Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

redirect / hijack + more


  • Please log in to reply

#1
bobbydigital450

bobbydigital450

    New Member

  • Member
  • Pip
  • 8 posts
Hello,

Windows xp.
firefox.
After about 20 minutes from start up i'll start getting right click open link in new tab redirects.
30 min to a hr my task bar theme will partially switch from xp to classic mode. After awhile it will completely switch to classic.
By this point, it wont close browser windows, the computer locks up and I have to manually turn the computer off using the power button.

Any help would be aprreciated

Rob
  • 0

Advertisements


#2
bobbydigital450

bobbydigital450

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
here is my OTL LOG


OTL logfile created on: 11/2/2010 12:22:08 AM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\bobby 2 heads\Desktop\virus fix
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 24.95 Gb Free Space | 16.74% Space Free | Partition Type: NTFS

Computer Name: BOBBY | User Name: bobby 2 heads | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/02 00:15:14 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Local Settings\temp\dwm.exe
PRC - [2010/11/02 00:14:59 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Application Data\Microsoft\Windows\shell.exe
PRC - [2010/11/02 00:12:43 | 000,104,960 | ---- | M] () -- C:\Program Files\Internet Explorer\svchost.exe
PRC - [2010/10/26 01:42:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\virus fix\OTL.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2008/12/18 16:56:02 | 000,188,712 | ---- | M] () -- C:\Program Files\MOTU\Audio\MFWAKeys.exe
PRC - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/23 02:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcccoms.exe
PRC - [2005/02/21 06:21:18 | 000,192,512 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3300 Series\lxccmon.exe
PRC - [2004/01/12 14:29:28 | 000,102,400 | ---- | M] (Wild Tangent) -- C:\Program Files\AIM\AIMWDInstall.exe


========== Modules (SafeList) ==========

MOD - [2010/10/26 01:42:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\virus fix\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/12/18 16:56:36 | 000,023,600 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motubus.sys -- (motubus)
DRV - [2008/12/18 16:56:30 | 000,026,160 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfwamidi.sys -- (mfwamidi)
DRV - [2008/12/18 16:56:24 | 000,445,488 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motufwa.sys -- (MotuFWA)
DRV - [2008/12/18 16:56:22 | 000,069,680 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfwawave.sys -- (mfwawave)
DRV - [2007/12/20 21:53:20 | 002,843,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/05 17:31:30 | 004,611,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/07 21:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/21 05:30:00 | 000,547,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/16 23:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/01 22:43:02 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/09 22:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/17 13:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 03:26:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 03:26:52 | 000,000,000 | ---D | M]

[2010/05/10 01:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\Mozilla\Extensions
[2010/10/26 01:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\Mozilla\Firefox\Profiles\41ur5ado.default\extensions
[2010/09/25 01:02:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bobby 2 heads\Application Data\Mozilla\Firefox\Profiles\41ur5ado.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/25 01:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\Mozilla\Firefox\Profiles\41ur5ado.default\extensions\[email protected]
[2010/10/25 23:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/10 01:02:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/06 23:32:48 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/10 02:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/21 00:07:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe (Wild Tangent)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [svchost] C:\Documents and Settings\bobby 2 heads\Application Data\Microsoft\svchost.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\BOBBY2~1\LOCALS~1\Temp\dwm.exe) - C:\Documents and Settings\bobby 2 heads\Local Settings\temp\dwm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201222168595 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\bobby 2 heads\Application Data\Microsoft\Windows\shell.exe) - C:\Documents and Settings\bobby 2 heads\Application Data\Microsoft\Windows\shell.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/24 04:21:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 00:12:43 | 000,000,000 | ---D | C] -- C:\Microsoft
[2010/10/23 20:07:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/21 00:07:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/21 00:04:23 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\OTM.exe
[2010/10/17 22:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/16 23:45:08 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/16 23:45:08 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/16 23:44:50 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

========== Files - Modified Within 30 Days ==========

[2010/11/02 00:18:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/11/02 00:14:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/02 00:14:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/11/02 00:05:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1284227242-839522115-1003UA.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/01 22:02:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/29 01:05:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1284227242-839522115-1003Core.job
[2010/10/28 12:52:10 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/28 12:04:31 | 000,187,392 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/21 00:04:30 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\OTM.exe
[2010/10/17 14:51:01 | 000,013,590 | ---- | M] () -- C:\WINDOWS\System32\235.js
[2010/10/17 13:19:22 | 000,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/17 13:17:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/17 13:09:26 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/17 13:09:26 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/12 22:01:32 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/12 05:32:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/10/12 03:31:53 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\what.rtf
[2010/10/06 17:17:41 | 000,347,533 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\sept pay checks Rob VaLeu.zip
[2010/10/06 05:28:54 | 002,213,138 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\home away from home w lyrics.mp3

========== Files Created - No Company Name ==========

[2010/11/02 00:12:47 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/11/02 00:12:47 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/11/02 00:12:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/11/02 00:12:43 | 000,537,600 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\hotfix.exe
[2010/11/02 00:12:43 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dkfjasdfshd.bat
[2010/10/17 14:51:01 | 000,013,590 | ---- | C] () -- C:\WINDOWS\System32\235.js
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/12 05:27:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/12 05:27:36 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/12 03:31:52 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\what.rtf
[2010/10/06 17:17:41 | 000,347,533 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\sept pay checks Rob VaLeu.zip
[2010/09/14 03:11:50 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/30 19:40:51 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010/08/27 15:23:19 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/24 13:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 13:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 13:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 13:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 13:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 13:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 13:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 13:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 13:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 13:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 13:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 13:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 13:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 13:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 13:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 13:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 13:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 14:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 14:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 14:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 14:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 14:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 14:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 14:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 14:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 14:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 14:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/02/12 01:58:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\housecall.guid.cache
[2009/12/20 19:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/09/04 12:34:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/07 10:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/28 03:13:51 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/01/28 03:13:51 | 000,000,866 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/01/28 03:05:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/01/10 16:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/03 23:47:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Application Data\$_hpcst$.hpc
[2008/02/28 06:40:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/02/04 05:47:50 | 000,187,392 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/24 20:13:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2008/01/23 20:14:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/13 03:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2006/07/13 08:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2004/03/03 06:06:00 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2002/05/03 16:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP