-20 at 22:48.
  5. 2011-05-20, 22:48 #5
    rune1990
    rune1990 is offline
    Member
    Join Date
    Nov 2010
    Posts
    63

    Default

    Ok, dl'd exeHelper, tried to run as admin however that was not an option shown at all.

    Simply tried 'open' but yet again, got the "windows cannot find 'C:\...exeHelper.com' Make sure you typed the name correctly, and then try again" message.
  6. 2011-05-20, 23:59 #6
    vict0r
    vict0r is offline
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    It is possible that you have to burn a cd to be able to scan the computer if the following instructions fail. Do you have access to another computer with a cdburner? You also need a empty cd.

    Which version is Windows on the other computer and the infected computer?

    Which make and model is the infected computer? Do you have a Windows installation cd that may have followed the computer as new or another Windows installation cd (which version)?


    Download this program but dont use it yet

    Download Inherit and save it to your desktop.


    Print out the instructions or save them to a file (there's no internet access in safe mode).


    Boot to safemode and try to run exhelper, RKill and then RSIT.

    To Enter Safemode
    • Go to Start> Shut off your Computer> Restart
    • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
      this will bring up a menu.
    • Use the Up and Down Arrow Keys to scroll up to Safemode.
    • Then press the Enter Key on your Keyboard


    Try dragging rKill one at a time into Inherit.exe and then start the program until one runs. Try dragging exehelper into Inherit and finally RSIT and then start the programs.
  7. 2011-05-21, 02:44 #7
    rune1990
    rune1990 is offline
    Member
    Join Date
    Nov 2010
    Posts
    63

    Default

    Ok, had some small success.

    rkill log:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 06/05/2011 at 12:31:40.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:



    Rkill completed on 06/05/2011 at 12:31:41.


    exe.helper log:

    exeHelper by Raktor
    Build 20100414
    Run at 20:03:48 on 05/20/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--


    And rsit log, which wasn't successful:

    Logfile of random's system information tool 1.08 (written by random/random)
    Run by K at 2011-05-20 20:04:09


    I do have a computer with cd burner that I can use. It is running win 7. The infected computer is an acer laptop running win vista.

    Did a search and could only come up with cds for win 98 and vista! lol.
  8. 2011-05-21, 02:46 #8
    rune1990
    rune1990 is offline
    Member
    Join Date
    Nov 2010
    Posts
    63

    Default

    Sorry, windows cds were 98 and xp.
  9. 2011-05-21, 13:30 #9
    vict0r
    vict0r is offline
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Does the XP cd include a Service Pack (i.e. SP2)?

    For all the tools we try to run, if prompted by UAC (User access control), please allow the prompt.

    Please try to run DDS and RSIT in normal mode now. If they don't run, then please delete your current copy of dds, download the following tools to your desktop and follow the instructions below.
    OTL.exe
    dds.com
    HijackThis.exe


    Print out the instructions or save them to a file (there's no internet access in safe mode).

    To Enter Safemode
    • Go to Start> Shut off your Computer> Restart
    • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
      this will bring up a menu.
    • Use the Up and Down Arrow Keys to scroll up to Safemode.
    • Then press the Enter Key on your Keyboard



    OTL

    • Double click on OTL.exe (on your desktop) to run it.
      If it does not run, then drag it to inherit wait for the Ok and try again.
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
    • Click on the Run Scan button at the top left hand corner.
    • OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
      They will be saved on your desktop. Close the logs.



    If OTL does not work then try HijackThis:

    Right click Hijackthis and select Run as administrator (or Open if not present).
    After HijackThis has started, click Do a system scan and save a log file.
    Save the log to your desktop.


    DDS

    Double click dds(.com) to run the tool, if it runs successfully two textfiles will open.
    * DDS.txt
    * Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.


    If all tools fail, then please rerun exeHelper and try again. You can also drag the tools into the Inherit icon, wait for the Ok and try again.

    Reboot to normal mode and post all logs.
  10. 2011-05-21, 14:50 #10
    rune1990
    rune1990 is offline
    Member
    Join Date
    Nov 2010
    Posts
    63

    Default

    I was still not able to get DDS to run, but was able to get OTL to scan. My win xp cd is sp 1 only.

    OTL logfile created on: 21/05/2011 8:15:34 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\K\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 71.28 Gb Total Space | 7.18 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
    Drive D: | 70.94 Gb Total Space | 70.83 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

    Computer Name: K-PC | User Name: K | Logged in as Administrator.
    Boot Mode: SafeMode | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/21 08:06:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\K\Desktop\OTL.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/21 08:06:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\K\Desktop\OTL.exe
    MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
    SRV - [2011/04/18 10:11:52 | 001,803,224 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/12/01 10:34:16 | 000,131,072 | ---- | M] (acer) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
    SRV - [2006/11/30 19:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () [On_Demand | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
    SRV - [2006/11/20 21:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
    SRV - [2006/11/16 16:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2006/11/13 00:13:10 | 000,024,576 | ---- | M] () [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/18 10:14:13 | 000,080,064 | ---- | M] (COMODO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
    DRV - [2011/04/18 10:14:13 | 000,034,744 | ---- | M] (COMODO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2011/04/18 10:14:12 | 000,236,600 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/09/19 03:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2008/03/19 07:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
    DRV - [2007/04/25 13:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
    DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
    DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
    DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
    DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
    DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
    DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
    DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
    DRV - [2007/01/16 11:44:46 | 000,011,986 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\MaVc2K.sys -- (MaVctrl)
    DRV - [2006/11/20 06:02:42 | 000,847,392 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
    DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/10/29 21:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2006/10/25 02:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
    DRV - [2006/10/25 02:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
    DRV - [2006/10/25 02:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
    DRV - [2006/08/04 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/03/07 18:43:40 | 000,111,872 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
    DRV - [2005/08/18 11:44:50 | 000,049,867 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mardp2k.sys -- (MaRdPnp)
    DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
    FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2


    [2009/12/21 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\Mozilla\Extensions
    [2009/12/21 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2009/12/21 20:00:15 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

    O1 HOSTS File: ([2009/03/07 22:24:23 | 000,302,589 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 10431 more lines...
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
    O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Jkibafekutegefix] File not found
    O4 - HKCU..\Run: [Ljehifihufehor] File not found
    O4 - HKCU..\Run: [logexixl] File not found
    O4 - HKCU..\Run: [M5T8QL3YW3] File not found
    O4 - HKCU..\Run: [setupupdater0000.exe] File not found
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKCU..\Run: [捁牥吠畯r] File not found
    O4 - HKCU..\Run: [捁牥吠畯⁲敒業摮牥] File not found
    O4 - Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab (QuickTime Object)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Checkers Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
    O24 - Desktop WallPaper: C:\Users\K\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\K\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/12/02 02:15:27 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{7ab24ea5-1e24-11e0-8c35-000000000000}\Shell\AutoRun\command - "" = F:\autorun.exe
    O33 - MountPoints2\{7ab24ea5-1e24-11e0-8c35-000000000000}\Shell\phone\command - "" = F:\autorun.exe
    O33 - MountPoints2\{ac237992-cf36-11dd-bb6e-000000000000}\Shell - "" = AutoRun
    O33 - MountPoints2\{ac237992-cf36-11dd-bb6e-000000000000}\Shell\AutoRun\command - "" = F:\AutoRun.EXE
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/21 08:06:36 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\K\Desktop\HijackThis.exe
    [2011/05/21 08:06:22 | 000,606,738 | ---- | C] (Swearware) -- C:\Users\K\Desktop\dds.com
    [2011/05/21 08:06:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\K\Desktop\OTL.exe
    [2011/05/20 19:40:26 | 000,000,000 | ---D | C] -- C:\rsit
    [2011/04/26 22:19:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
    [2011/04/26 22:19:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
    [2011/04/26 22:19:33 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2009/12/21 20:57:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\K\AppData\Roaming\pcouffin.sys
    [2007/04/28 16:43:55 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
    [2006/12/02 02:22:28 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/05/21 08:20:56 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\ahrkcwhj.sys
    [2011/05/21 08:19:12 | 000,617,524 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/21 08:19:12 | 000,112,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/21 08:12:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/21 08:12:22 | 000,000,000 | ---- | M] () -- C:\Windows\win32k.sys
    [2011/05/21 08:10:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/05/21 08:07:14 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/21 08:07:14 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/21 08:06:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\K\Desktop\HijackThis.exe
    [2011/05/21 08:06:22 | 000,606,738 | ---- | M] (Swearware) -- C:\Users\K\Desktop\dds.com
    [2011/05/21 08:06:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\K\Desktop\OTL.exe
    [2011/05/21 08:02:00 | 000,210,582 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/05/21 08:02:00 | 000,210,582 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/05/21 07:10:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/20 20:11:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/20 19:13:13 | 000,085,504 | ---- | M] () -- C:\Users\K\Desktop\Inherit.exe
    [2011/05/20 17:50:43 | 001,007,108 | ---- | M] () -- C:\Users\K\Desktop\rkill.com
    [2011/05/20 16:54:50 | 000,294,400 | ---- | M] () -- C:\Users\K\Desktop\exeHelper.com
    [2011/05/20 16:52:08 | 001,007,108 | ---- | M] () -- C:\Users\K\Desktop\rkill.scr
    [2011/05/20 16:52:02 | 001,007,108 | ---- | M] () -- C:\Users\K\Desktop\rkill.exe
    [2011/05/20 16:51:59 | 001,007,108 | ---- | M] () -- C:\Users\K\Desktop\iExplore.exe
    [2011/05/20 13:10:57 | 000,339,991 | ---- | M] () -- C:\Users\K\Desktop\RSIT.exe
    [2011/05/20 13:10:16 | 001,007,108 | ---- | M] () -- C:\Users\K\Desktop\eXplorer.exe
    [2011/05/06 22:40:15 | 000,001,113 | ---- | M] () -- C:\Users\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/05/06 22:40:15 | 000,001,089 | ---- | M] () -- C:\Users\K\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/06 20:47:25 | 000,246,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/04/23 11:26:12 | 000,044,032 | ---- | M] () -- C:\Users\K\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2011/05/20 19:13:13 | 000,085,504 | ---- | C] () -- C:\Users\K\Desktop\Inherit.exe
    [2011/05/20 16:51:15 | 001,007,108 | ---- | C] () -- C:\Users\K\Desktop\iExplore.exe
    [2011/05/20 16:50:36 | 001,007,108 | ---- | C] () -- C:\Users\K\Desktop\rkill.scr
    [2011/05/20 16:50:17 | 001,007,108 | ---- | C] () -- C:\Users\K\Desktop\rkill.com
    [2011/05/20 16:49:52 | 001,007,108 | ---- | C] () -- C:\Users\K\Desktop\rkill.exe
    [2011/05/20 16:44:48 | 000,294,400 | ---- | C] () -- C:\Users\K\Desktop\exeHelper.com
    [2011/05/20 13:10:56 | 000,339,991 | ---- | C] () -- C:\Users\K\Desktop\RSIT.exe
    [2011/05/20 13:10:16 | 001,007,108 | ---- | C] () -- C:\Users\K\Desktop\eXplorer.exe
    [2010/06/18 14:48:30 | 000,000,120 | ---- | C] () -- C:\Users\K\AppData\Local\Ebojohekafomoh.dat
    [2010/06/18 14:48:30 | 000,000,000 | ---- | C] () -- C:\Users\K\AppData\Local\Jvedobuvog.bin
    [2010/06/18 14:48:04 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\ahrkcwhj.sys
    [2010/02/06 14:59:34 | 000,118,784 | ---- | C] () -- C:\Windows\System32\PTTreeIcons.dll
    [2009/12/21 20:57:43 | 000,087,608 | ---- | C] () -- C:\Users\K\AppData\Roaming\inst.exe
    [2009/12/21 20:57:43 | 000,007,887 | ---- | C] () -- C:\Users\K\AppData\Roaming\pcouffin.cat
    [2009/12/21 20:57:43 | 000,001,144 | ---- | C] () -- C:\Users\K\AppData\Roaming\pcouffin.inf
    [2009/11/22 14:30:35 | 000,000,000 | ---- | C] () -- C:\Windows\win32k.sys
    [2009/09/17 10:48:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/17 10:48:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/17 10:48:16 | 000,217,088 | ---- | C] () -- C:\Windows\System32\WerFault.exe
    [2008/12/21 04:01:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/11/12 22:28:35 | 000,210,582 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008/11/12 22:28:35 | 000,210,582 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2008/07/10 20:22:55 | 000,000,089 | ---- | C] () -- C:\Users\K\AppData\Local\fusioncache.dat
    [2008/06/29 15:59:43 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat
    [2008/06/29 15:55:03 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
    [2008/06/28 21:03:28 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
    [2008/06/28 21:03:28 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
    [2008/06/28 21:03:28 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
    [2008/06/28 21:03:28 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
    [2008/06/28 21:03:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
    [2008/06/28 21:03:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
    [2008/05/22 18:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/03/31 19:57:18 | 000,000,680 | ---- | C] () -- C:\Users\K\AppData\Local\d3d9caps.dat
    [2007/04/29 13:49:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
    [2007/04/29 13:49:11 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
    [2007/04/29 12:09:33 | 000,000,024 | ---- | C] () -- C:\Windows\actval.ini
    [2007/04/28 23:24:48 | 000,024,206 | ---- | C] () -- C:\Users\K\AppData\Roaming\UserTile.png
    [2007/04/28 19:28:50 | 000,044,032 | ---- | C] () -- C:\Users\K\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/04/28 17:41:14 | 000,024,803 | ---- | C] () -- C:\Users\K\AppData\Roaming\nvModes.001
    [2007/04/28 17:41:09 | 000,024,803 | ---- | C] () -- C:\Users\K\AppData\Roaming\nvModes.dat
    [2007/04/28 16:43:55 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
    [2007/04/28 16:43:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
    [2007/04/28 16:43:14 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
    [2007/04/28 16:42:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
    [2007/04/28 16:35:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2007/04/28 16:33:18 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.DAT
    [2007/01/09 00:24:45 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
    [2006/12/02 13:32:44 | 000,001,024 | ---- | C] () -- C:\Windows\System32\NTIBUN4.dll
    [2006/12/02 02:25:56 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
    [2006/12/02 02:22:32 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe
    [2006/12/02 02:22:31 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
    [2006/12/02 02:15:46 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
    [2006/12/02 02:09:05 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
    [2006/12/02 00:35:28 | 000,000,103 | ---- | C] () -- C:\Windows\Alaunch.ini
    [2006/12/02 00:35:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2006/12/02 00:34:19 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2006/11/16 13:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
    [2006/11/16 13:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
    [2006/11/16 13:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
    [2006/11/16 13:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
    [2006/11/16 13:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
    [2006/11/16 13:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
    [2006/11/16 13:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
    [2006/11/16 13:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
    [2006/11/13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
    [2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 000,246,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,617,524 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,112,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:24:01 | 025,966,024 | ---- | C] () -- C:\Windows\System32\mrt.exe
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
    [2001/10/12 11:58:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\mr310exd.dll
    [2001/10/12 11:57:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\mr310exv.dll
    [2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
    [2000/12/07 11:13:58 | 000,015,164 | ---- | C] () -- C:\Windows\Mr310twv.ini

    ========== LOP Check ==========

    [2011/01/27 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\.minecraft
    [2010/04/09 21:13:53 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\acccore
    [2007/12/06 14:42:44 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Azureus
    [2008/03/24 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\eMule
    [2009/04/04 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Image Zone Express
    [2007/04/28 16:48:31 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Leadertech
    [2009/03/04 20:52:31 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\LimeWire
    [2011/01/22 19:28:54 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\mjusbsp
    [2009/09/17 10:12:40 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\OpenOffice.org
    [2007/04/28 23:24:48 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\PeerNetworking
    [2008/06/30 10:09:35 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Printer Info Cache
    [2008/07/10 19:47:19 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\SmartDraw
    [2009/05/04 23:54:12 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Sony
    [2009/12/21 20:00:38 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\TomTom
    [2009/05/10 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Turbine
    [2009/12/21 20:57:43 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Vso
    [2011/05/21 08:10:55 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules