Page 4 of 5 FirstFirst 12345 LastLast
Results 31 to 40 of 45

Thread: Click.GiftLoad

  1. 2011-05-04, 03:52 #31
    TomLL
    TomLL is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default Java cache

    I checked also files listed in Eset report, if you want me to clear them manually I can do it. For now after downloading newest vversion of Java I did not reboot computer because it may screw up your plan.

    Thomas
  2. 2011-05-04, 10:12 #32
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    There is no cache tab on my version but if you want me to clear all temporary files - "Applications and Applets" and "Trace and log files" I can do it other way using Java Control Panel - temporary files/settings.
    This would work

    After you downloaded and installed the latest Java, make sure you go into Add Remove Programs in the Control Panel and uninstall all previous versions.


    Looks like your ok, how are things running now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2011-05-04, 13:37 #33
    TomLL
    TomLL is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default Java

    Good Morning Ken,
    Computer seems much faster now. I removed old versions of Java (5) and only Java 6 is installed but maybe problem is still there. I went to check files in Eset report which are listed as infected by trojan and they are still there. Anything else disappeared. All those files (7 of them) were created at the same time 17 Apr when problems started.

    Thomas
  4. 2011-05-04, 18:06 #34
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    This should flush it all out

    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
killallprocesses

:OTL



:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2011-05-04, 18:19 #35
    TomLL
    TomLL is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default OTL Fix run log

    All processes killed
    ========== PROCESSES ==========
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /release /c >
    Windows IP Configuration
    Ethernet adapter Local Area Connection 2:
    Connection-specific DNS Suffix . :
    IP Address. . . . . . . . . . . . : 0.0.0.0
    Subnet Mask . . . . . . . . . . . : 0.0.0.0
    Default Gateway . . . . . . . . . :
    C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
    < ipconfig /renew /c >
    Windows IP Configuration
    Ethernet adapter Local Area Connection 2:
    Connection-specific DNS Suffix . : Belkin
    IP Address. . . . . . . . . . . . : 192.168.2.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.2.1
    C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 18443 bytes
    ->Flash cache emptied: 38652 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 27664 bytes
    ->Flash cache emptied: 52248 bytes

    User: Owner
    ->Temp folder emptied: 10536085 bytes
    ->Temporary Internet Files folder emptied: 75351167 bytes
    ->Java cache emptied: 3923341 bytes
    ->Google Chrome cache emptied: 47124202 bytes
    ->Flash cache emptied: 1808268 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2162283 bytes
    %systemroot%\System32 .tmp files removed: 2952721 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 754 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 132766 bytes

    Total Files Cleaned = 138.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05042011_120959

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF5194.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF519F.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF86DB.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF86E6.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA70A.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA715.tmp not found!
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WZEN4AI7\aclk[5].htm moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WZEN4AI7\adsCA4IMQ37.htm moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WZEN4AI7\disqus-webfont[1].eot moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M8GQFEKJ\adsCA2GNAVD.htm moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M8GQFEKJ\showthread[5].htm moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3H0POAH9\adsCAEYG5ML.htm moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

    Registry entries deleted on Reboot...
  6. 2011-05-04, 18:24 #36
    TomLL
    TomLL is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default OTL Scan report

    OTL logfile created on: 5/4/2011 12:18:05 PM - Run 3
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 123.01 Gb Free Space | 82.53% Space Free | Partition Type: NTFS
    Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: BELAIRE | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
    PRC - C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Cyberlink, Corp.)
    PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    PRC - C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (RoxLiveShare9) -- File not found
    SRV - (HidServ) -- File not found
    SRV - (AppMgmt) -- File not found
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Driver Services (SafeList) ==========

    DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
    DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
    DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
    DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
    DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
    DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
    DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\Pfmodnt.sys (Creative Technology Ltd.)
    DRV - (mgau) -- C:\WINDOWS\system32\drivers\mgaum.sys (Matrox Graphics Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    O1 HOSTS File: ([2011/05/04 12:10:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKCU..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Cyberlink, Corp.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_25.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/12/31 22:05:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/12/07 14:21:44 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
    O32 - AutoRun File - [2005/10/15 02:42:09 | 000,253,952 | R--- | M] (Firaxis Games) - D:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2005/10/15 02:42:09 | 000,004,118 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/03 21:06:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/05/03 21:06:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/05/03 21:06:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/05/03 20:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JavaRa
    [2011/05/03 18:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    [2011/05/03 18:29:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/05/03 18:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/03 18:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/05/03 18:29:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/05/03 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/03 18:28:55 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
    [2011/05/03 18:22:21 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
    [2011/05/03 17:09:47 | 000,577,536 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/05/02 22:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
    [2011/04/27 13:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/04/27 12:47:59 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/04/27 12:46:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/04/27 12:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\erunt
    [2011/04/27 12:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
    [2011/04/27 12:02:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/04/27 11:35:24 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/04/27 09:45:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/04/27 09:40:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/27 09:40:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/27 09:40:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/27 09:40:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/27 09:39:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/27 09:39:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/27 09:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/04/26 11:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RegistryKeys
    [2011/04/26 11:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
    [2011/04/25 17:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
    [2011/04/23 12:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
    [2011/04/22 20:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/04/22 05:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2011/04/19 08:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2011/04/18 05:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2011/04/16 18:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/04/16 17:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(2)
    [2005/12/31 21:53:55 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/05/04 12:13:46 | 000,012,706 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/04 12:13:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/04 12:13:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/04 12:13:27 | 2682,273,792 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/04 12:10:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/05/04 12:06:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-879983540-839522115-1003UA.job
    [2011/05/04 11:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/04 07:20:10 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D8878BB9-13BE-4C23-8D3A-7ADDEB69FD0B}.job
    [2011/05/03 20:54:35 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
    [2011/05/03 18:29:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/03 18:28:55 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
    [2011/05/03 18:22:21 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
    [2011/05/03 18:06:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
    [2011/05/03 17:09:50 | 000,577,536 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/05/03 16:06:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/05/03 16:06:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-879983540-839522115-1003Core.job
    [2011/05/03 14:31:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
    [2011/05/03 14:29:16 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
    [2011/05/03 12:40:18 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
    [2011/05/03 07:06:47 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
    [2011/05/03 07:06:47 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/05/02 22:00:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/05/02 15:59:58 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
    [2011/05/02 09:49:29 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/29 21:10:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/04/27 16:05:16 | 000,124,980 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.zip
    [2011/04/27 15:03:27 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/04/27 14:54:50 | 000,629,057 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RkU3.8.388.590.rar
    [2011/04/27 12:46:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/04/27 12:43:46 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\erunt.zip
    [2011/04/27 12:07:44 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
    [2011/04/27 11:34:05 | 004,331,622 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/04/27 11:20:17 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
    [2011/04/27 10:53:42 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gwar.exe
    [2011/04/27 09:45:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/04/26 17:37:52 | 000,028,640 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    [2011/04/24 09:21:56 | 000,000,210 | ---- | M] () -- C:\Boot.bak
    [2011/04/23 11:22:22 | 000,016,340 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l
    [2011/04/23 10:30:05 | 000,016,332 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l
    [2011/04/23 03:24:11 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/23 03:07:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/04/23 03:06:52 | 000,501,984 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/23 03:06:52 | 000,096,088 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/21 09:45:17 | 000,011,315 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Belaire tax 2010.u10
    [2011/04/21 09:41:36 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\net10h_Belaire.TAX
    [2011/04/21 09:41:29 | 000,002,048 | ---- | M] () -- C:\WINDOWS\System32\win32xm1.TXI
    [2011/04/18 20:49:41 | 000,012,467 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Barbara tax 2010.u10
    [2011/04/18 20:46:44 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\net10d1_Christopher.TAX
    [2011/04/18 20:19:54 | 000,001,031 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\net10h_Barbara.TAX
    [2011/04/16 17:20:45 | 000,012,706 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
    [2011/04/16 08:56:27 | 004,748,005 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wheels501.pdf
    [2011/04/14 05:08:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/04/14 05:08:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/04/14 05:08:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/04/14 05:07:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/04/14 02:40:22 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

    ========== Files Created - No Company Name ==========

    [2011/05/03 20:54:34 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
    [2011/05/03 18:29:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/03 14:31:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
    [2011/05/03 14:29:16 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
    [2011/04/27 16:05:16 | 000,124,980 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.zip
    [2011/04/27 15:03:26 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/04/27 14:54:47 | 000,629,057 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RkU3.8.388.590.rar
    [2011/04/27 12:43:45 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\erunt.zip
    [2011/04/27 12:26:41 | 2682,273,792 | -HS- | C] () -- C:\hiberfil.sys
    [2011/04/27 12:07:37 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
    [2011/04/27 11:33:53 | 004,331,622 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/04/27 11:20:17 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
    [2011/04/27 10:53:41 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gwar.exe
    [2011/04/27 10:53:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
    [2011/04/27 09:45:07 | 000,000,210 | ---- | C] () -- C:\Boot.bak
    [2011/04/27 09:45:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/04/27 09:40:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/27 09:40:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/27 09:40:06 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/27 09:40:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/27 09:40:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/23 06:54:11 | 000,016,340 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l
    [2011/04/23 06:54:11 | 000,016,332 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l
    [2011/04/21 09:41:36 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\net10h_Belaire.TAX
    [2011/04/18 20:25:59 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\net10d1_Christopher.TAX
    [2011/04/18 20:19:54 | 000,001,031 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\net10h_Barbara.TAX
    [2011/04/16 08:56:14 | 004,748,005 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wheels501.pdf
    [2011/04/07 14:23:45 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\win32xm1.TXI
    [2010/09/07 11:29:49 | 000,475,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/08/24 12:01:33 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2010/08/07 07:39:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/02 20:40:25 | 000,046,716 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/04 15:21:26 | 000,124,335 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
    [2010/05/04 15:21:26 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
    [2010/03/09 19:55:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    [2010/02/19 15:04:29 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
    [2009/07/14 13:27:54 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
    [2009/07/14 13:26:26 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
    [2009/01/26 12:49:29 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2008/10/04 18:24:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
    [2008/08/17 17:45:18 | 000,036,749 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BP4.jpg
    [2008/08/17 17:42:16 | 000,035,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BP2.jpg
    [2008/08/17 17:38:52 | 000,035,398 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BP3.JPG
    [2008/08/17 17:30:54 | 000,033,214 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BP1.jpg
    [2008/08/12 11:43:42 | 000,021,009 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SL4.jpg
    [2008/08/11 19:29:32 | 000,018,209 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SL3.JPG
    [2008/08/11 19:28:54 | 000,017,226 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SL1.jpg
    [2008/08/11 19:27:02 | 000,017,329 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SL2.JPG
    [2008/02/16 08:38:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2007/06/28 12:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007/06/28 12:43:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2007/06/28 12:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007/06/28 12:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2007/06/28 12:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007/06/28 12:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
    [2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007/06/28 12:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2007/06/28 12:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2007/06/27 09:03:58 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/02/25 18:10:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/12/11 05:53:26 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/05/27 00:30:37 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ms_games.ini
    [2006/05/27 00:25:23 | 000,000,070 | ---- | C] () -- C:\WINDOWS\QHI.INI
    [2006/05/26 23:33:28 | 000,000,175 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/05/26 23:33:28 | 000,000,071 | ---- | C] () -- C:\WINDOWS\QFP.INI
    [2006/05/26 23:33:24 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\RDMWIN32.DLL
    [2006/05/26 23:33:23 | 000,006,472 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
    [2006/05/26 23:33:23 | 000,000,252 | ---- | C] () -- C:\WINDOWS\ADDRBOOK.INI
    [2006/05/16 02:25:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2006/01/01 15:45:45 | 000,028,640 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    [2006/01/01 11:34:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/12/31 22:50:02 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2005/12/31 22:30:11 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2005/12/31 22:08:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/12/31 22:02:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/12/31 21:54:22 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2005/12/31 21:54:20 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
    [2005/12/31 21:53:58 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
    [2005/12/31 21:53:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2005/12/31 21:53:57 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
    [2005/12/31 21:53:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
    [2005/12/31 21:53:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2005/12/31 04:58:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/12/31 04:56:55 | 000,228,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 08:00:00 | 000,501,984 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 08:00:00 | 000,096,088 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1998/08/10 14:56:18 | 000,089,360 | ---- | C] () -- C:\WINDOWS\System32\VB5DB.DLL
    [1995/03/21 20:00:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\System\DADS PICS 466.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\ZERoHedge.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Tomasz cover letter..doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\sunlife.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Summary.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\St.Joseph resume.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\SSID.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Sept 14 09 Evans letter to Browne.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Sandwiches.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\resume.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\resume plain text.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\resume plain text.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Resources companies..xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Omega.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\ngshistory(1).xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Mortgage.xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\MAY_2008_027.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Letter to Tax man.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\itunes store password.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\irene refernce.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\IRENE BELAIRE-1pg-2.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\IRENE BELAIRE-1pg.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Ikea pass.xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Housekeeping.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Housekeeping 2.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Housekeeping 1.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\hnu calc.xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Hello.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\general resume(IRENE).doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Full e-mail to St.Joseph.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Food list2.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Food list1.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Food list.xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Food list.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\ETF_List.xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Epass to CRA.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Employment US Jun2010.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Document.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\delivery1.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Delivery.xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\DADS PICS 513.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\DADS PICS 512.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\DADS PICS 466.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\DADS PICS 041.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Custody Agreement.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Cover letter.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Cover letter Irene.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Chris.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Changing price sticker.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Carts.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Buble barons.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\2009 Suspension List.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\001.JPG:Roxio EMC Stream
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

    < End of report >
  7. 2011-05-04, 18:27 #37
    TomLL
    TomLL is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default Java cache

    Now Java cache is clean, no files there

    Thomas
  8. 2011-05-04, 18:36 #38
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good.

    Lets re enable defogger

    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK

    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.



    Everything OK ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  9. 2011-05-04, 18:46 #39
    TomLL
    TomLL is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default Defogger

    No problems here, except that it did not ask me to reboot so I did it on my own. Everything looks ok. I tried DVD drive and it's ok.
  10. 2011-05-04, 19:06 #40
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thats great Tom, thats nice to hear

    Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups





    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules