OTL logfile created on: 10/09/2011 11:22:34 a.m. - Run 2 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\ALPIMAS\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 0000080A | Country: Mexico | Language: ESM | Date Format: dd/MM/yyyy 3.96 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 44.54% Memory free 8.09 Gb Paging File | 5.73 Gb Available in Paging File | 70.79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288.01 Gb Total Space | 240.93 Gb Free Space | 83.65% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 2.97 Gb Free Space | 29.72% Space Free | Partition Type: NTFS Drive E: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ALPIMAS-PC | User Name: ALPIMAS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/09/03 22:48:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe PRC - [2010/11/09 15:33:50 | 002,064,384 | ---- | M] () -- C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe PRC - [2010/08/12 19:44:36 | 019,084,472 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe PRC - [2010/01/16 13:02:38 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\mcuicnt.exe PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/11/25 12:46:50 | 000,056,544 | ---- | M] (AG Interactive) -- C:\Program Files (x86)\Kiwee Toolbar\3.2\kwtbaim.exe PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008/09/05 19:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe PRC - [2008/09/05 19:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe PRC - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe PRC - [2008/08/15 17:03:50 | 004,812,664 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe PRC - [2008/07/04 16:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe PRC - [2008/04/17 16:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008/04/17 16:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2008/02/19 19:05:24 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2010/11/09 15:33:50 | 002,064,384 | ---- | M] () -- C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2008/09/05 19:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll MOD - [2008/09/05 19:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll MOD - [2008/09/05 19:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll MOD - [2008/08/15 17:00:54 | 006,510,416 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtGui4.dll MOD - [2008/08/15 17:00:54 | 001,657,168 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtCore4.dll MOD - [2008/08/15 17:00:54 | 000,396,112 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll MOD - [2008/08/15 17:00:54 | 000,366,928 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll MOD - [2008/08/15 17:00:54 | 000,026,960 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\SDL.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009/02/25 21:43:20 | 000,818,752 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV:[b]64bit:[/b] - [2008/11/20 06:21:12 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc) SRV:[b]64bit:[/b] - [2008/10/03 13:27:54 | 000,854,280 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy) SRV:[b]64bit:[/b] - [2008/10/03 13:23:26 | 000,563,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV:[b]64bit:[/b] - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:[b]64bit:[/b] - [2008/09/22 19:15:48 | 000,585,136 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw) SRV:[b]64bit:[/b] - [2008/08/25 06:31:36 | 000,251,904 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\STacSV64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2008/08/25 06:31:22 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe -- (AESTFilters) SRV:[b]64bit:[/b] - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/19 17:48:26 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Stopped] -- C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe -- (AGCoreService) SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService) SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/07 16:45:50 | 000,111,896 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc) SRV - [2008/07/07 16:45:36 | 000,124,184 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint) SRV - [2008/04/17 16:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008/01/20 22:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008/01/20 22:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2008/11/20 06:20:52 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY) DRV:[b]64bit:[/b] - [2008/10/27 07:21:50 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX) DRV:[b]64bit:[/b] - [2008/10/27 02:25:30 | 000,315,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid) DRV:[b]64bit:[/b] - [2008/10/27 02:25:30 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd) DRV:[b]64bit:[/b] - [2008/10/03 13:23:46 | 000,080,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi) DRV:[b]64bit:[/b] - [2008/10/03 13:23:40 | 000,277,008 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp) DRV:[b]64bit:[/b] - [2008/10/03 13:23:36 | 000,192,528 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf) DRV:[b]64bit:[/b] - [2008/09/03 07:59:18 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV:[b]64bit:[/b] - [2008/09/03 07:58:16 | 008,029,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService) DRV:[b]64bit:[/b] - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir) DRV:[b]64bit:[/b] - [2008/08/25 06:31:46 | 000,458,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2008/08/16 03:01:34 | 000,235,536 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt) DRV:[b]64bit:[/b] - [2008/08/16 03:01:32 | 000,042,000 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt) DRV:[b]64bit:[/b] - [2008/08/16 02:58:10 | 001,839,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint) DRV:[b]64bit:[/b] - [2008/08/02 18:36:16 | 000,243,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP) DRV:[b]64bit:[/b] - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp) DRV:[b]64bit:[/b] - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk) DRV:[b]64bit:[/b] - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk) DRV:[b]64bit:[/b] - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:[b]64bit:[/b] - [2008/07/07 16:42:52 | 000,195,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) DRV:[b]64bit:[/b] - [2008/07/07 16:42:50 | 000,197,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00) DRV:[b]64bit:[/b] - [2008/07/07 16:41:32 | 000,043,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.SYS -- (PCTINDIS5X64) DRV:[b]64bit:[/b] - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM) DRV:[b]64bit:[/b] - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:[b]64bit:[/b] - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R) DRV:[b]64bit:[/b] - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2008/01/20 22:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2007/10/12 18:04:40 | 000,041,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64) DRV:[b]64bit:[/b] - [2007/09/06 17:30:24 | 000,198,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI) DRV:[b]64bit:[/b] - [2007/06/20 16:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem) DRV:[b]64bit:[/b] - [2007/05/31 15:39:32 | 000,027,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:[b]64bit:[/b] - [2007/01/18 17:10:22 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort) DRV:[b]64bit:[/b] - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV - [2008/07/07 16:42:52 | 000,028,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/ IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/ IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/03 22:34:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/03 20:54:16 | 000,000,000 | ---D | M] [2011/09/03 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALPIMAS\AppData\Roaming\Mozilla\Extensions [2009/10/07 13:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALPIMAS\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2011/09/03 22:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009/08/08 13:10:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/12/19 08:22:50 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing-zugo.xml [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2011/09/05 10:24:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - File not found O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - File not found O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll () O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe () O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe () O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe () O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe () O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [KiweeHook] C:\Program Files (x86)\Kiwee Toolbar\3.2\kwtbaim.exe (AG Interactive) O4 - HKLM..\Run: [LvOKfeefnfQft.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHEAumSkgtosWLFisO9EOwIrWP/zyGHJnxoEaB1FKlBInQT6pU fjiipIjR5ESSA0XW3MlTYUyaM2eKHIqz4MeVOTHG9EPNpUuDFW/2lIqQZc+rEU8S/AnUqMmVR2Ey DXn0aNGzCoeKFRuTalWaFTlq/Yq1Lk+uDz+q1DuXIEyYJotOZAlSZ0OXL526dbg4rd3HgYUWjHmS r8rLVi0uxdvxn1y0Iz2WJcuXbM6/bGXidLo5seq3fSHL7riX8senXjHORXzw9cWUnYmaXsqW6uC8 mWfHzooZs8Epqtv6Xg6aelCBMiuHHrmZOGuu2v2+/xx/tPVSuFbNzoZYNqz13gadYv2ruD591BAb 517YvOl9xCtdtt96ovWn0nXvVQZWgAwuxaCBD0YI4WUvMWiZe7sx1NdcBSaU2F9RjScieSRWKNV7 XfGl4lWcbfXXQy8xVpJeSalooXuYWVYhjTlGeOFeC/aYEoUjOhSeRCYGmBRs2E2x5Fa4XTfQgcLh FFd1gYG0WJWNaTeRaoYhuJB6TxrGoXILktmSbwa9iFOMEbEJY140HXccVijulKeUZQ65o1QxOQkb fZ6VCVR2kaEFZE+FHehYfNJ1d5t0MO3ZkKUZ+UnNFI4uxFtnDJ34pEInJnjeVk2FhJh39FH6nYaY vv/1KGg7gelSgCb25iaf8XnG1KSRdiesd985WFWGRwY36n7J1bjeVJPJ2d5o//xnbX0DIrTYr3T2 pR9GAuYU66XLYiVniyiFWy2un8IHqnpeBgVecmYNSdyb2Y6JGJxW0urvs7Sp6duHQDbroYPUygkq SSd+me2kU0Qc8VzfijfixRiPJ65dJ704rrgTToHCyCOPpSxD8oVUKVhUaaQewajFrBhMEke8FKcZ zxyzdmei9FRsmYWJEXSCRlQwSK9Rg4LIIqMgVmX7MlWi1Ca+VLMfNo+4714ab0QR1rf+K1V/H2ON c1dYSazftEoSKTNMJJPclogXLtxS0yNDNzbeeU//gSGbYdkcplZ0fyv0wnHVzKzBdGKHNb3wFkZv oQPxPTJVSacbJHC9Lc2pSXKDSRZ5oglkM1ndXevqtWs1RLTJaAukboKpqB22X2CFxjblAsktt1ZY e3UmkBQ2zRGh1cJ9PILUjh5xkjTyzHueww7refXBwg4yijSP3V7tz1snOdYjN0VybwpD1ebSUpcX 46YTdam97Ho7ynanFQ8NdtFTnr1xbkM63KYiNrrQgA86c+saSbKDtwGOjE8pkday4nI52Z0oJk4j 3naWF5UIOs00QyEMkZAywTGFhFMSM9MA9favjuRuIwSUiM0+d5CMTWRpKDgeyYDTLHTxZ2kK7EgO /5uSHRH9yn5NyZqm9lJDF97Iblaqna9oaBSzPS92KPHTPyTWkatNriVbJBkK8wamaanKSUcyjB9K JqaQoMAz9sIcScICNs/VbGKSqZb6FOSchNzKiiYJH+OMZDaP1A5sebpYGEU2EBxujV/bqdKSagdE qCQmg4T7kPqq9bo7Ps4t+YMIcQY4vxPm70yxMZtYckjFFkJJjE6JWxSN+KKxmDFGEUPBEh2Vije6 5SQpc1kAG2S242mqfcmiyH2KpkovlbImK6yZkoxGvhxWLm8wi5J4PCMi0nyEaUCr1ge/wkPJbSkq p2tTFiGUyZVtBEzp3Ar/mMSr/klsfhTKYj2rKf/GuOmSKADVp1o+5MhpXWaNOCJhdm7jztxwsVey Sl67KkPFFUbwL63kCfgeNyZ1gS5v/mRaKKfENtFsqpLDRF1GjYI0RO1qgdARmn66OSZO7et1HUuf hsRFvhSW600vvKY/h3qrkq6oa/7xE8neRj+/tcebmxlVBBEVT6uMTTFGoeWH9Ca5h8puOhk5IM38 likVMS2HbMnl0kiaT79skit545zbnrczc7asX9VyiVc7077mvK1CRlkp2AiyUqNJU5wV3ZyQXtbL vBkkbgrUSsfyWLk1lu8zHQmezqK2LiDtSySJUeKOVjSzfM1xnonjlEfI+psDxvSgMS3MRSy7NAv/ 4W1OsgKnLQsyxHdypIgX05RexOq2ru1ottIi2ldhRbwI3lOyVSVVVSAbvyHhzS2ncqtGBiNbyzpp od902oOOa9KyuBaHNrMPiTi3nU0m5ZBl8mlhQ5XeDcUzVKfxoGPXx0ZdcUVUscllpTCDSJOSxjz+ Ce09bZo8G2aMNHCpnX4C9c3lLMe1YDVdDH+qSN3xhmJi1CJhU/erQP2qLE3TGwbZpz3Uws6QUR0d hiymXhAlNTRnbdF2szZPQnaqN3jM6jTTBSUQpWYzCETNSj4DUNluzHxnJetNkOYuibbMqIwzjoON CDaF1WykygpnRXL5SCJiL7SAEx6WRVwj+sDr/50IlB1UKHbi5v7YwPU6DRTFEzWx4MxNxfzYkYPl XB/iN4TljdVoa+QfrtzrnS1brEFNyDMS6hGadGuw2sBcT782Nc3mldxt2sssE2b1fUVpjcoUa+ab cNdwkWwvh2gEwUS5N4muVjJyvmU23VlqpLEi04++1+gpEcoypt3pSMbzFMBCE30fw+tZ7JPMfYaS Ogoa9oGqJpG8gghssIZwrGdiH22SNIB4wiypmYOtunA6oaWBC+6YXbWLZlfZ1gIwaH75RYApKmzJ 7NnD5CxjdnpzcAENylqEq8fotEVZ5V5UQEsnmDQGdc/rTvZs1mZQNWER4w0mT7fZjCR6V2yQ+v/s 9phQ7u+wwjvLnXaZvLGTaVrJxEnkwaqvXrXyxSErUSsqST15YsaNXNuCTqSTrvmzKvzkF3PReeke lyTTsppaOVgEzNDPLXMpdUwluPFWuUvdpq4VzSMxdhbF1y1B965zQ+J25bPMzdKoaGgwUzY6zB7D oJY8LUtzdCvRGRdt3fhkOslBVLqQdy1bBwawh8MrTSd573FP9qfhFLLAC08ulC2qJcNlnZ40x+k1 9fE6PE8552HVcreTeriAy6bWhZdxWQ3J9Zmv0X9FDp/1RtbxW29j6yni8T7fLvjIdyETN54kdsIJ ecMfvmQzE/GwTxJxpqG99NizyxESqUks/T06udsi8OjzPWAU0qZOxSfV5aNfQhaqSfpOv5uUmf/8 +fU2k6VtKYoFqWo/xh6GknBqF36ypR2s8SwBAQA7==] File not found O4 - HKLM..\Run: [Mqvagestsearche.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCAf6SbXQT8KHECNKnEixosWL1KghTEWNo8eOHS9iLKixoR+TAjWm/KdRJcuB Ll0alCkSIc2aBG9KzOgxVc+fHX2CTPXPIc6aOiEy9LnUKEWdRI9K3Tm06serIHVmhHhyYkyYIr+u zPlyZdSXJ00upOinZdmmcNPGnStXLtOgQO/qbXqSrt+G/zySfKnSaU2fDf/SLcoUseK7CxsnTuw4 MtyOlteGzWg169Sng88+7IpUatKyCfeOHUyQoVrRbksjZv05Ik2OWsEarl3a68GgeCfiDjyZIU6f vMMOFGyz9e7Tvz9/dRtb4nCBekMWdKjyK9HigFfn/4wqVnpC6tpRly9KHSx0sMlrbzWIOytRre9d M9XcNj5olvNNpJlSPUV3VHsPtcTRTFfhdtVyAnGnV2Ci+VZUXcY1Z2FZAbqEHG06TUFfcR9WR5t8 g3HGU1v1bZSUcTRx9pFFxp3lEGKRDbgZWQCC5lhjH4q3k4YQAYfVR+iV1N9MOd10nUb1xYSXUEIG pqBK5JHkWl3nWVkdTwGSVdl+S4IIH0t9GUgVklNlqJ6VDgJZVVBw4mXnXUYKdSSVRVJI5n1QyQRk YwfpKNxSCQ6q6KKMEtXolEsBeSZZYPIIWmTBucRdl5ayVFlaLP5YYW6bEkkcjP6lit1uBi0ZY5VM Ev+020dTCOXUdFXytN+CaOpXUVfvNTQFChVGVOyJ7qHWaYrKXogQdyBhl+yXyTrbUlAnibjcT4St upSu1NpmoFFa9UUuCiiw2qd5XmE2BU2kKZQSlCa+tyxM5B6ZElYwnWYvV8dKStKwx0ZoGILKbvUe ri9muxa8Rok4XHeBTaoUk9fKeSOkHg2LLrHzcqZmsM5FGqRM1KAwhbrOIRurcrf5sfK7qbHYrJ+S Ddovf3YRCt+CMfqhMroe1/rSsf8yBuStRCM9LMuoRSZetCiXZzVJKqYyc1+iTmYZXNhR3KrMU8xc tswQUgpTli0JTfTHROsqqqVYDmpoSh/TvJrK2lr/J5RMQ/e13kF7KUoNqHpruTbUPy1NzcoOnXR4 2VjeW3GPLA2tMtmB39aZzk0VOSzBB42+rkKOMlVU3qNDHqaZDG4dpZWlFubXdd1CHu/qSSbYrdsq bwU8yN1yvCiWaAupeeIDDe07gx9y9PHaZX+c9IiQX05xnpXRF7ZLZfedE83+tja+8wQVLfHhfJrq U+tBpkQw3waZTuSrh3P3sdTYEX3zy/vamuAssxITOestIcuW0c60kKthrihggVtshrcpBYWHMaRx i9uMNih0LQRdFfKYcpazweWARGa3MpZkUPguTXVJUIORnEbC95v0VO0m0PrH6IhVIKE9rSSIwo7q /+4mkOqx6nE8HN2MfCiSCrmNXLJK11ksuDSSpGVlsiremUSWEQnV6EZaQ1t3KlcQXlFqQe8j2qw8 lq4yfQst/xPI0GCjQ5DJLF1uqZ7P4rg2RPlwgR5aWWNCkh/XZC9CTVITjz4Xvlo1CEkq8oyiiBO4 Br2NRZ+bk4Nk5EMUyCgjTyvisKKYuAklCEtzzIzRTHSXm30RctoS0Ri3qBunyBBzZAvfWchzH9RZ xoWegltaFJK3h42lTLmpIxZXcja8pWsgHnvdkJgiQhI6Mn4p8llIdBc5l20HVbJiW2AaSbkWDQU5 BrxcYIa2QGLSb2wVeRzlomjL4Hlqnv+JyceAlv+KNhrleIyBEjpZYrbdqRN/3UIkCa1IzrK1Ej10 CyjwtAUYCe6sIkspmmNoKD97as2TIxwn395GPDe1xnipMySwLAarhZqFQnXTGjkryEdbwmSHA0Ii CAuHUo0FpZKIeeZyhgUllfWSRv0T6uHQRTHAXJBeX1Mp5EKHsFhlqTW78tQ9w9cWTpoxqqKCGw+Z IkwcmSyFL+vIO4syyvSN8qNmjKcoQQpNum4Lmys6EzfBYrdGwehRkuJII/GkMNV5CVyZU+JN0Tcq kSh2neKT48rkWTBx/cN6UWzZQtEoKkddkWtnzSoG4aLN7yHPUxrh23zsFEkhgpOCaNqfQQGUztT/ jA5KbSUlXC0iNvQN9VS/WUtlVXrU8TRqI5LJ30cw9b4FHmxbXIRgR3cIt7KdTkChTFmt7rTDyQrM WOtE11hcY8DhAOZLwpJZcbF61rVkRk+blN6KUEW2rpYELSYtXnfEKtazNU5OjxzUT0Hotjd99IdI 6adQKbSdtclLiGVErdhUY0IwsSlsdlOvh/InSD7J7Zz/HWre2OlbU9lGtfhsDTuhpkidFkyeVtpX qaxYRsjoySoC/i98G+NfAmq3VANdpp+4lhgZy1DBxFvWepvzR/EKVLijO6Kx7ujBjUixj52xcI7t hSf2vHc2E5yZRxxW5H4VZjTeygyAkmdZmyyX/42CZJUxeTu56sbPbTYaZE/UjDUtTSaS3eGVSVzY RY4o0KFe/FqZZhs2fNEUkSIDa08NqyQq2/V/g+PKZ6tHXU+ySWcKFdSiQpae8V4QwgBCZ2PLaDPD iUyhcLrxkQg5HwFPmdOVZdeFDh039hm2xl0bVX0aCDTaBpFUOZFaVfELYFttObrla5KgnDRMyKJ1 ZLxlUl9BG6nDnae17Eubg1jMwKgUqE57ms2MFOKUUasNV9LWqqeIKNAh2fto3xyTZDB4xWLTdj6J 0ZQMxZYS5nI2L1eVsLqAiGU07Xo1XzZje64FaCG9SjP4sZwK6cRgqlzLqSXKy5zOORIO8VVPI//q 17Clq0L4PsuUE8dc3TiFEYLDGmMqKmNQagWquhCS5v+KTbGh8lDGONpTuQYgafMbrQLm3OnKpu2B /FzD2vpJU7/ekrlSNUVFopw47EEZcyzCP5zt65QP9J3VF1nAoefcakU/tbzH1vP+JPNi77ZYzhrN 7gtPi0LXJtyjm7XslrY5xmu/q8aNjlGUNPEwQxZSBnlSsqT/xvLMks7TkUVAb0La87TckDpBfzfm Npi9CQdgoWDGx29TXoUsTsr1Fo9UtjyEIUNhd4SmGKbrQck0rS9UcdtT9tWIDd7Bl6vx/1OWeJHq PoTS2hYz5U1g3rtfSC0XNmmuqu5brmHacfay7dtnHe9jvVoYZymHZu+VUCV9cHfPYEKjo6Sglb1e v16+tEqe/OdM3ft3dSfktyzwwn2j8Wp952E1tGrqxxtHZECZNi/YBoCpxijiwWiw8ioOFhPt9mu3 QX4bpoGgRx+Yx3wUOBU4tm4oYht/42bSxH6Jonr8d4LA1ym+5momJoFAFxxC0mUmR4MmCIRCaD4w ZS/SVCQDOB6GtyEwCDtDqHwN+Cb8h3xpZUKzBklpJxEBAQA7==] File not found O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [QuickTime Task] File not found O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint) O4 - HKCU..\Run: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe (ooVoo LLC) O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DAF6A87-4BA2-4BED-B861-F5D019D37AB2}: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{304BDE19-F312-43D0-B645-C61B958C98F6}: DhcpNameServer = 192.168.254.254 O18:[b]64bit:[/b] - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll () O20 - Winlogon\Notify\dstfixx: DllName - dstfixx.dll - File not found O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll () O24 - Desktop WallPaper: C:\Users\ALPIMAS\Pictures\DSCF0077.JPG O24 - Desktop BackupWallPaper: C:\Users\ALPIMAS\Pictures\DSCF0077.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/02/01 22:53:23 | 000,000,041 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/09/09 13:28:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/09/07 22:34:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/09/07 22:30:07 | 000,000,000 | ---D | C] -- C:\Users\ALPIMAS\AppData\Local\temp [2011/09/07 22:27:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/09/07 22:27:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/09/07 22:27:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/09/06 22:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011/09/06 22:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011/09/06 22:16:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALPIMAS\Desktop\erunt_setup.exe [2011/09/06 08:45:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2011/09/06 08:45:57 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2011/09/06 03:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2011/09/06 03:58:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2011/09/06 03:22:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll [2011/09/06 03:22:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll [2011/09/06 03:22:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll [2011/09/06 03:22:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll [2011/09/06 03:22:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll [2011/09/06 03:22:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe [2011/09/06 03:22:19 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll [2011/09/06 03:22:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll [2011/09/06 03:22:19 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe [2011/09/06 03:22:19 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe [2011/09/06 03:22:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe [2011/09/06 03:22:15 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll [2011/09/06 03:22:15 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe [2011/09/06 03:22:15 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll [2011/09/06 03:22:15 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll [2011/09/06 03:22:15 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll [2011/09/06 01:15:46 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011/09/06 01:15:46 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011/09/06 01:15:46 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011/09/06 01:15:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011/09/06 01:15:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011/09/06 01:15:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011/09/06 01:15:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011/09/06 01:15:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011/09/06 01:15:43 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011/09/06 01:15:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/09/06 01:15:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011/09/06 01:15:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011/09/06 01:15:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011/09/06 00:49:54 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2011/09/06 00:49:54 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2011/09/06 00:48:55 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2011/09/06 00:42:07 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011/09/06 00:41:48 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011/09/06 00:41:19 | 010,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2011/09/06 00:41:16 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2011/09/06 00:40:32 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2011/09/06 00:40:31 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2011/09/06 00:28:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011/09/06 00:28:25 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011/09/06 00:28:25 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011/09/06 00:28:25 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll [2011/09/06 00:28:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2011/09/06 00:28:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2011/09/06 00:15:41 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011/09/06 00:15:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2011/09/06 00:15:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011/09/06 00:15:10 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011/09/06 00:15:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011/09/06 00:14:52 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2011/09/06 00:14:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011/09/06 00:14:44 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2011/09/06 00:14:43 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2011/09/05 09:23:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/09/05 09:23:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/09/05 09:23:03 | 004,192,529 | R--- | C] (Swearware) -- C:\Users\ALPIMAS\Desktop\ComboFix.exe [2011/09/04 23:31:32 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\ALPIMAS\Desktop\aswMBR(1).exe [2011/09/03 22:48:10 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/09/10 11:26:39 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C49DCAFF-9550-4809-B387-0A17B44F2D64}.job [2011/09/10 11:26:39 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{830A53C7-A521-4EFD-8571-D3AB6FDC631D}.job [2011/09/10 11:26:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin [2011/09/10 11:26:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin [2011/09/10 11:21:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/09/10 11:21:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/09/10 11:10:25 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/09/10 09:28:27 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011/09/10 09:22:21 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011/09/10 09:22:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/09/10 09:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/09/07 09:21:00 | 376,226,746 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/09/06 22:17:55 | 000,000,945 | ---- | M] () -- C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011/09/06 22:17:51 | 000,000,765 | ---- | M] () -- C:\Users\ALPIMAS\Desktop\NTREGOPT.lnk [2011/09/06 22:17:51 | 000,000,746 | ---- | M] () -- C:\Users\ALPIMAS\Desktop\ERUNT.lnk [2011/09/06 22:17:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALPIMAS\Desktop\erunt_setup.exe [2011/09/06 04:01:50 | 000,283,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/09/06 03:15:33 | 000,718,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/09/06 03:15:33 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/09/06 03:15:33 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/09/05 10:24:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/09/05 09:23:21 | 004,192,529 | R--- | M] (Swearware) -- C:\Users\ALPIMAS\Desktop\ComboFix.exe [2011/09/04 23:11:18 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\ALPIMAS\Desktop\aswMBR(1).exe [2011/09/03 22:48:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe [2011/09/03 22:34:38 | 000,000,914 | ---- | M] () -- C:\Users\ALPIMAS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/09/03 22:34:38 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/09/03 21:04:19 | 000,001,460 | ---- | M] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps64.dat [2011/08/25 22:26:39 | 003,654,276 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04648.JPG [2011/08/25 22:26:32 | 003,681,259 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04604.JPG [2011/08/25 22:26:27 | 001,466,942 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04595.JPG [2011/08/25 22:26:18 | 001,468,710 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04354.JPG [2011/08/25 22:24:37 | 003,706,199 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04054.JPG [2011/08/25 22:24:31 | 001,471,513 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04034.JPG [2011/08/25 22:13:51 | 004,033,566 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC00596.JPG [2011/08/25 22:13:43 | 002,297,734 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05470.JPG [2011/08/25 22:13:29 | 003,782,800 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05401.JPG [2011/08/25 22:13:22 | 003,019,984 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05388.JPG [2011/08/25 22:13:05 | 003,814,192 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05371.JPG [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/09/07 22:27:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/09/07 22:27:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/09/07 22:27:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/09/07 22:27:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/09/07 22:27:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/09/06 22:17:55 | 000,000,945 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011/09/06 22:17:51 | 000,000,765 | ---- | C] () -- C:\Users\ALPIMAS\Desktop\NTREGOPT.lnk [2011/09/06 22:17:51 | 000,000,746 | ---- | C] () -- C:\Users\ALPIMAS\Desktop\ERUNT.lnk [2011/09/06 13:15:01 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{C49DCAFF-9550-4809-B387-0A17B44F2D64}.job [2011/09/06 08:45:58 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll [2011/09/06 08:45:57 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2011/09/06 03:42:30 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll [2011/09/06 03:22:39 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\winrsmgr.dll [2011/09/06 03:22:36 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\wsmplpxy.dll [2011/09/06 03:22:36 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\winrssrv.dll [2011/09/06 03:22:24 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\pwrshplugin.dll [2011/09/06 03:22:22 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\winrs.exe [2011/09/06 03:22:22 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\winrshost.exe [2011/09/06 03:22:22 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\wsmprovhost.exe [2011/09/06 03:22:19 | 000,232,960 | ---- | C] () -- C:\Windows\SysNative\wecsvc.dll [2011/09/06 03:22:19 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wevtfwd.dll [2011/09/06 03:22:19 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wecutil.exe [2011/09/06 03:22:19 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\wecapi.dll [2011/09/06 03:22:19 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\WsmRes.dll [2011/09/06 03:22:16 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2011/09/06 03:22:16 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2011/09/06 03:22:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2011/09/06 03:22:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2011/09/06 03:22:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2011/09/06 03:22:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2011/09/06 03:22:15 | 002,050,048 | ---- | C] () -- C:\Windows\SysNative\WsmSvc.dll [2011/09/06 03:22:15 | 000,370,688 | ---- | C] () -- C:\Windows\SysNative\winrscmd.dll [2011/09/06 03:22:15 | 000,352,768 | ---- | C] () -- C:\Windows\SysNative\WSManMigrationPlugin.dll [2011/09/06 03:22:15 | 000,348,672 | ---- | C] () -- C:\Windows\SysNative\WSManHTTPConfig.exe [2011/09/06 03:22:15 | 000,310,272 | ---- | C] () -- C:\Windows\SysNative\WsmWmiPl.dll [2011/09/06 03:22:15 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\WsmAuto.dll [2011/09/06 01:15:46 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2011/09/06 01:15:46 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2011/09/06 01:15:46 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2011/09/06 01:15:46 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2011/09/06 01:15:46 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2011/09/06 01:15:46 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2011/09/06 01:15:45 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2011/09/06 01:15:45 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2011/09/06 01:15:45 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2011/09/06 01:15:45 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2011/09/06 01:15:45 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll [2011/09/06 01:15:44 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2011/09/06 01:15:43 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2011/09/06 01:15:43 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2011/09/06 01:15:43 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2011/09/06 01:15:42 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec [2011/09/06 01:15:41 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2011/09/06 01:15:41 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2011/09/06 01:15:41 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2011/09/06 01:15:40 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2011/09/06 01:15:39 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2011/09/06 01:15:39 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2011/09/06 01:15:38 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2011/09/06 01:15:38 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2011/09/06 01:04:48 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys [2011/09/06 00:50:01 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll [2011/09/06 00:49:15 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll [2011/09/06 00:48:55 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll [2011/09/06 00:48:52 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll [2011/09/06 00:48:32 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll [2011/09/06 00:42:29 | 002,762,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2011/09/06 00:42:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2011/09/06 00:42:20 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys [2011/09/06 00:42:17 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2011/09/06 00:42:17 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2011/09/06 00:42:17 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2011/09/06 00:42:13 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys [2011/09/06 00:42:07 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2011/09/06 00:42:07 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2011/09/06 00:41:48 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\odbc32.dll [2011/09/06 00:41:35 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll [2011/09/06 00:41:34 | 000,454,144 | ---- | C] () -- C:\Windows\SysNative\shlwapi.dll [2011/09/06 00:41:22 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll [2011/09/06 00:41:15 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL [2011/09/06 00:40:41 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi [2011/09/06 00:40:41 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe [2011/09/06 00:40:40 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi [2011/09/06 00:40:40 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe [2011/09/06 00:40:40 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll [2011/09/06 00:40:40 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll [2011/09/06 00:40:40 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll [2011/09/06 00:40:37 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\consent.exe [2011/09/06 00:40:32 | 002,424,320 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll [2011/09/06 00:40:31 | 000,730,624 | ---- | C] () -- C:\Windows\SysNative\mstsc.exe [2011/09/06 00:40:19 | 000,301,568 | ---- | C] () -- C:\Windows\SysNative\shsvcs.dll [2011/09/06 00:28:29 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys [2011/09/06 00:28:25 | 000,560,128 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll [2011/09/06 00:28:25 | 000,416,768 | ---- | C] () -- C:\Windows\SysNative\sbe.dll [2011/09/06 00:28:25 | 000,226,816 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax [2011/09/06 00:28:25 | 000,210,944 | ---- | C] () -- C:\Windows\SysNative\sbeio.dll [2011/09/06 00:28:16 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll [2011/09/06 00:28:16 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll [2011/09/06 00:28:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll [2011/09/06 00:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys [2011/09/06 00:18:06 | 000,344,576 | ---- | C] () -- C:\Windows\SysNative\schannel.dll [2011/09/06 00:18:04 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2011/09/06 00:16:52 | 004,692,368 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe [2011/09/06 00:16:51 | 001,560,960 | ---- | C] () -- C:\Windows\SysNative\ntdll.dll [2011/09/06 00:15:45 | 001,251,840 | ---- | C] () -- C:\Windows\SysNative\sdclt.exe [2011/09/06 00:15:41 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2011/09/06 00:15:41 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll [2011/09/06 00:15:40 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2011/09/06 00:15:36 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll [2011/09/06 00:15:13 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\winsrv.dll [2011/09/06 00:15:13 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll [2011/09/06 00:15:11 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll [2011/09/06 00:15:10 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll [2011/09/06 00:14:52 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll [2011/09/06 00:14:48 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll [2011/09/06 00:14:48 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll [2011/09/06 00:14:48 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe [2011/09/06 00:14:44 | 000,854,528 | ---- | C] () -- C:\Windows\SysNative\schedsvc.dll [2011/09/06 00:14:44 | 000,655,872 | ---- | C] () -- C:\Windows\SysNative\taskschd.dll [2011/09/06 00:14:44 | 000,499,712 | ---- | C] () -- C:\Windows\SysNative\wmicmiplugin.dll [2011/09/06 00:14:43 | 000,410,112 | ---- | C] () -- C:\Windows\SysNative\taskcomp.dll [2011/09/06 00:14:43 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\taskeng.exe [2011/09/04 23:18:20 | 376,226,746 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/09/03 22:34:38 | 000,000,914 | ---- | C] () -- C:\Users\ALPIMAS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/09/03 22:34:38 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/09/03 22:34:38 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/09/26 12:42:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager .INI [2010/09/25 14:46:42 | 000,000,112 | ---- | C] () -- C:\ProgramData\Jy8atcgh5.dat [2010/09/15 19:50:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/08/14 18:03:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010/06/28 00:25:42 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2009/10/16 16:44:33 | 000,001,460 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps64.dat [2009/09/28 15:44:33 | 000,000,109 | ---- | C] () -- C:\Windows\TmProxy.ini [2009/06/20 12:26:37 | 000,024,226 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\UserTile.png [2009/04/07 17:28:47 | 000,000,552 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d8caps.dat [2009/01/21 00:00:03 | 000,005,962 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\wklnhst.dat [2009/01/20 23:35:55 | 000,027,136 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/01/20 13:12:11 | 000,006,756 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps.dat [2009/01/19 23:13:41 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2009/01/19 23:13:41 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2009/01/19 23:13:41 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2009/01/19 23:13:41 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2009/01/19 23:13:41 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2009/01/19 23:13:41 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2009/01/19 23:13:41 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2009/01/19 23:13:41 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2009/01/19 23:13:41 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2009/01/19 23:13:41 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2009/01/19 23:13:41 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2009/01/19 23:13:41 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2009/01/19 23:13:41 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2009/01/19 23:13:41 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2009/01/19 23:13:41 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2009/01/19 23:13:41 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2009/01/19 23:10:31 | 000,000,079 | ---- | C] () -- C:\Windows\EPWF600.ini [2008/12/30 07:09:38 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2008/12/30 07:09:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008/12/30 06:42:45 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2008/12/30 06:42:45 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2008/12/30 06:42:45 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin [2008/12/30 05:51:20 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin [2008/09/05 19:16:36 | 000,233,216 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll [2008/09/05 19:16:36 | 000,059,136 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll [2008/09/05 19:16:20 | 000,087,296 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll [2008/07/07 16:42:52 | 000,028,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2008/12/30 06:44:15 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys [2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [2008/12/30 06:44:15 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\ERDNT\cache64\atapi.sys [2008/12/30 06:44:15 | 000,022,584 | ---- | M] () MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\SysNative\drivers\atapi.sys [2008/12/30 06:44:15 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\ERDNT\cache86\explorer.exe [2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe [2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe [2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe [2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe [2008/01/20 22:50:24 | 000,027,648 | ---- | M] () MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe [2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe [2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe [2008/01/20 22:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2009/04/11 03:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys [2008/01/20 22:47:03 | 000,271,416 | ---- | M] () MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\SysNative\drivers\volsnap.sys [2008/01/20 22:47:03 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\ERDNT\cache64\winlogon.exe [2008/01/20 22:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe [2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe [2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/28 00:53:19 | 000,070,656 | ---- | M] () 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/28 00:53:19 | 000,070,656 | ---- | M] () 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/28 00:53:19 | 000,070,656 | ---- | M] () 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.) [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010/09/21 18:42:59 | 000,025,470 | ---- | M] ()(C:\Users\ALPIMAS\Documents\Hmph ?.txt) -- C:\Users\ALPIMAS\Documents\Hmph ♥.txt [2010/09/21 18:42:58 | 000,025,470 | ---- | C] ()(C:\Users\ALPIMAS\Documents\Hmph ?.txt) -- C:\Users\ALPIMAS\Documents\Hmph ♥.txt [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report >