Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

search engines redirect to scour, infosmash, etc...


  • Please log in to reply

#1
kmfahrer

kmfahrer

    Member

  • Member
  • PipPip
  • 15 posts
i can't get rid of a redirect problem i have been having. i followed the instructions in your malware guide. here are the logs:

===========MBAM==============

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10/5/2010 7:06:52 PM
mbam-log-2010-10-05 (19-06-52).txt

Scan type: Quick scan
Objects scanned: 157389
Time elapsed: 7 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





============GMER============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-05 21:10:09
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\assembly\NativeImages_v2.0.50727_64\index4cd.dat 0 bytes

---- EOF - GMER 1.0.15 ----




==============OTL=====================

OTL logfile created on: 10/5/2010 9:11:10 PM - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kevin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 136.48 Gb Free Space | 47.78% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.39 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VISTA1
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/05 19:34:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
PRC - [2010/02/25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/04/22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/09/26 04:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 20:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 20:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/23 13:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 19:34:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/20 20:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/14 12:29:58 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/04/14 12:29:58 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/03/10 11:16:56 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/01/05 18:04:02 | 000,199,032 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2009/12/14 21:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2009/12/14 21:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2009/12/14 21:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2009/12/14 21:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2009/12/14 21:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2009/12/14 21:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2008/09/11 05:53:00 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 09:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/05/20 17:19:16 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/30 17:24:34 | 000,703,488 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/06/11 21:25:01 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/09/23 13:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/04/14 12:29:58 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/04/14 12:29:58 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/04/14 12:29:58 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/04/14 12:29:58 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/04/14 12:29:58 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/04/14 12:29:58 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/04/14 12:29:58 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/04/14 12:29:58 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/02/10 11:46:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/23 02:19:21 | 001,522,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/19 19:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/11 05:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/04 11:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/14 04:18:54 | 008,029,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/07/15 02:20:42 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/06/19 19:37:42 | 000,325,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 20:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2005/02/02 10:59:23 | 000,024,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbser.sys -- (usbser)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...rce=gama&hl=en"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {62FF2E09-063A-4ED9-BBEB-A43D1C25F61B}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/18 17:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/09/13 16:06:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/18 13:16:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/18 13:16:38 | 000,000,000 | ---D | M]

[2009/05/06 16:57:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2010/10/05 11:27:53 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k5kezueg.default\extensions
[2010/08/03 19:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k5kezueg.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 15:42:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k5kezueg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/13 18:49:12 | 000,000,000 | ---D | M] (Trailfire) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k5kezueg.default\extensions\{7b5c6cd0-3ead-11da-8cd6-0800200c9a66}
[2009/12/17 15:48:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/14 12:29:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2009/09/07 18:25:46 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100428054817.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100429165104.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vista & XP Virtual Desktops.lnk = C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{F4735C64-9A74-4E48-894B-1CA5D83B99C8}\MainIcon.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a8d69e18-7722-11de-a076-00238b7cd8cc}\Shell\AutoRun\command - "" = H:\PMB_P.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/05 19:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/10/05 19:25:10 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Kevin\Desktop\erunt-setup.exe
[2010/09/30 09:45:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/25 17:44:08 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2010/09/25 17:39:17 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/08/20 19:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player
[2010/08/20 18:57:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Windows Server
[2010/08/20 18:57:32 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\E94C761805E209450A4782A0A4018621
[2010/08/09 12:38:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2010/08/06 10:52:55 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\GooredFix Backups
[2010/08/06 10:51:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Kevin\Desktop\GooredFix.exe
[2010/08/03 20:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2010/08/03 20:01:51 | 005,178,688 | ---- | C] (Igor Pavlov) -- C:\Users\Kevin\Desktop\WebUpdater_242.exe
[2010/08/03 19:53:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\GARMIN
[2010/07/30 16:29:57 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/07/30 16:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/07/30 16:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/30 16:23:06 | 006,992,192 | ---- | C] (SurfRight B.V.) -- C:\Users\Kevin\Desktop\HitmanPro35_x64.exe
[2010/07/30 16:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010/07/27 19:10:39 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\AVS4YOU
[2010/07/27 19:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/07/27 19:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/07/27 19:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2010/07/26 20:07:30 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2010/07/26 20:07:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/26 20:07:18 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/26 20:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/26 20:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/26 20:06:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/26 19:53:43 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\TFC.exe
[2010/07/25 19:33:17 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{62FF2E09-063A-4ED9-BBEB-A43D1C25F61B}
[2010/07/25 19:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/07/25 19:26:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMORAV
[2010/07/25 19:25:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\2b15b3e
[2010/07/25 19:10:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\rnayhrpbs
[2010/07/18 08:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Softland
[2010/07/18 08:23:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Softland
[2010/07/18 08:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softland
[2010/07/11 16:38:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\NumusDiskBuilder
[2010/07/11 16:37:58 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2010/07/11 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Xenocode
[2010/07/11 16:37:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2010/07/11 16:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Numus Disk Builder and Burner
[2010/07/10 11:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

========== Files - Modified Within 90 Days ==========

[2010/10/05 21:13:45 | 004,194,304 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT
[2010/10/05 21:08:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/05 21:08:38 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 21:08:38 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 20:36:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/05 20:35:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48089156-4234112374-3710388436-1000UA.job
[2010/10/05 19:34:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2010/10/05 19:25:11 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Kevin\Desktop\erunt-setup.exe
[2010/10/05 18:47:18 | 000,002,535 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vista & XP Virtual Desktops.lnk
[2010/10/05 18:47:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/05 18:46:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/05 18:46:08 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 18:42:49 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/05 18:42:49 | 000,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/05 18:42:41 | 002,595,953 | -H-- | M] () -- C:\Users\Kevin\AppData\Local\IconCache.db
[2010/10/05 17:35:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48089156-4234112374-3710388436-1000Core.job
[2010/10/05 11:18:52 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/09/25 17:50:43 | 000,005,887 | ---- | M] () -- C:\Users\Kevin\Desktop\Router_Setup.html
[2010/09/23 16:12:04 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAndrea.job
[2010/09/11 17:11:04 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKevin.job
[2010/08/28 16:15:50 | 000,000,358 | ---- | M] () -- C:\Users\Kevin\AppData\Local\RAExpertHistory.xml
[2010/08/22 19:15:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/08/20 19:25:14 | 006,992,192 | ---- | M] (SurfRight B.V.) -- C:\Users\Kevin\Desktop\HitmanPro35_x64.exe
[2010/08/16 21:30:41 | 000,266,397 | ---- | M] () -- C:\Users\Kevin\Desktop\scan0001.pdf
[2010/08/15 18:10:46 | 000,000,313 | ---- | M] () -- C:\Users\Kevin\.authorrc1
[2010/08/12 03:32:22 | 000,404,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/11 20:47:02 | 004,976,113 | ---- | M] () -- C:\Users\Kevin\Desktop\RentalAgreement0001.pdf
[2010/08/07 22:35:39 | 000,000,149 | ---- | M] () -- C:\Users\Kevin\EditLiveForJava.ini
[2010/08/07 21:51:38 | 000,002,619 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010/08/06 10:51:43 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Kevin\Desktop\GooredFix.exe
[2010/08/04 16:22:18 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/04 16:22:18 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/04 16:22:18 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/03 20:01:55 | 005,178,688 | ---- | M] (Igor Pavlov) -- C:\Users\Kevin\Desktop\WebUpdater_242.exe
[2010/08/02 15:26:03 | 000,111,856 | ---- | M] () -- C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/01 13:57:06 | 000,002,607 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Office Access 2007.lnk
[2010/08/01 10:20:06 | 004,325,376 | ---- | M] () -- C:\Users\Kevin\Documents\GTK_Practice_1.accdb
[2010/08/01 09:34:05 | 001,048,576 | ---- | M] () -- C:\Users\Kevin\Documents\Contact management database.accdb
[2010/08/01 09:32:18 | 000,370,022 | ---- | M] () -- C:\Users\Kevin\Documents\Contacts.accdt
[2010/08/01 09:31:45 | 000,794,624 | ---- | M] () -- C:\Users\Kevin\Documents\Vehicle maintenance.accdb
[2010/08/01 09:30:59 | 000,291,837 | ---- | M] () -- C:\Users\Kevin\Documents\VehicleMaintenance.accdt
[2010/07/27 19:13:32 | 000,033,792 | ---- | M] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 20:07:22 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/26 20:02:50 | 000,000,120 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Nnawavarow.dat
[2010/07/26 19:53:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\TFC.exe
[2010/07/26 17:27:41 | 001,650,877 | ---- | M] () -- C:\Users\Kevin\Desktop\Orders_ID0001.pdf
[2010/07/26 05:32:22 | 000,001,641 | ---- | M] () -- C:\Users\Kevin\Desktop\Computer.lnk
[2010/07/26 05:23:49 | 000,000,000 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Fgocopevoganid.bin
[2010/07/25 19:05:39 | 000,046,592 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\d93bcd1b.exe
[2010/07/17 15:55:25 | 000,002,651 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Office Word 2007.lnk
[2010/07/12 21:28:23 | 000,848,503 | ---- | M] () -- C:\Users\Kevin\Desktop\Inspection Notice0001.pdf
[2010/07/11 19:07:57 | 000,010,382 | ---- | M] () -- C:\Users\Kevin\Desktop\Download area.docx
[2010/07/11 16:51:15 | 198,555,648 | ---- | M] () -- C:\Users\Kevin\Documents\Recovery Disk.iso
[2010/07/11 16:37:52 | 000,001,038 | ---- | M] () -- C:\Users\Kevin\Desktop\Numus Disk Builder and Burner.lnk
[2010/07/11 16:37:32 | 037,205,653 | ---- | M] () -- C:\Users\Kevin\Desktop\DiskBuilderBurner.exe

========== Files Created - No Company Name ==========

[2010/10/05 19:08:30 | 000,293,376 | ---- | C] () -- C:\Users\Kevin\Desktop\gmer.exe
[2010/09/25 17:50:45 | 000,000,172 | R--- | C] () -- C:\Users\Kevin\Desktop\Router Login.url
[2010/09/25 17:50:43 | 000,005,887 | ---- | C] () -- C:\Users\Kevin\Desktop\Router_Setup.html
[2010/09/25 17:39:05 | 000,354,784 | ---- | C] () -- C:\Users\Kevin\AppData\Local\dd_vcredistMSI4EB9.txt
[2010/09/25 17:39:04 | 000,012,178 | ---- | C] () -- C:\Users\Kevin\AppData\Local\dd_vcredistUI4EB9.txt
[2010/08/16 21:30:33 | 000,266,397 | ---- | C] () -- C:\Users\Kevin\Desktop\scan0001.pdf
[2010/08/11 20:46:16 | 004,976,113 | ---- | C] () -- C:\Users\Kevin\Desktop\RentalAgreement0001.pdf
[2010/08/01 10:17:03 | 004,325,376 | ---- | C] () -- C:\Users\Kevin\Documents\GTK_Practice_1.accdb
[2010/08/01 09:32:18 | 001,048,576 | ---- | C] () -- C:\Users\Kevin\Documents\Contact management database.accdb
[2010/08/01 09:32:18 | 000,370,022 | ---- | C] () -- C:\Users\Kevin\Documents\Contacts.accdt
[2010/08/01 09:30:59 | 000,291,837 | ---- | C] () -- C:\Users\Kevin\Documents\VehicleMaintenance.accdt
[2010/08/01 09:30:58 | 000,794,624 | ---- | C] () -- C:\Users\Kevin\Documents\Vehicle maintenance.accdb
[2010/07/30 16:24:06 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/07/26 20:07:22 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/26 19:37:47 | 000,010,618 | ---- | C] () -- C:\Users\Kevin\AppData\Local\dd_vcredistUI0B79.txt
[2010/07/26 19:37:46 | 000,363,648 | ---- | C] () -- C:\Users\Kevin\AppData\Local\dd_vcredistMSI0B76.txt
[2010/07/26 19:37:46 | 000,011,142 | ---- | C] () -- C:\Users\Kevin\AppData\Local\dd_vcredistUI0B76.txt
[2010/07/26 17:27:06 | 001,650,877 | ---- | C] () -- C:\Users\Kevin\Desktop\Orders_ID0001.pdf
[2010/07/25 19:35:00 | 000,001,641 | ---- | C] () -- C:\Users\Kevin\Desktop\Computer.lnk
[2010/07/25 19:33:19 | 000,000,000 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Fgocopevoganid.bin
[2010/07/25 19:33:18 | 000,000,120 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Nnawavarow.dat
[2010/07/25 19:05:39 | 000,046,592 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\d93bcd1b.exe
[2010/07/12 21:28:08 | 000,848,503 | ---- | C] () -- C:\Users\Kevin\Desktop\Inspection Notice0001.pdf
[2010/07/11 19:07:56 | 000,010,382 | ---- | C] () -- C:\Users\Kevin\Desktop\Download area.docx
[2010/07/11 16:50:53 | 198,555,648 | ---- | C] () -- C:\Users\Kevin\Documents\Recovery Disk.iso
[2010/07/11 16:37:52 | 000,001,038 | ---- | C] () -- C:\Users\Kevin\Desktop\Numus Disk Builder and Burner.lnk
[2010/07/11 16:35:29 | 037,205,653 | ---- | C] () -- C:\Users\Kevin\Desktop\DiskBuilderBurner.exe
[2010/07/05 14:10:30 | 005,895,037 | ---- | C] () -- C:\Users\Kevin\AppData\Local\tmpIMG_0235.JPG
[2010/06/06 15:16:26 | 000,029,216 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\UserTile.png
[2010/05/21 15:50:49 | 000,001,240 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/13 14:11:02 | 000,000,358 | ---- | C] () -- C:\Users\Kevin\AppData\Local\RAExpertHistory.xml
[2009/12/03 17:56:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 17:55:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/19 19:44:47 | 000,000,000 | ---- | C] () -- C:\Users\Kevin\AppData\Local\FnF4.txt
[2009/06/11 21:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009/06/11 21:22:12 | 000,425,474 | ---- | C] () -- C:\Users\Kevin\AppData\Local\dd_vcredistMSI38DD.txt
[2009/06/11 21:22:12 | 000,011,446 | ---- | C] () -- C:\Users\Kevin\AppData\Local\dd_vcredistUI38DD.txt
[2009/05/11 06:12:38 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2009/05/06 20:09:59 | 000,033,792 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 17:22:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/06 16:42:36 | 000,000,000 | ---- | C] () -- C:\Users\Kevin\AppData\Local\QSwitch.txt
[2009/05/06 16:42:36 | 000,000,000 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DSwitch.txt
[2009/05/06 16:42:36 | 000,000,000 | ---- | C] () -- C:\Users\Kevin\AppData\Local\AtStart.txt
[2009/02/23 02:58:48 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/02/23 02:58:40 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/02/23 02:58:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/02/23 02:57:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/02/23 02:56:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/18 17:45:24 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/18 17:39:59 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/18 17:38:17 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/18 17:36:58 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/18 16:46:31 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/06/05 07:08:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/05 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Dropbox
[2010/08/20 18:57:34 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\E94C761805E209450A4782A0A4018621
[2009/06/11 21:26:44 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\EDrawings
[2010/08/03 19:53:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GARMIN
[2010/05/21 16:06:24 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Image Zone Express
[2010/01/16 16:27:04 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\InfraRecorder
[2010/07/11 16:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NumusDiskBuilder
[2010/06/06 15:16:26 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\PeerNetworking
[2009/06/11 20:10:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\PGP
[2010/05/21 16:03:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Printer Info Cache
[2009/05/18 19:45:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Scilab
[2010/07/18 08:23:54 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Softland
[2010/10/05 18:45:00 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/05 18:46:08 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/10/05 18:46:07 | 212,090,879 | -HS- | M] () -- C:\pagefile.sys
[2010/07/28 16:23:47 | 000,057,650 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_28.07.2010_16.23.02_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP