[RESOLVED] Hijacked browser

Printable View

Show 40 post(s) from this thread on one page

February 9th, 2010, 05:29 PM
704_Skate

Ok, will do. Thanks for letting me know.
February 12th, 2010, 10:47 PM
704_Skate

Broni!! Hope you didn't forget about me!
February 12th, 2010, 10:55 PM
Broni

No...LOL...I was waiting for you to reinstall Intel Matrix Storage Manager.
Last thing, you said was "will do" :)
February 12th, 2010, 11:01 PM
704_Skate

OH!! hehe, my bad. Yes I installed it:P

"All harddrives are ok!".
February 12th, 2010, 11:05 PM
Broni

...and you're still being redirected?
February 12th, 2010, 11:28 PM
704_Skate

Yes! Also I'm getting pop ups now when I visit certain sites. Myspace being a big one!

By the way, I got a few things you need to know. I meant to mention earlier, I do have a Microsoft Visual C++ runtime error problem. Pops up randomly when I browse my folders. It's very random, it could happen today, or maybe a month from now. I've had it for over a year, so I thought I'd let you know in case you're tracing down the wrong file. Sorry for not mentioning it before, I had my focus all on this virus.

Also, before my browsers became hijacked, the virus I had on it previously was AntiVirus Soft aka AntiVirus live, I read that both are the same, just different icon or something. I deleted only the .exe to it, but from all these scans nothing else came up.

Just wanted to let you know that.
February 12th, 2010, 11:35 PM
Broni
OK....one refreshing question, since this thread is pretty long...
Both browsers are getting redirected?
Any particular site(s), they go to?

Please download Sophos Anti-rootkit & save it to your desktop.

IMPORTANT!
- Disconnect from the Internet or physically unplug you Internet cable connection.
- Clean out your temporary files.
- Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
- Temporarily disable your anti-virus and real-time anti-spyware protection.
- After starting the scan, do not use the computer until the scan has completed.
- When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
- Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
- Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
- A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
- Make sure the following are checked:
  - Running processes
  - Windows Registry
  - Local Hard Drives
- Click Start scan.
- Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
- When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
- Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
  - Files tagged as Removable: No are not marked for removal and cannot be removed.
  - Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
  - Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
- Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
- A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
- After reboot, a dialog box displays the files you selected for removal and the action taken.
- Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
- When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
- This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\
February 12th, 2010, 11:41 PM
704_Skate

Actually, all 3 of my browsers, including Safari. And no, just random sites still. Sometimes it'll put me in a popular site, sometimes a random I guess spam site?

And ok, I'll post log after this reply.
February 12th, 2010, 11:43 PM
Broni

OK :)
February 13th, 2010, 01:32 AM
704_Skate

Scan came out clean:( So I'm assuming no log to post.

Hmmm, I hope this problem is fixable!
February 13th, 2010, 01:40 AM
Broni
Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
February 13th, 2010, 01:46 AM
704_Skate

Ok, will do this in the morning.
February 13th, 2010, 01:58 AM
Broni

No problem, I'll have more fresh brain too :)
February 13th, 2010, 11:33 AM
704_Skate

There was no "Extras" log.

OTL logfile created on: 2/13/2010 9:46:17 AM - Run 4
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.54 Gb Total Space | 23.80 Gb Free Space | 22.99% Space Free | Partition Type: NTFS
Drive D: | 8.25 Gb Total Space | 1.50 Gb Free Space | 18.18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASK
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/08 13:23:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/19 10:38:49 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/02 17:07:08 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2008/01/02 17:07:04 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2008/01/02 17:07:02 | 000,133,656 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/01/02 17:06:52 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2007/12/10 18:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac207\Monitor.exe
PRC - [2007/05/16 12:43:04 | 000,677,432 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/04/19 15:35:46 | 000,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/03/01 15:18:36 | 000,472,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/02/10 04:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/01/29 17:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe
PRC - [2007/01/10 18:12:08 | 000,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/07 15:57:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2006/09/08 10:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
PRC - [2006/09/08 09:54:30 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2006/05/02 17:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

========== Modules (SafeList) ==========

MOD - [2010/02/08 13:23:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/19 10:38:49 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/30 15:43:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/07/02 13:15:45 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 15:35:46 | 000,075,304 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/03/14 14:07:30 | 000,062,984 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/17 09:31:12 | 000,074,656 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 11:36:58 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/02/10 04:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 04:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2)
SRV - [2007/02/10 04:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/01/29 17:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:36:24 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2006/11/02 07:36:19 | 000,322,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2006/11/02 07:36:19 | 000,322,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 21:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 17:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/10/14 01:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ARIO&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ARIO&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ARIO&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/09 21:40:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 11:01:17 | 000,000,000 | ---D | M]

[2009/06/15 07:59:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/06/15 07:59:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/02/12 21:45:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bv5h7rsw.SPEED\extensions
[2009/11/08 12:13:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bv5h7rsw.SPEED\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/01 20:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/04 20:05:02 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll

O1 HOSTS File: ([2010/02/11 09:02:07 | 000,000,022 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/02 14:22:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2006/11/02 06:18:47 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
February 13th, 2010, 11:35 AM
704_Skate

========== Files/Folders - Created Within 14 Days ==========

[2010/02/12 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/02/11 14:29:31 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Documents\Bookmarks
[2010/02/11 13:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/11 13:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/11 12:07:02 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\User\Desktop\spybotsd162.exe
[2010/02/11 09:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/02/11 08:59:15 | 000,502,168 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\User\Desktop\SpyHunter-Installer.exe
[2010/02/09 16:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/02/09 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\avz4
[2010/02/09 15:40:00 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\GooredFix Backups
[2010/02/09 15:39:44 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Users\User\Desktop\GooredFix.exe
[2010/02/09 14:19:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2010/02/09 14:18:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/09 14:06:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/02/09 13:44:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/08 20:09:10 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/02/08 20:07:52 | 000,504,832 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTM.exe
[2010/02/08 13:24:05 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/02/08 13:01:27 | 000,472,064 | ---- | C] ( ) -- C:\Users\User\Desktop\RootRepeal.exe
[2010/02/08 12:27:39 | 000,044,567 | ---- | C] (jpshortstuff) -- C:\Users\User\Desktop\Kenco.exe
[2010/02/08 12:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/02/08 08:47:45 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/02/07 18:56:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/07 18:56:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/07 18:56:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/07 18:56:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/07 18:56:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/07 18:55:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/04 22:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/04 12:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/13 09:45:55 | 005,242,880 | -HS- | M] () -- C:\Users\User\NTUSER.DAT
[2010/02/13 09:44:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/13 08:58:13 | 000,738,334 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/13 08:58:13 | 000,147,444 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/13 08:58:12 | 000,884,640 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/13 08:53:24 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/13 08:53:23 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/13 08:53:23 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/13 08:53:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/13 08:53:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/13 08:53:04 | 000,024,576 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2010/02/13 08:53:02 | 2137,022,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/13 00:47:25 | 000,043,008 | ---- | M] () -- C:\Windows\System32\umstartup000.etl
[2010/02/13 00:47:06 | 004,292,402 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010/02/12 22:39:45 | 001,339,288 | ---- | M] () -- C:\Users\User\Desktop\sar_15_sfx.exe
[2010/02/12 21:54:06 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2010/02/12 13:44:27 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/11 21:55:39 | 000,524,288 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2010/02/11 18:26:25 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/02/11 12:12:43 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\User\Desktop\spybotsd162.exe
[2010/02/11 09:02:07 | 000,000,022 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/11 08:59:08 | 000,502,168 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\User\Desktop\SpyHunter-Installer.exe
[2010/02/09 15:53:42 | 005,125,238 | ---- | M] () -- C:\Users\User\Desktop\avz4.zip
[2010/02/09 15:39:41 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Users\User\Desktop\GooredFix.exe
[2010/02/09 14:36:36 | 000,077,312 | ---- | M] () -- C:\Users\User\Desktop\mbr.exe
[2010/02/09 14:08:41 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/09 13:14:34 | 003,852,379 | R--- | M] () -- C:\Users\User\Desktop\ComboFix.exe
[2010/02/08 23:10:18 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/02/08 20:07:46 | 000,504,832 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTM.exe
[2010/02/08 15:13:11 | 000,001,066 | ---- | M] () -- C:\Users\User\Desktop\GMERlog.zip
[2010/02/08 14:27:24 | 000,293,376 | ---- | M] () -- C:\Users\User\Desktop\6xe97uek.exe
[2010/02/08 13:23:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/02/08 13:01:39 | 000,000,000 | ---- | M] () -- C:\Users\User\Desktop\settings.dat
[2010/02/08 13:00:55 | 000,464,491 | ---- | M] () -- C:\Users\User\Desktop\RootRepeal.zip
[2010/02/08 12:27:27 | 000,044,567 | ---- | M] (jpshortstuff) -- C:\Users\User\Desktop\Kenco.exe
[2010/02/08 08:39:51 | 000,724,952 | ---- | M] () -- C:\Users\User\Desktop\avenger.zip
[2010/02/07 12:13:47 | 000,001,874 | ---- | M] () -- C:\Users\User\Desktop\HijackThis.lnk
[2010/02/07 00:17:09 | 000,241,152 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 08:40:46 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Mbam.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/12 22:39:53 | 001,339,288 | ---- | C] () -- C:\Users\User\Desktop\sar_15_sfx.exe
[2010/02/11 21:56:13 | 000,524,288 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2010/02/09 15:53:11 | 005,125,238 | ---- | C] () -- C:\Users\User\Desktop\avz4.zip
[2010/02/08 15:13:11 | 000,001,066 | ---- | C] () -- C:\Users\User\Desktop\GMERlog.zip
[2010/02/08 14:27:26 | 000,293,376 | ---- | C] () -- C:\Users\User\Desktop\6xe97uek.exe
[2010/02/08 13:01:39 | 000,000,000 | ---- | C] () -- C:\Users\User\Desktop\settings.dat
[2010/02/08 13:01:05 | 000,464,491 | ---- | C] () -- C:\Users\User\Desktop\RootRepeal.zip
[2010/02/08 12:15:34 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/02/08 11:52:35 | 000,077,312 | ---- | C] () -- C:\Users\User\Desktop\mbr.exe
[2010/02/08 08:40:50 | 000,731,136 | ---- | C] () -- C:\Users\User\Desktop\avenger.exe
[2010/02/08 08:40:03 | 000,724,952 | ---- | C] () -- C:\Users\User\Desktop\avenger.zip
[2010/02/07 18:56:28 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/07 18:56:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/07 18:56:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/07 18:56:28 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/07 18:56:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/07 18:41:19 | 003,852,379 | R--- | C] () -- C:\Users\User\Desktop\ComboFix.exe
[2010/02/07 12:13:47 | 000,001,874 | ---- | C] () -- C:\Users\User\Desktop\HijackThis.lnk
[2010/02/04 22:24:23 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/04 21:01:07 | 2137,022,464 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/19 13:30:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2010/01/13 11:27:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\Project Templates
[2009/08/01 11:25:48 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009/08/01 11:25:48 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2009/08/01 11:25:48 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009/08/01 11:25:48 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2009/04/07 19:43:36 | 000,000,268 | RH-- | C] () -- C:\ProgramData\vhosts
[2009/04/07 19:43:36 | 000,000,268 | RH-- | C] () -- C:\Users\User\AppData\Roaming\laserjet
[2009/04/07 19:43:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2009/04/07 19:43:34 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\libiconv
[2009/04/07 18:57:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2009/03/12 18:36:34 | 000,782,336 | ---- | C] () -- C:\Windows\System32\IlmImf.dll
[2009/03/12 18:36:34 | 000,353,280 | ---- | C] () -- C:\Windows\System32\pmtf2.dll
[2009/03/12 18:36:34 | 000,205,824 | ---- | C] () -- C:\Windows\System32\pmtf1.dll
[2009/03/12 18:36:34 | 000,204,288 | ---- | C] () -- C:\Windows\System32\pmtf3.dll
[2009/03/12 18:36:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pmexr.dll
[2009/03/12 18:36:34 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmbm.dll
[2009/03/12 18:36:33 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Photomatix_jpg.dll
[2009/03/12 18:36:33 | 000,266,240 | ---- | C] () -- C:\Windows\System32\Photomatix25Lib.dll
[2009/03/12 18:36:33 | 000,249,856 | ---- | C] () -- C:\Windows\System32\Photomatix25Lib2.dll
[2009/03/12 18:36:33 | 000,167,936 | ---- | C] () -- C:\Windows\System32\Photomatix25Lib3.dll
[2009/02/28 13:49:19 | 000,000,216 | ---- | C] () -- C:\Windows\ViewNX.INI
[2009/02/28 13:42:57 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/02/28 13:42:57 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\Rock Kit
[2009/02/28 13:40:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sample Delay
[2009/02/28 13:40:47 | 000,000,268 | RH-- | C] () -- C:\Users\User\AppData\Roaming\Robot
[2009/02/28 13:40:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/02/28 13:40:47 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Screen Savers
[2009/02/13 22:38:39 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/02/13 22:35:25 | 000,000,044 | ---- | C] () -- C:\Windows\EPSNX400.ini
[2008/11/16 19:04:55 | 000,049,959 | ---- | C] () -- C:\Windows\php.ini
[2008/08/10 09:26:44 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2008/01/13 12:41:37 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 16:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/29 21:47:52 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007/12/03 20:02:27 | 000,002,106 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2007/12/03 16:11:30 | 000,241,152 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/02 20:03:39 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\QSwitch.txt
[2007/12/02 20:03:39 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\DSwitch.txt
[2007/12/02 20:03:39 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\AtStart.txt
[2007/10/25 22:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2007/08/23 19:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/07/02 14:08:26 | 000,001,321 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/05/31 06:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/05/31 05:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/03/21 19:58:56 | 000,304,920 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/02/28 13:33:00 | 000,343,040 | R--- | C] () -- C:\Windows\System32\lffpx7.dll
[2005/02/28 13:33:00 | 000,116,736 | R--- | C] () -- C:\Windows\System32\lfkodak.dll
[2004/03/26 08:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004/01/08 09:30:22 | 000,011,170 | ---- | C] () -- C:\Windows\System32\PA207USD.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008/12/19 08:57:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BonkEnc
[2008/10/20 12:39:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\cmw
[2009/10/01 10:59:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/01/01 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\COWON
[2008/11/30 13:30:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools
[2009/03/09 08:16:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ExpressDigital
[2009/07/09 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2009/04/10 09:47:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
[2009/02/13 22:43:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2009/09/04 07:57:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MSNInstaller
[2009/04/07 19:43:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nikon
[2009/07/09 17:02:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Participatory Culture Foundation
[2009/07/09 17:04:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PCF-VLC
[2008/10/28 20:25:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Publish Providers
[2010/01/11 21:20:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Red Kawa
[2008/02/16 11:43:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RTPlayer
[2007/12/03 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2010/02/05 15:18:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2010/02/13 00:47:14 | 000,032,642 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

Show 40 post(s) from this thread on one page