-
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\windows\system32\doyisege.dll) - C:\WINDOWS\System32\doyisege.dll File not found
O20 - AppInit_DLLs: (refobaju.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\fofarohi.dll) - C:\WINDOWS\System32\fofarohi.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O22 - SharedTaskScheduler: {84d5b3a9-1826-44a1-b352-c57bd47fbfb4} - gahurihor - C:\WINDOWS\System32\fofarohi.dll File not found
O22 - SharedTaskScheduler: {de416087-ce24-4659-a17c-363d0d6d50f4} - mujuzedij - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/26 00:59:34 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/10/06 14:31:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
========== Files/Folders - Created Within 30 Days ==========
[2010/09/05 02:22:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/09/04 23:15:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/09/04 14:11:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/09/04 04:03:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/04 03:51:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/03 09:00:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/09/03 08:58:46 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/09/03 08:55:45 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/09/03 08:50:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/08/31 14:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/08/31 13:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/08/31 13:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity
[2010/08/31 12:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Gutterball 2
[2010/08/31 12:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/08/31 12:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/08/28 21:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/28 21:43:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/28 21:42:45 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/28 21:42:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/28 21:42:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/28 21:42:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/25 21:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SITER SKAIN
[2010/08/25 21:37:22 | 000,249,856 | ---- | C] (nobukichi) -- C:\WINDOWS\eiunin21.exe
[2010/08/25 21:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\SITER SKAIN
[2010/08/24 09:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\CPWizard
[2008/03/28 20:22:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2006/12/02 15:16:07 | 000,131,072 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
-
========== Files - Modified Within 30 Days ==========
[2010/09/05 02:43:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500UA.job
[2010/09/05 02:36:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/05 02:34:38 | 015,728,640 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/05 02:26:43 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/09/05 02:25:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 02:23:56 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/09/05 02:23:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 02:23:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 02:22:07 | 000,000,098 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/04 21:43:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500Core.job
[2010/09/04 13:50:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\b9d2lrlg.exe
[2010/09/04 05:22:49 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/04 05:04:08 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/04 04:48:32 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/04 04:48:32 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/04 04:48:32 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/04 04:01:16 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/04 00:55:16 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:55:16 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:44:50 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/09/03 13:22:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/31 12:46:05 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/23 20:23:48 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 19:59:24 | 000,008,199 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\radio free playlist.ods
[2010/08/10 19:12:39 | 000,080,228 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie24.jpg
[2010/08/10 19:12:24 | 000,093,268 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie23.jpg
[2010/08/10 19:12:03 | 000,073,784 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie22.jpg
[2010/08/10 19:11:52 | 000,090,950 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie21.jpg
[2010/08/10 19:11:40 | 000,050,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie20.jpg
[2010/08/10 19:11:30 | 000,066,279 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie19.jpg
[2010/08/10 19:11:20 | 000,058,321 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie18.jpg
[2010/08/10 19:10:53 | 000,048,757 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie16.jpg
[2010/08/10 19:10:40 | 000,069,390 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie15.jpg
[2010/08/10 19:10:29 | 000,076,516 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie14.jpg
[2010/08/10 19:10:19 | 000,083,011 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie13.jpg
[2010/08/10 19:10:03 | 000,065,049 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie12.jpg
[2010/08/10 19:09:51 | 000,076,395 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie11.jpg
[2010/08/10 19:09:42 | 000,092,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie10.jpg
[2010/08/10 19:09:31 | 000,068,093 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie9.jpg
[2010/08/10 19:09:18 | 000,077,329 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie8.jpg
[2010/08/10 19:08:57 | 000,082,510 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie7.jpg
[2010/08/10 19:08:31 | 000,061,112 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie6.jpg
[2010/08/10 19:08:21 | 000,072,537 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie5.jpg
[2010/08/10 19:08:11 | 000,080,832 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie4.jpg
[2010/08/10 19:07:52 | 000,060,865 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie3.jpg
[2010/08/10 19:07:34 | 000,074,183 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie2.jpg
[2010/08/10 19:07:20 | 000,084,577 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie1.jpg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/04 13:50:50 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/04 13:50:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\b9d2lrlg.exe
[2010/09/04 04:01:16 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 00:55:16 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:23:02 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/08/31 12:46:05 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/23 19:59:10 | 000,008,199 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\radio free playlist.ods
[2010/08/10 19:12:39 | 000,080,228 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie24.jpg
[2010/08/10 19:12:24 | 000,093,268 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie23.jpg
[2010/08/10 19:12:02 | 000,073,784 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie22.jpg
[2010/08/10 19:11:52 | 000,090,950 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie21.jpg
[2010/08/10 19:11:40 | 000,050,896 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie20.jpg
[2010/08/10 19:11:30 | 000,066,279 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie19.jpg
[2010/08/10 19:11:20 | 000,058,321 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie18.jpg
[2010/08/10 19:10:53 | 000,048,757 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie16.jpg
[2010/08/10 19:10:39 | 000,069,390 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie15.jpg
[2010/08/10 19:10:29 | 000,076,516 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie14.jpg
[2010/08/10 19:10:19 | 000,083,011 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie13.jpg
[2010/08/10 19:10:03 | 000,065,049 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie12.jpg
[2010/08/10 19:09:51 | 000,076,395 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie11.jpg
[2010/08/10 19:09:42 | 000,092,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie10.jpg
[2010/08/10 19:09:31 | 000,068,093 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie9.jpg
[2010/08/10 19:09:18 | 000,077,329 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie8.jpg
[2010/08/10 19:08:57 | 000,082,510 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie7.jpg
[2010/08/10 19:08:30 | 000,061,112 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie6.jpg
[2010/08/10 19:08:21 | 000,072,537 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie5.jpg
[2010/08/10 19:08:10 | 000,080,832 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie4.jpg
[2010/08/10 19:07:51 | 000,060,865 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie3.jpg
[2010/08/10 19:07:34 | 000,074,183 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie2.jpg
[2010/08/10 19:07:19 | 000,084,577 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie1.jpg
[2010/03/27 21:34:40 | 000,014,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\PqdPe6YoKQ5
[2010/03/27 21:34:40 | 000,014,948 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PqdPe6YoKQ5
[2010/01/13 20:29:34 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2009/06/27 20:32:46 | 000,002,953 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder.pref
[2009/06/27 20:32:45 | 000,003,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder_layout.xml
[2009/06/27 20:32:25 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder_sync.pref
[2009/05/22 08:17:52 | 000,001,549 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009/02/26 11:39:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/14 15:20:06 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/12/14 15:20:05 | 000,000,817 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/12/14 15:18:41 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/14 15:18:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/12/14 15:08:51 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/12/14 15:08:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/12/14 14:58:45 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/06/06 12:01:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\w32apiw.dll
[2008/03/28 20:22:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/03/28 20:22:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/03/28 20:22:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/03/27 20:54:48 | 000,225,354 | ---- | C] () -- C:\WINDOWS\System32\EMSTrioFF.DLL
[2008/03/27 20:54:46 | 003,239,936 | ---- | C] () -- C:\WINDOWS\System32\EMSTrioCP.dll
[2008/03/27 20:54:46 | 000,003,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\FltrKbd.SYS
[2008/03/19 11:53:37 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/10 14:47:33 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/15 13:19:23 | 000,008,685 | ---- | C] () -- C:\WINDOWS\boc425.ini
[2008/01/08 09:20:35 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2007/10/17 16:10:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DirSize.dll
[2007/09/29 23:23:43 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\32985ae5-e1a2-444b-a036-f62f31304442.dll
[2007/09/20 18:05:16 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/09/20 18:05:14 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 18:05:14 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/20 18:05:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 18:05:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/10 22:32:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoscan.dll
[2007/05/06 14:37:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/06 14:35:02 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2007/05/06 14:35:00 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2007/05/03 10:55:50 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/12 00:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/04/08 18:05:26 | 000,000,250 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2007/04/08 18:03:17 | 000,000,007 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2007/04/08 17:14:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/03/09 09:01:48 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/03/09 09:01:48 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/02/14 21:39:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/02/01 14:02:57 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/26 14:08:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/18 17:10:35 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/01/11 08:28:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/10 06:07:11 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/01/05 17:03:13 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/12/02 18:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/12/02 15:20:23 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 23:20:56 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys
[2004/07/10 20:35:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/28 12:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/03/09 15:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2006/01/20 08:56:27 | 016,736,075 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/06 20:29:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/06 20:29:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006/01/20 08:56:27 | 016,736,075 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/06 20:29:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/06 20:29:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2005/11/04 21:45:54 | 000,095,616 | ---- | M] (Microsoft Corporation) MD5=C4B52426B79C6F6664B70B8E63B1B837 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/10/06 08:12:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/10/06 08:12:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/10/06 08:12:08 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:743A8968
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:�SummaryInformation
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
-
Here is the extras file in parts
-
OTL Extras logfile created on: 9/5/2010 2:43:11 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 14.43 Gb Free Space | 19.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.09 Gb Total Space | 33.25 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WAYNE
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OverDisk] -- "C:\Program Files\OverDisk\OverDisk.exe" "%1" (Elias Fotinis)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"31697:TCP" = 31697:TCP:*:Enabled:remdesk
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"51013:TCP" = 51013:TCP:*:Enabled:tcp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9100:TCP" = 9100:TCP:*:Enabled:print
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
-
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)
"C:\Program Files\TightVNC\WinVNC.exe" = C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- (TightVNC Group)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Steam\steamapps\common\droplitz\Cascade.exe" = C:\Program Files\Steam\steamapps\common\droplitz\Cascade.exe:*:Enabled:Droplitz -- ()
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" = C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Disabled:Foxit PDF Editor, the first REAL editor for PDF files! -- (Foxit Software Company)
"C:\Documents and Settings\Administrator\Desktop\New Folder\utorrent.exe" = C:\Documents and Settings\Administrator\Desktop\New Folder\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}" = EverNote 2 Plus
"{01BD17DF-FF2B-465F-89EA-507309553A59}_is1" = HyperPin 0.5.0.0
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATIRW2
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}" = SD Formatter
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6A6C087B-17F4-4A90-8542-85F0BFB58B16}" = SigmaTel MTPMSCN Audio Player
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}" = WinPatrol
"{8F04AE70-9C11-11DF-8F84-005056C00008}" = Google Earth Plug-in
"{92B79901-C57D-409F-8D2F-4E5337383569}" = OpenOffice.org 3.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 1.1.0.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B396D04E-FDD9-45D1-9345-F1132E444185}" = NetInfo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}" = Nero 7 Ultra Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Engineer XI.SP1 (Win64/32/CE)
"{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}" = nullDC 1.0.0 Public Beta 1 Setup
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DDBD3156-5939-4E73-95B4-6BA111A37D25}" = WDTV MSG
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel(R) PROSet
"{EF857B8B-127D-4473-8936-2060EE3AD14C}" = Podcast Station 2.1
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnalogX NetStat Live" = AnalogX NetStat Live
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AutoHotkey" = AutoHotkey 1.0.48.05
"BFGC" = Big Fish Games: Game Manager
"BFG-Gutterball 2" = Gutterball 2
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"CPWizard_is1" = CPWizard 2.35
"Defraggler" = Defraggler
"Disk Space Fan_is1" = Disk Space Fan 1.4.2.796
"DWG TrueView 2011" = DWG TrueView 2011
"Dyson_is1" = Dyson v1.20
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"FLAC" = FLAC Installer 1.1.3b (remove only)
"foobar2000" = foobar2000 v1.0
"Foxit PDF Editor" = Foxit PDF Editor
"Future Pinball_is1" = Future Pinball
"Gaim" = Gaim (remove only)
"GetBot" = GetBot
"Glary Undelete_is1" = Glary Undelete 1.3
"Glary Utilities_is1" = Glary Utilities Pro 2.18.0.786
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"Handbrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATI Remote Wonder 2.3
"InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center 9.01
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder
"Jets N Guns GOLD_is1" = Jets N Guns GOLD
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.0 Full
"LastFM_is1" = Last.fm 1.5.4.24567
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mame Compiler 64_is1" = Mame Compiler 64 v1.19
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaInfo" = MediaInfo 0.7.16
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nCleaner" = nCleaner second 2.3.4.0
"NetBalancer_is1" = NetBalancer
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"OpenAL" = OpenAL
"OverDisk" = OverDisk (remove only)
"PeerGuardian_is1" = PeerGuardian 2.0
"PFConfig" = PFConfig 1.0.187
"Picasa 3" = Picasa 3
"Ping Plotter Freeware" = Ping Plotter Freeware
"PowerISO" = PowerISO
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RadarSync" = RadarSync
"RAM Saver Pro" = RAM Saver Pro
"Recuva" = Recuva (remove only)
"RefleX Trial" = RefleX(Trial)
"Steam App 11020" = TrackMania Nations Forever
"Steam App 11900" = Lumines
"Steam App 11920" = Lumines: Advanced Pack
"Steam App 12910" = Audiosurf Demo
"Steam App 16600" = RedLynx Trials 2: Second Edition
"Steam App 23120" = Droplitz
"Steam App 26810" = Braid Demo
"Steam App 27610" = MEVO & the Grooveriders Demo
"Steam App 34920" = Razor2: Hidden Skies
"Steam App 39000" = Moonbase Alpha
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Super Mario All-Stars & World_is1" = Super Mario All-Stars & World
"The Blocklist Manager_is1" = BLM 2.6.5
"The Print Shop 10.0" = The Print Shop
"TightVNC_is1" = TightVNC 1.3.9
"VLC media player" = VLC media player 1.0.1
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Updates Downloader" = Windows Updates Downloader
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinPatrol 2007" = WinPatrol 2007 Restore/Remove First
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wootalyzer" = Wootalyzer!
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
-
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3D Starstrike" = 3D Starstrike
"Flux" = F.lux
"Google Chrome" = Google Chrome
"Sansa Updater" = Sansa Updater
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/4/2010 1:44:02 AM | Computer Name = WAYNE | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/4/2010 2:07:33 AM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.6103.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.
Error - 9/4/2010 3:17:13 AM | Computer Name = WAYNE | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/4/2010 4:48:18 AM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.6103.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.
Error - 9/4/2010 5:00:58 AM | Computer Name = WAYNE | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/4/2010 5:08:39 AM | Computer Name = WAYNE | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/4/2010 6:30:03 AM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6103.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.
Error - 9/4/2010 6:32:00 AM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6103.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.
Error - 9/4/2010 2:20:37 PM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6103.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.
Error - 9/4/2010 2:25:46 PM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6103.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.
[ System Events ]
Error - 9/5/2010 12:38:03 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:38:03 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:38:03 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:38:04 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:38:05 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:38:05 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:40:28 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:40:28 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 1:23:06 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 3:21:48 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
< End of report >
-
Download Delete Domains from here and run it. It will delete all entries from the trusted and restricted zone.
==============
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [On_Demand | Stopped] -- -- (x10nets)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\001725~1.EXE -- (0017251259724200mcinstcleanup) McAfee Application Installer Cleanup (0017251259724200)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hitmanpro3.sys -- (hitmanpro3)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwdx)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe ()
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\windows\system32\doyisege.dll) - C:\WINDOWS\System32\doyisege.dll File not found
O20 - AppInit_DLLs: (refobaju.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\fofarohi.dll) - C:\WINDOWS\System32\fofarohi.dll File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O22 - SharedTaskScheduler: {84d5b3a9-1826-44a1-b352-c57bd47fbfb4} - gahurihor - C:\WINDOWS\System32\fofarohi.dll File not found
O22 - SharedTaskScheduler: {de416087-ce24-4659-a17c-363d0d6d50f4} - mujuzedij - Reg Error: Value error. File not found
[2010/03/27 21:34:40 | 000,014,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\PqdPe6YoKQ5
[2010/03/27 21:34:40 | 000,014,948 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PqdPe6YoKQ5
:Commands
[emptytemp]
[resethosts]
[Reboot]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Post log from this run.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
All processes killed
========== OTL ==========
Service x10nets stopped successfully!
Service x10nets deleted successfully!
Service iPod Service stopped successfully!
Service iPod Service deleted successfully!
Service AVG Security Toolbar Service stopped successfully!
Service AVG Security Toolbar Service deleted successfully!
File C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe not found.
Error: No service named 0017251259724200mcinstcleanup) McAfee Application Installer Cleanup (0017251259724200 was found to stop!
Service\Driver key 0017251259724200mcinstcleanup) McAfee Application Installer Cleanup (0017251259724200 not found.
File C:\WINDOWS\TEMP\001725~1.EXE not found.
Service VMnetAdapter stopped successfully!
Service VMnetAdapter deleted successfully!
File C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys not found.
Service hitmanpro3 stopped successfully!
Service hitmanpro3 deleted successfully!
File C:\WINDOWS\System32\drivers\hitmanpro3.sys not found.
Service Avgfwfd stopped successfully!
Service Avgfwfd deleted successfully!
File C:\WINDOWS\System32\DRIVERS\avgfwdx.sys not found.
Service Avgfwdx stopped successfully!
Service Avgfwdx deleted successfully!
File C:\WINDOWS\System32\DRIVERS\avgfwdx.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\F.lux deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\doyisege.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:refobaju.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fofarohi.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{84d5b3a9-1826-44a1-b352-c57bd47fbfb4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84d5b3a9-1826-44a1-b352-c57bd47fbfb4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{de416087-ce24-4659-a17c-363d0d6d50f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de416087-ce24-4659-a17c-363d0d6d50f4}\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\PqdPe6YoKQ5 moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\PqdPe6YoKQ5 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 874669089 bytes
->Temporary Internet Files folder emptied: 10963863 bytes
->Java cache emptied: 35286767 bytes
->FireFox cache emptied: 38172062 bytes
->Google Chrome cache emptied: 87160495 bytes
->Opera cache emptied: 18194054 bytes
->Flash cache emptied: 3820 bytes
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
User: melissa
->FireFox cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 455736 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2302807559 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 63439570 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 217492 bytes
Total Files Cleaned = 3,273.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.11.0 log created on 09052010_130359
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\S2E46D426.tmp scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\TMP0000000211D8C33330482D0F not found!
Registry entries deleted on Reboot...
-----
Thanks so far
-
When I ran OTL again, I recieved an error message
Exception Processing Message c0000013 Parameteres 75b6bf7fc 4 75b6b7c 75b6b7c
the optioins cancel, try again and continue
so I pressed continue
-
OTL logfile created on: 9/5/2010 1:20:39 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 17.51 Gb Free Space | 23.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.09 Gb Total Space | 33.25 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WAYNE
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/05 08:32:05 | 000,654,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch1.exe
PRC - [2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
PRC - [2010/09/01 07:23:10 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/25 18:04:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/14 21:38:32 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/06/01 12:37:48 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MpSigStub.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2010/02/18 12:13:58 | 000,059,904 | ---- | M] (SeriousBit) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/04/21 12:02:43 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/30 17:45:00 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:43:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 16:46:44 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/04/11 15:13:52 | 001,085,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/03/10 14:44:32 | 001,380,552 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2008/01/31 18:27:04 | 000,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/10/11 20:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/04/09 07:23:11 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/04/03 13:54:38 | 000,271,936 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2004/06/15 23:17:38 | 000,069,705 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2004/01/09 05:54:06 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/10/23 11:15:08 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
========== Modules (SafeList) ==========
MOD - [2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/03 13:54:50 | 000,063,032 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\001725~1.EXE -- (0017251259724200mcinstcleanup) McAfee Application Installer Cleanup (0017251259724200)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/15 11:28:20 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/01/08 10:11:25 | 000,366,704 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- c:\program files\a-squared free\a2service.exe -- (a2free)
SRV - [2007/02/02 01:06:46 | 000,118,784 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/02/02 00:53:18 | 001,323,184 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2002/09/27 12:56:20 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
========== Driver Services (SafeList) ==========
DRV - [2010/09/01 07:23:16 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/07 20:12:07 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/07 20:12:07 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/09 11:49:42 | 000,022,528 | ---- | M] (SeriousBit) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nbdrv.sys -- (Nbdrv)
DRV - [2009/08/03 13:33:46 | 000,040,960 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel)
DRV - [2008/03/27 21:01:40 | 000,009,744 | ---- | M] (EMS Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TLKerII.SYS -- (TrioLinkerII)
DRV - [2008/03/19 11:53:38 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/08 09:20:35 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MS1000.sys -- (MS1000)
DRV - [2007/08/07 14:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/08/01 23:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/07/14 21:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/06/15 22:05:42 | 000,002,554 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\kwflower.log -- (kwflower)
DRV - [2007/06/07 16:48:57 | 000,097,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/05/25 14:55:04 | 000,065,024 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)
DRV - [2007/04/09 07:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/23 16:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 16:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/01/23 16:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/12/12 12:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/03 10:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/01 23:20:56 | 000,023,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ProtoWall.sys -- (ProtoWall)
DRV - [2005/08/15 12:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/08/15 12:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/07/10 20:37:02 | 000,747,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/01/10 02:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/01/07 17:04:00 | 000,339,488 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB20XP.sys -- (PRISM_A02)
DRV - [2003/12/15 12:28:46 | 000,257,872 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II)
DRV - [2003/12/12 02:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/10/16 01:11:22 | 000,019,968 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
-
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {45d8ff86-d909-11db-9705-005056c00008}:1.0.2
FF - prefs.js..extensions.enabledItems: feedly@devhd:3.x
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.721
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823
FF - prefs.js..extensions.enabledItems: [email protected]d:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/27 14:09:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/09/03 09:02:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 13:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 21:42:54 | 000,000,000 | ---D | M]
[2008/12/05 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/09/04 23:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions
[2010/09/02 11:50:49 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/16 13:56:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/14 09:37:59 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2010/02/17 17:35:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/02 11:50:44 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/18 10:08:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/02 11:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/04/14 09:50:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/14 09:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/01/28 15:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/09/02 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\feedly@devhd
[2010/09/02 11:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/04/18 13:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/03/28 07:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/06/14 09:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/09/02 11:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\feedly@devhd\content\app\extension
[2010/01/25 05:32:47 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\amazondotcom.xml
[2007/10/17 12:47:35 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\bitmetvorg.xml
[2009/06/12 09:23:15 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\ebay.xml
[2007/05/01 01:01:34 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.gif
[2007/05/01 01:01:34 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.src
[2007/05/01 01:00:26 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.xml
[2009/04/07 16:06:10 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\youtube-video-search.xml
[2010/09/04 12:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/13 16:05:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/27 20:27:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/28 21:44:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007/03/22 10:45:00 | 000,385,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
O1 HOSTS File: ([2010/09/05 13:05:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PowerStrip] c:\Program Files\PowerStrip\PStrip.exe (EnTech Taiwan)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe (SeriousBit)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartmenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
-
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/26 00:59:34 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/10/06 14:31:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 90 Days ==========
[2010/09/05 13:03:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/05 03:20:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/09/04 23:15:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/09/04 14:11:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/09/04 04:03:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/04 03:51:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/03 08:50:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/08/31 14:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/08/31 13:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/08/31 13:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity
[2010/08/31 12:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Gutterball 2
[2010/08/31 12:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/08/31 12:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/08/28 21:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/25 21:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SITER SKAIN
[2010/08/25 21:37:22 | 000,249,856 | ---- | C] (nobukichi) -- C:\WINDOWS\eiunin21.exe
[2010/08/25 21:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\SITER SKAIN
[2010/08/24 09:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\CPWizard
[2010/07/28 19:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2010/07/28 19:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2010/07/26 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/07/26 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/07/26 19:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
[2010/07/26 19:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2010/07/26 19:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/26 00:59:34 | 000,000,000 | ---D | C] -- C:\Autodesk
[2010/07/13 11:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/07/13 11:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/06/09 21:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/06/09 21:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2010/06/09 21:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\gegl-0.0
[2010/06/09 21:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2008/03/28 20:22:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2006/12/02 15:16:07 | 000,131,072 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/05 13:13:06 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/09/05 13:08:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 13:07:34 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/09/05 13:07:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 13:07:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 13:05:46 | 015,728,640 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/05 13:05:46 | 000,000,098 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/05 13:05:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/05 13:00:11 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2010/09/05 02:43:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500UA.job
[2010/09/05 02:36:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/04 21:43:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500Core.job
[2010/09/04 13:50:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\b9d2lrlg.exe
[2010/09/04 05:22:49 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/04 05:04:08 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/04 04:48:32 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/04 04:48:32 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/04 04:48:32 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/04 04:01:16 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/04 00:55:16 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:55:16 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:44:50 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/09/03 13:22:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/31 12:46:05 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/23 20:23:48 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 19:59:24 | 000,008,199 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\radio free playlist.ods
[2010/08/10 19:12:39 | 000,080,228 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie24.jpg
[2010/08/10 19:12:24 | 000,093,268 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie23.jpg
[2010/08/10 19:12:03 | 000,073,784 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie22.jpg
[2010/08/10 19:11:52 | 000,090,950 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie21.jpg
[2010/08/10 19:11:40 | 000,050,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie20.jpg
[2010/08/10 19:11:30 | 000,066,279 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie19.jpg
[2010/08/10 19:11:20 | 000,058,321 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie18.jpg
[2010/08/10 19:10:53 | 000,048,757 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie16.jpg
[2010/08/10 19:10:40 | 000,069,390 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie15.jpg
[2010/08/10 19:10:29 | 000,076,516 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie14.jpg
[2010/08/10 19:10:19 | 000,083,011 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie13.jpg
[2010/08/10 19:10:03 | 000,065,049 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie12.jpg
[2010/08/10 19:09:51 | 000,076,395 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie11.jpg
[2010/08/10 19:09:42 | 000,092,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie10.jpg
[2010/08/10 19:09:31 | 000,068,093 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie9.jpg
[2010/08/10 19:09:18 | 000,077,329 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie8.jpg
[2010/08/10 19:08:57 | 000,082,510 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie7.jpg
[2010/08/10 19:08:31 | 000,061,112 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie6.jpg
[2010/08/10 19:08:21 | 000,072,537 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie5.jpg
[2010/08/10 19:08:11 | 000,080,832 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie4.jpg
[2010/08/10 19:07:52 | 000,060,865 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie3.jpg
[2010/08/10 19:07:34 | 000,074,183 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie2.jpg
[2010/08/10 19:07:20 | 000,084,577 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie1.jpg
[2010/07/31 13:48:57 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010/07/31 13:48:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/27 21:30:35 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/26 19:56:42 | 000,084,464 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/25 19:56:25 | 003,176,378 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/07 10:16:22 | 000,018,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sci fi reading list.ods
[2010/06/09 21:31:31 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
\32985ae5-e1a2-444b-a036-f62f31304442.dll
[2007/09/20 18:05:16 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/09/20 18:05:14 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 18:05:14 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/20 18:05:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 18:05:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/10 22:32:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoscan.dll
[2007/05/06 14:37:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/06 14:35:02 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2007/05/06 14:35:00 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2007/05/03 10:55:50 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/12 00:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/04/08 18:05:26 | 000,000,250 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2007/04/08 18:03:17 | 000,000,007 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2007/04/08 17:14:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/03/09 09:01:48 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/03/09 09:01:48 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/02/14 21:39:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/02/01 14:02:57 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/26 14:08:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/18 17:10:35 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/01/11 08:28:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/10 06:07:11 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/01/05 17:03:13 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/12/02 18:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/12/02 15:20:23 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 23:20:56 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys
[2004/07/10 20:35:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/28 12:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/03/09 15:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
-
========== Files - Modified Within 90 Days ==========
[2010/09/05 13:13:06 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/09/05 13:08:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 13:07:34 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/09/05 13:07:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 13:07:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 13:05:46 | 015,728,640 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/05 13:05:46 | 000,000,098 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/05 13:05:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/05 13:00:11 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2010/09/05 02:43:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500UA.job
[2010/09/05 02:36:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/04 21:43:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500Core.job
[2010/09/04 13:50:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\b9d2lrlg.exe
[2010/09/04 05:22:49 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/04 05:04:08 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/04 04:48:32 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/04 04:48:32 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/04 04:48:32 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/04 04:01:16 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/04 00:55:16 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:55:16 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:44:50 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/09/03 13:22:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/31 12:46:05 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/23 20:23:48 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 19:59:24 | 000,008,199 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\radio free playlist.ods
[2010/08/10 19:12:39 | 000,080,228 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie24.jpg
[2010/08/10 19:12:24 | 000,093,268 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie23.jpg
[2010/08/10 19:12:03 | 000,073,784 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie22.jpg
[2010/08/10 19:11:52 | 000,090,950 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie21.jpg
[2010/08/10 19:11:40 | 000,050,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie20.jpg
[2010/08/10 19:11:30 | 000,066,279 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie19.jpg
[2010/08/10 19:11:20 | 000,058,321 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie18.jpg
[2010/08/10 19:10:53 | 000,048,757 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie16.jpg
[2010/08/10 19:10:40 | 000,069,390 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie15.jpg
[2010/08/10 19:10:29 | 000,076,516 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie14.jpg
[2010/08/10 19:10:19 | 000,083,011 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie13.jpg
[2010/08/10 19:10:03 | 000,065,049 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie12.jpg
[2010/08/10 19:09:51 | 000,076,395 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie11.jpg
[2010/08/10 19:09:42 | 000,092,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie10.jpg
[2010/08/10 19:09:31 | 000,068,093 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie9.jpg
[2010/08/10 19:09:18 | 000,077,329 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie8.jpg
[2010/08/10 19:08:57 | 000,082,510 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie7.jpg
[2010/08/10 19:08:31 | 000,061,112 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie6.jpg
[2010/08/10 19:08:21 | 000,072,537 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie5.jpg
[2010/08/10 19:08:11 | 000,080,832 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie4.jpg
[2010/08/10 19:07:52 | 000,060,865 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie3.jpg
[2010/08/10 19:07:34 | 000,074,183 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie2.jpg
[2010/08/10 19:07:20 | 000,084,577 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie1.jpg
[2010/07/31 13:48:57 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010/07/31 13:48:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/27 21:30:35 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/26 19:56:42 | 000,084,464 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/25 19:56:25 | 003,176,378 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/07 10:16:22 | 000,018,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sci fi reading list.ods
[2010/06/09 21:31:31 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/05 13:00:04 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2010/09/04 13:50:50 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/04 13:50:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\b9d2lrlg.exe
[2010/09/04 04:01:16 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 00:55:16 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:23:02 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/08/31 12:46:05 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/23 19:59:10 | 000,008,199 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\radio free playlist.ods
[2010/08/10 19:12:39 | 000,080,228 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie24.jpg
[2010/08/10 19:12:24 | 000,093,268 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie23.jpg
[2010/08/10 19:12:02 | 000,073,784 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie22.jpg
[2010/08/10 19:11:52 | 000,090,950 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie21.jpg
[2010/08/10 19:11:40 | 000,050,896 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie20.jpg
[2010/08/10 19:11:30 | 000,066,279 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie19.jpg
[2010/08/10 19:11:20 | 000,058,321 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie18.jpg
[2010/08/10 19:10:53 | 000,048,757 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie16.jpg
[2010/08/10 19:10:39 | 000,069,390 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie15.jpg
[2010/08/10 19:10:29 | 000,076,516 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie14.jpg
[2010/08/10 19:10:19 | 000,083,011 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie13.jpg
[2010/08/10 19:10:03 | 000,065,049 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie12.jpg
[2010/08/10 19:09:51 | 000,076,395 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie11.jpg
[2010/08/10 19:09:42 | 000,092,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie10.jpg
[2010/08/10 19:09:31 | 000,068,093 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie9.jpg
[2010/08/10 19:09:18 | 000,077,329 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie8.jpg
[2010/08/10 19:08:57 | 000,082,510 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie7.jpg
[2010/08/10 19:08:30 | 000,061,112 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie6.jpg
[2010/08/10 19:08:21 | 000,072,537 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie5.jpg
[2010/08/10 19:08:10 | 000,080,832 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie4.jpg
[2010/08/10 19:07:51 | 000,060,865 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie3.jpg
[2010/08/10 19:07:34 | 000,074,183 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie2.jpg
[2010/08/10 19:07:19 | 000,084,577 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie1.jpg
[2010/07/27 21:30:35 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/27 21:30:35 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/26 19:36:38 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/07 10:16:14 | 000,018,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Sci fi reading list.ods
[2010/06/14 21:38:50 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500UA.job
[2010/06/14 21:38:49 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500Core.job
[2010/06/09 21:31:31 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/01/13 20:29:34 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2009/06/27 20:32:46 | 000,002,953 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder.pref
[2009/06/27 20:32:45 | 000,003,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder_layout.xml
[2009/06/27 20:32:25 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder_sync.pref
[2009/05/22 08:17:52 | 000,001,549 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009/02/26 11:39:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/14 15:20:06 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/12/14 15:20:05 | 000,000,817 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/12/14 15:18:41 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/14 15:18:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/12/14 15:08:51 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/12/14 15:08:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/12/14 14:58:45 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/06/06 12:01:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\w32apiw.dll
[2008/03/28 20:22:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/03/28 20:22:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/03/28 20:22:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/03/27 20:54:48 | 000,225,354 | ---- | C] () -- C:\WINDOWS\System32\EMSTrioFF.DLL
[2008/03/27 20:54:46 | 003,239,936 | ---- | C] () -- C:\WINDOWS\System32\EMSTrioCP.dll
[2008/03/27 20:54:46 | 000,003,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\FltrKbd.SYS
[2008/03/19 11:53:37 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/10 14:47:33 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/15 13:19:23 | 000,008,685 | ---- | C] () -- C:\WINDOWS\boc425.ini
[2008/01/08 09:20:35 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2007/10/17 16:10:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DirSize.dll
[2007/09/29 23:23:43 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\32985ae5-e1a2-444b-a036-f62f31304442.dll
[2007/09/20 18:05:16 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/09/20 18:05:14 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 18:05:14 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/20 18:05:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 18:05:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/10 22:32:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoscan.dll
[2007/05/06 14:37:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/06 14:35:02 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2007/05/06 14:35:00 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2007/05/03 10:55:50 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/12 00:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/04/08 18:05:26 | 000,000,250 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2007/04/08 18:03:17 | 000,000,007 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2007/04/08 17:14:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/03/09 09:01:48 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/03/09 09:01:48 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/02/14 21:39:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/02/01 14:02:57 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/26 14:08:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/18 17:10:35 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/01/11 08:28:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/10 06:07:11 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/01/05 17:03:13 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/12/02 18:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/12/02 15:20:23 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 23:20:56 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys
[2004/07/10 20:35:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/28 12:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/03/09 15:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
-
========== LOP Check ==========
[2010/08/24 20:02:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Application Data\.#
[2007/03/20 23:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.gaim
[2009/11/24 20:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Armagetron
[2009/08/25 14:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Atlus
[2010/07/26 19:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2010/03/30 08:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG9
[2010/01/14 20:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2007/03/27 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BPFTP
[2007/01/20 17:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeepBurner
[2010/09/03 12:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DiskSpaceFan
[2008/04/08 14:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDFab
[2008/01/15 14:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/05/13 08:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Folding@home-x86
[2010/01/14 20:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\foobar2000
[2007/01/11 10:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetBot
[2010/01/14 19:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2010/06/09 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/01/13 20:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IndigoRose
[2008/11/19 19:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iPodder
[2009/04/06 21:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\johnsadventures.com
[2007/06/13 22:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kerio
[2007/06/24 09:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2007/03/20 10:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Map Maker
[2009/09/25 19:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Masque
[2009/06/18 16:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2008/06/06 12:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\nCleaner
[2007/09/04 23:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\netz
[2008/11/18 15:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2008/12/05 11:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2009/10/24 08:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-FAX TX
[2009/11/10 10:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PeaZip
[2010/01/13 20:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\runic games
[2010/01/26 10:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Safer Networking
[2009/01/06 08:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SanDisk
[2008/12/14 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2010/03/28 22:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SeriousBit
[2010/08/25 21:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SITER SKAIN
[2008/05/28 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SlySoft
[2007/03/21 23:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDraw
[2007/05/26 12:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2007/01/12 14:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
[2010/08/31 13:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/08/31 15:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/13 20:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2007/04/12 00:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2007/04/21 01:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wireshark
[2010/03/02 13:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wootalyzer
[2007/01/21 23:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\X10 Commander
[2009/02/19 20:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\23-81-61-55-53-55
[2007/02/01 14:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-5p-s6-rr-30-os
[2009/11/24 20:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2010/07/26 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/09/03 09:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/09/03 11:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/01/21 22:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2008/01/15 14:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/09/28 21:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2008/11/09 19:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/12/30 14:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro 3
[2008/08/14 14:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/02/05 22:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/04/20 14:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/09/25 19:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Masque
[2010/08/31 14:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/12/14 23:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/01/07 11:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2008/12/14 14:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/03/10 14:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/08/31 13:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/05 21:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/03/31 20:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valve
[2008/03/28 21:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/05 10:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/03/21 12:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2010/09/05 13:07:34 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:743A8968
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:�SummaryInformation
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
-
