Sign in to follow this  
Followers 0
Andrew12

FBI moneypak virus Windows XP

19 posts in this topic

I got the FBI moneypak virus, it still comes up using safe mode. it comes up as soon as it starts not giving me time to do anything. Im running Windows XP.

Thanks for you help!

Share this post


Link to post
Share on other sites

Welcome to the forum.

Do you have the ability to burn a cd on another computer??

MrC

Share this post


Link to post
Share on other sites

Yes I do I have two of these laptops the other is fine and can burn.

Share this post


Link to post
Share on other sites

OTL logfile created on: 11/9/2012 11:10:32 AM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.44 Gb Total Space | 52.45 Gb Free Space | 70.45% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)

SRV - [2012/12/17 05:55:03 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/11 05:55:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/11/24 12:49:14 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/11/08 21:33:31 | 000,259,072 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll -- (winmgmt)

SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2012/09/05 10:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)

SRV - [2011/07/26 14:41:48 | 000,212,328 | ---- | M] (Rockwell Automation, Inc.) [Auto] -- C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe -- (Rockwell Tag Server)

SRV - [2011/07/26 14:40:52 | 000,106,344 | ---- | M] (Rockwell Automation, Inc.) [Auto] -- C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe -- (Rockwell HMI Diagnostics)

SRV - [2011/05/27 17:50:02 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) [Auto] -- C:\Program Files\Common Files\Rockwell\RsvcHost.exe -- (RsvcHost)

SRV - [2011/05/27 17:44:04 | 000,922,984 | ---- | M] (Rockwell Automation, Inc.) [Auto] -- C:\Program Files\Common Files\Rockwell\RnaDirServer.exe -- (RNADirectory)

SRV - [2011/05/27 17:43:36 | 001,049,448 | ---- | M] (Rockwell Automation, Inc.) [On_Demand] -- C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe -- (RNADirMultiplexor)

SRV - [2011/05/27 17:43:18 | 000,245,096 | ---- | M] (Rockwell Automation, Inc.) [On_Demand] -- C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe -- (RNADiagReceiver)

SRV - [2011/05/27 17:42:58 | 000,030,056 | ---- | M] (Rockwell Automation Inc.) [Auto] -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe -- (RNADiagnosticsService)

SRV - [2011/05/27 17:39:32 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) [Auto] -- C:\Program Files\Common Files\Rockwell\RdcyHost.exe -- (RdcyHost)

SRV - [2011/05/27 17:37:06 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) [Auto] -- C:\Program Files\Common Files\Rockwell\NmspHost.exe -- (NmspHost)

SRV - [2011/05/27 17:27:22 | 000,250,216 | ---- | M] (Rockwell Automation, Inc.) [On_Demand] -- C:\Program Files\Common Files\Rockwell\EventServer.exe -- (EventServer)

SRV - [2011/05/27 17:27:02 | 000,334,696 | ---- | M] (Rockwell Automation, Inc.) [On_Demand] -- C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe -- (EventClientMultiplexer)

SRV - [2011/05/05 15:03:50 | 000,202,088 | ---- | M] (Rockwell Automation, Inc.) [On_Demand] -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony)

SRV - [2011/01/08 17:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)

SRV - [2010/11/03 16:57:40 | 000,246,120 | ---- | M] (Rockwell Automation, Inc.) [Auto] -- C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe -- (RSLinxNG)

SRV - [2010/11/03 16:57:34 | 000,080,232 | ---- | M] (Rockwell Automation, Inc.) [On_Demand] -- C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe -- (LogReceiver)

SRV - [2010/10/26 00:50:32 | 000,104,960 | ---- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe -- (1784-PCIDS DeviceNet)

SRV - [2010/10/26 00:47:40 | 000,085,504 | ---- | M] () [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe -- (SimModuleService)

SRV - [2010/09/24 18:19:10 | 001,996,408 | ---- | M] (Rockwell Automation, Inc.) [Auto] -- C:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE -- (RSLinx)

SRV - [2010/08/26 10:09:38 | 000,387,432 | ---- | M] (Rockwell Automation, Inc.) [Auto] -- C:\Program Files\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe -- (FactoryTalk Gateway)

SRV - [2010/08/11 20:07:08 | 000,116,072 | ---- | M] (Rockwell Automation, Inc.) [Auto] -- C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe -- (FTActivationBoost)

SRV - [2010/05/17 23:07:14 | 001,122,568 | R--- | M] (Acresso Software Inc.) [Auto] -- C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe -- (FactoryTalk Activation Service)

SRV - [2008/06/04 14:04:32 | 000,099,728 | ---- | M] (Rockwell Automation, Inc.) [On_Demand] -- C:\Program Files\Rockwell Software\RSLinx\dnwhodisp.exe -- (dnWhoDisp)

SRV - [2007/04/06 04:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)

SRV - [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2007/02/19 14:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)

SRV - [2005/11/25 10:11:02 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot9)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot8)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot7)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot6)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot5)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot4)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot3)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot2)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot16)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot15)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot14)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot13)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot12)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot11)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot10)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot1)

SRV - [2005/07/08 08:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot0)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- -- (pcidnt)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2010/10/26 00:45:14 | 000,063,512 | ---- | M] (Rockwell Automation) [Kernel | System] -- C:\WINDOWS\system32\drivers\VirtualBackplane.sys -- (VirtualBackplane)

DRV - [2010/09/24 16:38:42 | 000,155,440 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\RSSERIAL.SYS -- (RSSERIAL)

DRV - [2010/09/24 16:38:42 | 000,039,067 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\RSIKT.SYS -- (RsiKtControl)

DRV - [2010/08/10 15:26:58 | 000,064,840 | ---- | M] (Rockwell Software, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PcmkWdm.sys -- (PcmkWdm)

DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)

DRV - [2007/02/25 06:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®

DRV - [2007/02/21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007/02/19 14:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)

DRV - [2002/11/13 13:38:40 | 000,016,447 | ---- | M] (Rockwell Automation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS -- (RSI-PKTX-A)

DRV - [2002/04/23 18:02:26 | 000,038,999 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\RSIKTNG.SYS -- (RSLINXNGKtControl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\tkitchen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\tkitchen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\tkitchen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA FC 27 D0 B3 DE CD 01 [binary data]

IE - HKU\tkitchen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/11 05:55:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/02 19:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tkitchen\Application Data\Mozilla\Extensions

[2012/11/24 12:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tkitchen\Application Data\Mozilla\Firefox\Profiles\1omirmy1.default\extensions

[2012/11/02 19:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

() (No name found) -- C:\DOCUMENTS AND SETTINGS\TKITCHEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1OMIRMY1.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI

[2012/12/11 05:55:25 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [usbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe (Rockwell Automation, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Documents and Settings\tkitchen\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\rkadmin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\tkitchen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306934861531 (MUWebControl Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/05/31 15:56:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: winmgmt - C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll (Корпорация Майкрософт)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/21 18:07:58 | 000,000,000 | R-SD | C] -- C:\assembly

[2012/12/14 17:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\Application Data\Skype

[2012/12/14 17:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2012/12/14 17:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012/12/14 17:27:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2012/12/14 17:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

[2012/12/14 17:23:54 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys

[2012/12/14 17:23:41 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys

[2012/12/14 17:23:36 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys

[2012/12/14 17:23:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax

[2012/12/14 17:23:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax

[2012/12/14 17:23:30 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys

[2012/12/14 17:23:23 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys

[2012/12/14 17:23:18 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys

[2012/12/14 17:23:13 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys

[2012/12/14 17:22:49 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

[2012/12/14 17:22:34 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax

[2012/12/14 17:22:34 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax

[2012/12/14 17:22:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll

[2012/12/14 17:22:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll

[2012/12/14 17:22:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax

[2012/12/14 17:22:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax

[2012/12/14 17:22:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax

[2012/12/14 17:22:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax

[2012/12/14 17:22:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax

[2012/12/14 17:22:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax

[2012/12/14 17:22:23 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys

[2012/12/10 20:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\Application Data\Apple Computer

[2012/12/10 20:35:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2012/11/28 21:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2012/11/28 20:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/11/28 20:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2012/11/28 20:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/11/28 20:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\Local Settings\Application Data\Apple

[2012/11/28 20:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2012/11/28 20:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2012/11/28 20:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\Local Settings\Application Data\Apple Computer

[2012/11/24 14:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\Local Settings\Application Data\Sun

[2012/11/24 12:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2012/11/24 12:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/11/24 12:50:20 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2012/11/24 12:50:20 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/11/24 12:50:19 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll

[2012/11/24 12:50:19 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/11/24 12:49:44 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/11/24 12:49:44 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2012/11/24 12:49:43 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/11/24 12:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/11/24 12:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\Application Data\Sun

[2012/11/24 11:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012/11/21 11:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2012/11/08 21:33:28 | 000,259,072 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll

[2012/11/08 20:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\Application Data\Google

[2012/11/08 20:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012/11/08 20:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\Local Settings\Application Data\Google

[2012/11/03 23:14:23 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/11/03 18:17:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache

[2012/11/03 12:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus

[2012/11/03 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan

[2012/11/03 09:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2012/11/03 09:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2012/11/03 09:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\My Documents\Downloads

[2012/11/03 09:38:44 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll

[2012/11/02 19:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\Local Settings\Application Data\Mozilla

[2012/11/02 19:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tkitchen\Application Data\Mozilla

[2012/11/02 19:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012/11/02 19:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

[2012/11/02 19:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/11/01 21:02:42 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll

[2012/10/25 04:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2012/10/25 04:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/03 20:06:35 | 000,009,298 | ---- | M] () -- C:\Document.rtf

[2013/01/02 23:39:29 | 000,507,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/02 23:39:28 | 000,096,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/12/21 18:07:34 | 000,287,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/12/19 16:04:53 | 000,296,405 | -H-- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates.ACD.Recovery

[2012/12/19 15:24:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates.Wrk

[2012/12/19 15:24:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates.Sem

[2012/12/19 14:34:36 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\NewSta.RSS

[2012/12/19 14:28:48 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\NEWSTA_BAK050.RSS

[2012/12/19 14:08:48 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\NEWSTA_BAK049.RSS

[2012/12/19 12:48:48 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\NEWSTA_BAK048.RSS

[2012/12/18 22:44:38 | 000,019,609 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\YSL.JPG

[2012/12/18 22:44:18 | 000,401,390 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\YSL.bmp

[2012/12/18 18:02:52 | 000,044,698 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\ferragamo.jpg

[2012/12/17 16:57:12 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/12/17 05:55:02 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/12/17 05:55:01 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/12/16 10:38:01 | 000,069,058 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\fitcolor.jpg

[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll

[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll

[2012/12/14 17:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2012/12/14 17:22:44 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

[2012/12/14 09:01:04 | 000,338,657 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchDawn.ACD

[2012/12/14 08:55:49 | 000,338,613 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchDawn_BAK001.acd

[2012/12/13 19:24:20 | 000,338,497 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchDawn_BAK000.acd

[2012/12/13 19:10:34 | 000,338,431 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates_BAK014.acd

[2012/12/13 19:10:34 | 000,338,431 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates.ACD

[2012/12/13 19:09:10 | 000,338,379 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates_BAK013.acd

[2012/12/13 19:01:58 | 000,337,975 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates_BAK012.acd

[2012/12/13 16:34:43 | 000,293,063 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearch.ACD

[2012/12/13 09:13:16 | 000,154,668 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\Miketest.ACD

[2012/12/12 17:11:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/12/12 13:32:13 | 000,153,071 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\Miketest_BAK002.acd

[2012/12/12 13:23:27 | 000,128,975 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\Miketest_BAK001.acd

[2012/12/12 13:21:58 | 000,128,033 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\Miketest_BAK000.acd

[2012/12/12 09:52:58 | 000,143,500 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\Fatboy.ACD

[2012/12/12 09:52:36 | 000,121,423 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\Fatboy_BAK000.acd

[2012/12/10 07:14:33 | 003,825,644 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\G35FKFyo.gif

[2012/12/10 07:06:17 | 002,770,719 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\0TXgMBPZ.gif

[2012/11/28 23:04:20 | 000,005,763 | ---- | M] () -- C:\Words of the day.rtf

[2012/11/28 21:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2012/11/28 20:56:27 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

[2012/11/24 14:45:48 | 001,937,466 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\WGR614v9-V1.1.2.30NA.chk

[2012/11/24 14:41:20 | 001,937,466 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\WGR614v9-V1.1.2.30NA(1).chk

[2012/11/24 12:49:18 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2012/11/24 12:49:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/11/24 12:49:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/11/24 12:49:10 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/11/24 12:49:10 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/11/24 12:49:08 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll

[2012/11/24 12:49:08 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2012/11/24 11:53:01 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup

[2012/11/12 20:25:12 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys

[2012/11/12 20:25:12 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

[2012/11/12 14:57:03 | 006,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2012/11/09 11:33:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/11/09 11:32:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/11/09 11:15:01 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad

[2012/11/09 10:43:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/11/09 10:43:33 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Signature Update.job

[2012/11/09 10:43:32 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Quick Scan.job

[2012/11/09 10:43:29 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/11/09 10:43:21 | 000,055,886 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2012/11/08 21:40:50 | 000,003,036 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

[2012/11/08 21:40:50 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\tkitchen\Start Menu\Programs\Startup\runctf.lnk

[2012/11/08 21:33:31 | 000,259,072 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll

[2012/11/08 20:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/11/07 23:14:41 | 000,055,886 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2012/11/03 12:45:57 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2012/11/03 12:45:57 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012/11/03 12:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus

[2012/11/03 09:50:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

[2012/11/03 09:50:00 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

[2012/11/02 19:47:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\tkitchen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/11/02 19:47:56 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2012/11/02 19:47:56 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/11/02 17:56:56 | 149,155,880 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\thisl_beautifulmonster.zip

[2012/11/01 21:02:42 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnet.dll

[2012/11/01 21:02:42 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll

[2012/11/01 07:17:54 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2012/11/01 07:17:54 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2012/11/01 07:17:54 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl

[2012/11/01 07:17:54 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl

[2012/11/01 07:17:54 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll

[2012/11/01 07:17:54 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

[2012/11/01 07:17:54 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll

[2012/11/01 07:17:54 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2012/11/01 07:17:54 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll

[2012/11/01 07:17:54 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll

[2012/11/01 07:17:54 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll

[2012/11/01 07:17:54 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll

[2012/11/01 07:17:54 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll

[2012/11/01 07:17:54 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll

[2012/11/01 07:17:54 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll

[2012/11/01 07:17:54 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll

[2012/11/01 07:17:54 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2012/11/01 07:17:54 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll

[2012/11/01 07:17:54 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll

[2012/11/01 07:17:54 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll

[2012/11/01 07:17:54 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll

[2012/11/01 07:17:53 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2012/11/01 07:17:53 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll

[2012/11/01 07:17:53 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll

[2012/11/01 07:17:53 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll

[2012/11/01 07:17:53 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll

[2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe

[2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe

[2012/10/31 19:35:34 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec

[2012/10/25 04:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2012/10/25 04:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[2012/10/12 16:42:33 | 000,131,072 | ---- | M] () -- C:\TOMTRO.RSS

[2012/10/12 16:42:27 | 000,095,232 | ---- | M] () -- C:\TOMTRO_BAK049.RSS

[2012/10/12 16:40:27 | 000,131,072 | ---- | M] () -- C:\TOMTRO_BAK048.RSS

[2012/10/12 14:34:13 | 000,131,072 | ---- | M] () -- C:\TOMTRO_BAK047.RSS

[2012/10/12 11:22:14 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\SAM.RSS

[2012/10/12 10:27:22 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\SAM_BAK154.RSS

[2012/10/12 10:23:05 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\SAM_BAK153.RSS

[2012/10/12 10:21:07 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\tkitchen\My Documents\SAM_BAK152.RSS

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/03 20:06:34 | 000,009,298 | ---- | C] () -- C:\Document.rtf

[2012/12/19 16:04:53 | 000,296,405 | -H-- | C] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates.ACD.Recovery

[2012/12/19 15:25:19 | 000,338,431 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates_BAK014.acd

[2012/12/19 15:24:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates.Wrk

[2012/12/19 15:24:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates.Sem

[2012/12/19 14:34:35 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\NEWSTA_BAK050.RSS

[2012/12/19 14:09:26 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\NEWSTA_BAK049.RSS

[2012/12/19 12:55:06 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\NEWSTA_BAK048.RSS

[2012/12/18 22:44:38 | 000,019,609 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\YSL.JPG

[2012/12/18 22:44:18 | 000,401,390 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\YSL.bmp

[2012/12/18 22:17:17 | 001,937,466 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\WGR614v9-V1.1.2.30NA(1).chk

[2012/12/18 22:14:36 | 003,825,644 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\G35FKFyo.gif

[2012/12/18 22:14:36 | 000,069,058 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\fitcolor.jpg

[2012/12/18 22:14:36 | 000,044,698 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\ferragamo.jpg

[2012/12/18 22:14:24 | 002,770,719 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\0TXgMBPZ.gif

[2012/12/17 14:30:10 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\NewSta.RSS

[2012/12/14 17:28:05 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/12/14 09:01:01 | 000,338,613 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchDawn_BAK001.acd

[2012/12/14 08:55:46 | 000,338,497 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchDawn_BAK000.acd

[2012/12/13 19:24:20 | 000,338,657 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchDawn.ACD

[2012/12/13 19:10:32 | 000,338,379 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates_BAK013.acd

[2012/12/13 19:09:08 | 000,337,975 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearchGates_BAK012.acd

[2012/12/13 16:34:40 | 000,271,108 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\TroSearch_BAK001.acd

[2012/12/13 09:13:14 | 000,153,071 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\Miketest_BAK002.acd

[2012/12/12 13:32:05 | 000,128,975 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\Miketest_BAK001.acd

[2012/12/12 13:23:12 | 000,154,668 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\Miketest.ACD

[2012/12/12 13:22:33 | 000,128,033 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\Miketest_BAK000.acd

[2012/12/12 09:52:49 | 000,121,423 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\Fatboy_BAK000.acd

[2012/12/12 09:52:20 | 000,143,500 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\Fatboy.ACD

[2012/11/30 08:54:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/11/28 20:56:27 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

[2012/11/28 20:21:38 | 000,005,763 | ---- | C] () -- C:\Words of the day.rtf

[2012/11/24 14:45:46 | 001,937,466 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\WGR614v9-V1.1.2.30NA.chk

[2012/11/08 21:40:30 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\tkitchen\Start Menu\Programs\Startup\runctf.lnk

[2012/11/08 21:34:05 | 000,003,036 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

[2012/11/08 21:33:46 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad

[2012/11/03 23:14:26 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/11/03 09:50:53 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2012/11/03 09:50:53 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012/11/03 09:50:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

[2012/11/03 09:50:00 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

[2012/11/02 19:47:56 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\tkitchen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/11/02 19:47:56 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2012/11/02 19:47:56 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/11/02 17:59:57 | 012,050,965 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\14 Hold On feat. Fitzgerald.mp3

[2012/11/02 17:59:53 | 008,999,872 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\13 I'm So Gone feat. Kenny Deshields.mp3

[2012/11/02 17:59:47 | 011,457,455 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\12 Signed Up To Die.mp3

[2012/11/02 17:59:42 | 011,490,907 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\11 It's Not About Me feat. Pettidee.mp3

[2012/11/02 17:59:37 | 009,725,023 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\10 Hey Moma feat. Fitzgerald.mp3

[2012/11/02 17:59:33 | 012,481,456 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\09 Money, Money, Money.mp3

[2012/11/02 17:59:29 | 009,266,303 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\08 My Radio On Drugs.mp3

[2012/11/02 17:59:23 | 011,351,935 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\07 No Walls (Set It Off) feat. Alcam.mp3

[2012/11/02 17:59:17 | 010,758,419 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\06 Hope Road feat. Jai.mp3

[2012/11/02 17:59:13 | 010,917,255 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\05 Beautiful Mind feat. Pastor AD3.mp3

[2012/11/02 17:59:07 | 010,272,552 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\04 Beautiful Monster feat. Swoope.mp3

[2012/11/02 17:59:05 | 011,242,196 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\03 First 48.mp3

[2012/11/02 17:58:58 | 009,827,418 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\02 Let it Knock feat. Pro.mp3

[2012/11/02 17:58:55 | 009,958,023 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\01 Beautiful Music.mp3

[2012/11/02 17:58:49 | 010,449,145 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\15 I Need You feat. Michelle Bonilla.mp3

[2012/11/02 17:36:29 | 149,155,880 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\thisl_beautifulmonster.zip

[2012/10/12 16:42:33 | 000,095,232 | ---- | C] () -- C:\TOMTRO_BAK049.RSS

[2012/10/12 16:42:15 | 000,131,072 | ---- | C] () -- C:\TOMTRO_BAK048.RSS

[2012/10/12 14:40:04 | 000,131,072 | ---- | C] () -- C:\TOMTRO_BAK047.RSS

[2012/10/12 10:40:47 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\SAM_BAK154.RSS

[2012/10/12 10:27:22 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\SAM_BAK153.RSS

[2012/10/12 10:22:57 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\tkitchen\My Documents\SAM_BAK152.RSS

[2012/03/21 12:57:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/03/14 09:47:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2012/01/25 20:19:48 | 000,000,262 | ---- | C] () -- C:\WINDOWS\SlRegEDS.ini

[2012/01/25 17:48:27 | 000,000,261 | ---- | C] () -- C:\WINDOWS\RLEIcons.ini

[2012/01/25 15:41:16 | 000,001,985 | ---- | C] () -- C:\WINDOWS\EDS.ini

[2012/01/25 15:26:20 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\tkitchen\Local Settings\Application Data\fusioncache.dat

[2012/01/25 14:20:00 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Rocksoft.ini

[2011/06/02 08:55:35 | 000,001,166 | RHS- | C] () -- C:\Documents and Settings\rkadmin\ntuser.pol

[2011/06/01 14:38:19 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2011/06/01 14:38:19 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/05/31 16:25:41 | 000,055,886 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2011/05/31 16:22:33 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2011/05/31 16:22:32 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2011/05/31 16:22:32 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2011/05/31 16:22:30 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin

[2011/05/31 16:22:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2011/05/31 16:22:28 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2011/05/31 16:22:27 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2011/05/31 16:22:22 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2011/05/31 16:22:19 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2011/05/31 16:20:25 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

[2011/05/31 16:01:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/05/31 15:50:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/05/31 10:27:14 | 000,004,313 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/05/31 10:25:43 | 000,287,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/09/24 18:21:46 | 000,036,472 | ---- | C] () -- C:\WINDOWS\System32\LINXVDD.DLL

[2010/09/24 16:38:44 | 000,007,449 | ---- | C] () -- C:\WINDOWS\System32\drivers\SDDHP.BIN

[2010/09/24 16:38:44 | 000,006,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\slcnewkt.bin

[2010/09/24 16:38:44 | 000,005,433 | ---- | C] () -- C:\WINDOWS\System32\drivers\SDDH.BIN

[2010/09/24 16:38:42 | 000,001,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST3.BIN

[2010/09/24 16:38:42 | 000,001,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST1.BIN

[2010/09/24 16:38:42 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST2.BIN

[2010/09/24 16:38:40 | 000,015,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMK485.BIN

[2010/09/24 16:38:40 | 000,015,557 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTX485.BIN

[2010/09/24 16:38:40 | 000,009,282 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKPCL.BIN

[2010/09/24 16:38:40 | 000,009,139 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTXPCL.BIN

[2010/09/24 16:38:40 | 000,001,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTXST1.BIN

[2010/09/24 16:38:40 | 000,000,301 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST0.BIN

[2010/09/24 16:38:40 | 000,000,301 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTXST0.BIN

[2010/09/24 16:38:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTC.BIN

[2010/09/24 16:38:38 | 000,007,575 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLPCL.BIN

[2010/09/24 16:38:38 | 000,001,825 | ---- | C] () -- C:\WINDOWS\System32\drivers\KT2ST2.BIN

[2010/09/24 16:38:38 | 000,001,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLST2.BIN

[2010/09/24 16:38:38 | 000,001,801 | ---- | C] () -- C:\WINDOWS\System32\drivers\KT2ST1.BIN

[2010/09/24 16:38:38 | 000,001,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLST1.BIN

[2010/09/24 16:38:38 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLST0.BIN

[2010/09/24 16:38:38 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\drivers\KT2ST0.BIN

[2006/11/09 16:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 05:00:00 | 000,507,452 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 05:00:00 | 000,096,632 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[1997/02/27 06:04:24 | 000,198,680 | ---- | C] () -- C:\WINDOWS\System32\WL40ENT.DLL

[1997/02/27 06:04:10 | 000,023,064 | ---- | C] () -- C:\WINDOWS\System32\WTR40T.DLL

========== LOP Check ==========

[2012/02/06 10:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tkitchen\Application Data\Rockwell Software

[2012/01/25 14:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNP

[2012/03/14 09:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rockwell

[2012/01/25 15:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rockwell Automation

[2012/03/14 09:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WFCU

[2012/11/09 10:43:32 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job

[2012/11/09 10:43:29 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2012/11/09 10:43:33 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Signature Update.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/05/31 15:56:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2011/05/31 15:45:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2011/05/31 15:56:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2013/01/03 20:06:35 | 000,009,298 | ---- | M] () -- C:\Document.rtf

[2011/05/31 15:56:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011/05/31 15:56:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2011/06/01 12:09:51 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/11/09 11:29:04 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2012/10/12 16:42:33 | 000,131,072 | ---- | M] () -- C:\TOMTRO.RSS

[2012/10/12 14:34:13 | 000,131,072 | ---- | M] () -- C:\TOMTRO_BAK047.RSS

[2012/10/12 16:40:27 | 000,131,072 | ---- | M] () -- C:\TOMTRO_BAK048.RSS

[2012/10/12 16:42:27 | 000,095,232 | ---- | M] () -- C:\TOMTRO_BAK049.RSS

[2012/11/28 23:04:20 | 000,005,763 | ---- | M] () -- C:\Words of the day.rtf

< MD5 for: EXPLORER.EXE >

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

Share this post


Link to post
Share on other sites

OK, basically what we want to do is copy the text that's in the code box into the Custom Scans/Fixes box of OTLPE

Here's how to do that:

Copy the text in bold into notepad and save it.

:OTL

SRV - [2012/11/08 21:33:31 | 000,259,072 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll -- (winmgmt)

NetSvcs: winmgmt - C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll (Корпорация Майкрософт)

[2012/11/08 21:33:28 | 000,259,072 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll

[2012/11/09 11:15:01 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad

[2012/11/08 21:40:50 | 000,003,036 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

[2012/11/08 21:33:31 | 000,259,072 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll

[2012/11/08 21:34:05 | 000,003,036 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

[2012/11/08 21:33:46 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here. MrC

Share this post


Link to post
Share on other sites

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt deleted successfully.

C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll moved successfully.

winmgmt removed from NetSvcs value successfully!

File C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll not found.

File C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll not found.

C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad moved successfully.

C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js moved successfully.

File C:\Documents and Settings\tkitchen\wgsdgsdgdsgsd.dll not found.

File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js not found.

File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 11092012_122516

Share this post


Link to post
Share on other sites

Does it boot up normally now?? MrC

Share this post


Link to post
Share on other sites

OK, we have to run some more scans...

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Share this post


Link to post
Share on other sites

Next..................

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Just found out I can't right click LAN Connection. If I right click it nothing comes up, I'm logged in as admin.

Share this post


Link to post
Share on other sites

I'm not sure what you're saying??

What problem are you having?? MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.