Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hiloti, BHO.H, and Drop Softomat.AN trojan help


  • Please log in to reply

#1
moribug

moribug

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I have had suspicion over the past few days that something had gotten onto my computer. I ran Avira AntiVirus and low and behold Hiloti.3.613 popped up. The problem is it popped up once during the scan, and then repeatedly over and over again, many many times. I could not deny access or delete, so Avira finally put the file into quarantine.

Virus or unwanted program 'TR/Hiloti.3.613 [trojan]'
detected in file 'C:\WINDOWS\towstair.dll.

The file 'C:\WINDOWS\towstair.dll'
contained a virus or unwanted program 'TR/Hiloti.3.613' [trojan]
Action(s) taken:
An error has occurred and the file was not deleted. ErrorID: 26003.
The file could not be deleted!
Attempting to perform action using the ARK library.
The file was moved to '4d490a5a.qua'!


After searching google for more information on Hiloti trojan - I read that Malwarebytes is the best tool to remove the trojan. I downloaded the program, and while it found several other problems, Hiloti trojan was not one of them.
Here is the log from Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5039

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/3/2010 9:19:53 PM
mbam-log-2010-11-03 (21-19-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 12157
Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48cc88bf-9525-38d4-c184-1acc05531ad9} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{48cc88bf-9525-38d4-c184-1acc05531ad9} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\omidehibe.dll (Trojan.BHO.H) -> Delete on reboot.



When I restarted the computer I had two Rundll errors pop up. One with regards to towstair.dll and the other to omidehibe.dll
I ran CCleaner and Free Windows Registry Repair to see if that would fix the errors. No such luck.
Under Msconfig Startup I see there are 2 new startup items

(item) towstair (command)rundll32.exe "C:Windows\Startup\towstair.dll",Startup
and
(item) omidehibe (command)rundll32.exe "C:Windows\Startup\omidehibe.dll",Startup

I can uncheck them so the Rundll errors do not pop up at startup, but I don't know if that's the best procedure.


That is the state I left my computer in last night, and when I started my computer today I had an Avira pop up with another warning. When I try to deny access or quarantine - Avira will take the action but the pop-up eventually comes back. Not sure if this is from the new Malwarebytes or registry cleaner software?

Virus or unwanted program 'TR/Drop.Softomat.AN [trojan]'
detected in file 'C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1062\A0247813.dll.


I did run Malwarebytes again, and this Drop.Softomat.AN trojan did not show up in the log.
Attached is my OTL log. Any and all help is appreciated!




OTL logfile created on: 11/4/2010 7:32:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\PellewMffnCakeLvr\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 344.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.70 Gb Free Space | 17.36% Space Free | Partition Type: NTFS

Computer Name: ILUVATAR | User Name: PellewMffnCakeLvr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/04 19:24:43 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OTL.exe
PRC - [2010/04/03 11:33:12 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/10 13:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/04 12:53:00 | 000,132,656 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2007/06/04 12:52:20 | 001,197,616 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/02/02 08:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 16:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/04 19:24:43 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/02/02 08:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/28 16:45:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/10 13:23:50 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/10 13:23:42 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/11/10 13:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/04 12:52:20 | 001,197,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rasirda.sys -- (Rasirda) WAN Miniport (IrDA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\PELLEW~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys -- (pciinfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PELLEW~1\LOCALS~1\Temp\bDMusicb.sys -- (bDMusicb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTRD.sys -- (Ad-Watch Registry Filter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/01/14 16:01:29 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/25 01:23:41 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 14:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 20:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/04 12:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/22 10:39:44 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 10:39:42 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 10:39:40 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 12:14:52 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 12:14:52 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 05:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/02 07:58:58 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/11 19:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/06/28 06:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 10:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 14:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 2F 2F FF 2E 84 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.5
FF - prefs.js..extensions.enabledItems: {EF7406F7-18A0-4399-A694-5BDFE609582D}:1.9.1
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{EF7406F7-18A0-4399-A694-5BDFE609582D}: C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\{EF7406F7-18A0-4399-A694-5BDFE609582D} [2010/10/29 01:07:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 11:33:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 00:14:32 | 000,000,000 | ---D | M]

[2010/01/06 21:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Extensions
[2010/01/06 21:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Extensions\[email protected]
[2009/10/10 21:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\cuipi1z3.minkju053\extensions
[2010/03/26 00:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\nkyevssj.withjulie\extensions
[2010/11/01 22:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions
[2009/08/05 15:19:38 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/09/29 17:40:31 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/07/25 19:20:58 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
[2010/09/21 09:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2010/07/25 19:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/27 01:24:39 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/07/26 17:24:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/25 19:20:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/08/05 14:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\[email protected]
[2009/04/12 15:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\morningCoffee@shaneliesegang
[2010/07/17 13:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\[email protected]
[2010/11/01 22:19:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/25 12:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/02 22:08:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5bdfefe0-760c-11de-8aa9-0014a5293452}\Shell - "" = AutoRun
O33 - MountPoints2\{5bdfefe0-760c-11de-8aa9-0014a5293452}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b3dbbe5-ef0a-11dc-87a3-0014a5293452}\Shell\AutoRun\command - "" = F:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\{b647864e-7de8-11de-8ab6-0014a5293452}\Shell - "" = AutoRun
O33 - MountPoints2\{b647864e-7de8-11de-8ab6-0014a5293452}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/04 19:24:38 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OTL.exe
[2010/11/04 15:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\cmoa films
[2010/11/04 01:16:00 | 009,705,656 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\SUPERAntiSpyware.exe
[2010/11/04 01:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/11/04 00:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2010/11/04 00:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegInOut
[2010/11/03 23:53:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\Recent
[2010/11/03 21:03:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/03 21:03:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/29 01:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\{EF7406F7-18A0-4399-A694-5BDFE609582D}
[2010/10/26 13:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\SanDisk
[2010/10/23 21:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Any Audio Converter
[2010/10/23 00:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Any Video Converter
[2010/10/22 23:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\acorn king
[2010/10/14 20:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\facebook-142100337
[2010/10/06 00:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\QI
[1 C:\Documents and Settings\PellewMffnCakeLvr\Desktop\*.tmp files -> C:\Documents and Settings\PellewMffnCakeLvr\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/04 19:33:00 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4231050008-2816408000-3767758718-1006UA.job
[2010/11/04 19:24:43 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OTL.exe
[2010/11/04 18:33:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4231050008-2816408000-3767758718-1006Core.job
[2010/11/04 17:14:08 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7C7D538B-9426-4A72-B746-E51D3A36F01C}.job
[2010/11/04 16:52:25 | 000,107,452 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Account+Application+Form+-+Migrants.pdf
[2010/11/04 15:04:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/04 15:04:01 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/04 13:14:28 | 000,110,852 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Car%20buying%20Checklist.pdf
[2010/11/04 01:16:29 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\SUPERAntiSpyware.exe
[2010/11/04 01:15:14 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/04 01:05:53 | 000,798,000 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\RegpairSetup.exe
[2010/11/04 00:53:17 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\RegInOut Scheduled Scan - PellewMffnCakeLvr.job
[2010/11/03 21:48:41 | 058,025,396 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\avira_antivir_personal_en.zip
[2010/11/03 11:57:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xjiqazob.dat
[2010/11/03 00:32:58 | 000,157,184 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 00:32:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pcuvibug.bin
[2010/11/01 23:16:21 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\monthly-budget.doc
[2010/11/01 23:11:47 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\BUDGET.doc
[2010/11/01 22:22:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/01 21:18:45 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\Desktop\all stuff.doc
[2010/11/01 19:52:57 | 000,088,267 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ir595.pdf
[2010/10/31 22:03:26 | 001,812,278 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\2010%20%20Bus%20timetable%20WEB%20Version.pdf
[2010/10/31 22:01:51 | 000,138,398 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Zone_Map.png
[2010/10/31 21:47:01 | 000,123,307 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\BankAuthorityForm.pdf
[2010/10/31 20:36:08 | 000,775,793 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Parking-Where-You-Can-Park-September-2010.pdf
[2010/10/31 19:25:16 | 000,041,463 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\HRTrainingApplnForm2010.pdf
[2010/10/31 19:21:54 | 001,099,598 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ANZWorkBrochure.pdf
[2010/10/31 19:21:39 | 000,117,894 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ANZMigrantBankingPackage.pdf
[2010/10/31 19:21:08 | 000,117,533 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OtagoUniDunedinCampus.pdf
[2010/10/31 19:20:33 | 000,668,806 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\otago000718.pdf
[2010/10/30 18:53:27 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\item.doc
[2010/10/30 16:17:55 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/10/30 16:17:55 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/10/30 01:36:27 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\J.doc
[2010/10/28 00:21:05 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/10/28 00:21:05 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2010/10/28 00:21:04 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2010/10/27 22:34:42 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop.lnk
[2010/10/27 01:31:17 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\done.doc
[2010/10/26 22:55:36 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\~$done.doc
[2010/10/26 14:08:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/10/25 15:22:48 | 000,170,886 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ChefCard_Interactive.pdf
[2010/10/19 23:39:52 | 000,142,848 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\oct 10 notes.doc
[2010/10/14 23:31:12 | 001,603,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/08 18:15:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\PellewMffnCakeLvr\Desktop\*.tmp files -> C:\Documents and Settings\PellewMffnCakeLvr\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/04 16:52:25 | 000,107,452 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Account+Application+Form+-+Migrants.pdf
[2010/11/04 13:14:28 | 000,110,852 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Car%20buying%20Checklist.pdf
[2010/11/04 01:05:52 | 000,798,000 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\RegpairSetup.exe
[2010/11/04 00:53:17 | 000,000,356 | ---- | C] () -- C:\WINDOWS\tasks\RegInOut Scheduled Scan - PellewMffnCakeLvr.job
[2010/11/03 23:25:57 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/03 21:39:39 | 058,025,396 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\avira_antivir_personal_en.zip
[2010/11/01 23:15:21 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\monthly-budget.doc
[2010/11/01 23:11:46 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\BUDGET.doc
[2010/11/01 21:18:45 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Desktop\all stuff.doc
[2010/10/31 22:03:26 | 001,812,278 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\2010%20%20Bus%20timetable%20WEB%20Version.pdf
[2010/10/31 22:01:49 | 000,138,398 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Zone_Map.png
[2010/10/31 21:47:01 | 000,123,307 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\BankAuthorityForm.pdf
[2010/10/31 20:36:08 | 000,775,793 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Parking-Where-You-Can-Park-September-2010.pdf
[2010/10/31 19:25:16 | 000,041,463 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\HRTrainingApplnForm2010.pdf
[2010/10/31 19:21:54 | 001,099,598 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ANZWorkBrochure.pdf
[2010/10/31 19:21:39 | 000,117,894 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ANZMigrantBankingPackage.pdf
[2010/10/31 19:21:08 | 000,117,533 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OtagoUniDunedinCampus.pdf
[2010/10/31 19:20:33 | 000,668,806 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\otago000718.pdf
[2010/10/30 18:53:26 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\item.doc
[2010/10/30 01:36:26 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\J.doc
[2010/10/29 01:07:31 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xjiqazob.dat
[2010/10/29 01:07:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pcuvibug.bin
[2010/10/26 22:55:36 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\~$done.doc
[2010/10/26 22:55:33 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\done.doc
[2010/10/26 14:08:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/10/25 15:22:48 | 000,170,886 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ChefCard_Interactive.pdf
[2010/10/20 22:34:37 | 000,088,267 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ir595.pdf
[2010/10/09 00:33:16 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\oct 10 notes.doc
[2010/03/14 15:03:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/10/05 21:12:20 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\$_hpcst$.hpc
[2009/09/23 21:01:03 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/21 21:34:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/05/21 21:34:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/05/21 21:34:37 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/05/21 21:34:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/05/21 21:34:36 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/05/21 21:34:35 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2008/08/07 21:18:44 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2007/11/29 23:05:53 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/02 11:46:32 | 000,153,840 | ---- | C] () -- C:\WINDOWS\System32\ARThumb.dll
[2007/04/07 01:00:34 | 000,002,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 16:04:46 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\fusioncache.dat
[2006/11/10 16:38:34 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\.zreglib
[2006/05/17 06:02:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Antarcti.ini
[2006/03/11 06:53:24 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/12/23 00:16:53 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS43.DLL
[2005/12/15 20:16:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\wklnhst.dat
[2005/12/04 18:53:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BMUpdate.ini
[2005/12/04 18:49:48 | 000,001,318 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/12/04 18:49:48 | 000,000,020 | ---- | C] () -- C:\WINDOWS\calera.ini
[2005/12/04 18:49:38 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2005/12/04 18:49:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2005/12/04 18:49:38 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2005/12/04 18:49:10 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2005/12/04 00:57:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/12/02 00:47:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/26 20:53:48 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/12 00:02:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/12 00:02:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/12 00:02:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/12 00:02:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/12 00:02:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/12 00:02:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/11 23:49:08 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/13 15:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/08/06 05:33:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/05/23 17:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2009/03/20 20:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/05/26 14:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2010/02/28 17:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/11/22 15:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/05/21 21:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2005/05/12 00:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/11/04 01:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2007/09/02 13:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2008/01/06 17:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiComponents
[2010/07/11 14:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Ambient Design
[2010/07/25 16:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\AnvSoft
[2010/10/31 23:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Any Video Converter
[2010/07/25 19:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Audacity
[2007/01/28 15:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\BitTorrent
[2008/06/20 19:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\CoreFTP
[2008/08/12 18:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\DeepBurner
[2009/05/17 11:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Dropbox
[2010/10/31 23:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\FileZilla
[2009/10/10 00:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\FMZilla
[2005/11/28 23:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\InterVideo
[2005/11/28 22:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Leadertech
[2007/01/21 01:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\MayaWebBrowser
[2008/09/07 17:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mp3tag
[2008/03/06 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\MPEG Streamclip
[2006/01/15 22:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\MSNInstaller
[2005/12/04 00:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\muvee Technologies
[2010/06/15 19:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Opera
[2010/06/27 14:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\OverDrive
[2010/10/26 13:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\SanDisk
[2006/11/10 16:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\SlySoft
[2009/07/28 17:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\stickies
[2009/10/17 01:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\StreamTorrent
[2005/12/15 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Template
[2007/01/24 18:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\uk.co.planetside
[2008/04/24 13:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Uniblue
[2010/11/01 22:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\uTorrent
[2010/11/04 00:53:17 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\RegInOut Scheduled Scan - PellewMffnCakeLvr.job
[2010/11/04 17:14:08 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7C7D538B-9426-4A72-B746-E51D3A36F01C}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP