I have had suspicion over the past few days that something had gotten onto my computer. I ran Avira AntiVirus and low and behold Hiloti.3.613 popped up. The problem is it popped up once during the scan, and then repeatedly over and over again, many many times. I could not deny access or delete, so Avira finally put the file into quarantine.
Virus or unwanted program 'TR/Hiloti.3.613 [trojan]'
detected in file 'C:\WINDOWS\towstair.dll.
The file 'C:\WINDOWS\towstair.dll'
contained a virus or unwanted program 'TR/Hiloti.3.613' [trojan]
Action(s) taken:
An error has occurred and the file was not deleted. ErrorID: 26003.
The file could not be deleted!
Attempting to perform action using the ARK library.
The file was moved to '4d490a5a.qua'!
After searching google for more information on Hiloti trojan - I read that Malwarebytes is the best tool to remove the trojan. I downloaded the program, and while it found several other problems, Hiloti trojan was not one of them.
Here is the log from Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5039
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/3/2010 9:19:53 PM
mbam-log-2010-11-03 (21-19-53).txt
Scan type: Full scan (C:\|)
Objects scanned: 12157
Time elapsed: 10 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48cc88bf-9525-38d4-c184-1acc05531ad9} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{48cc88bf-9525-38d4-c184-1acc05531ad9} (Trojan.BHO.H) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\omidehibe.dll (Trojan.BHO.H) -> Delete on reboot.
When I restarted the computer I had two Rundll errors pop up. One with regards to towstair.dll and the other to omidehibe.dll
I ran CCleaner and Free Windows Registry Repair to see if that would fix the errors. No such luck.
Under Msconfig Startup I see there are 2 new startup items
(item) towstair (command)rundll32.exe "C:Windows\Startup\towstair.dll",Startup
and
(item) omidehibe (command)rundll32.exe "C:Windows\Startup\omidehibe.dll",Startup
I can uncheck them so the Rundll errors do not pop up at startup, but I don't know if that's the best procedure.
That is the state I left my computer in last night, and when I started my computer today I had an Avira pop up with another warning. When I try to deny access or quarantine - Avira will take the action but the pop-up eventually comes back. Not sure if this is from the new Malwarebytes or registry cleaner software?
Virus or unwanted program 'TR/Drop.Softomat.AN [trojan]'
detected in file 'C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1062\A0247813.dll.
I did run Malwarebytes again, and this Drop.Softomat.AN trojan did not show up in the log.
Attached is my OTL log. Any and all help is appreciated!
OTL logfile created on: 11/4/2010 7:32:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\PellewMffnCakeLvr\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 344.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.70 Gb Free Space | 17.36% Space Free | Partition Type: NTFS
Computer Name: ILUVATAR | User Name: PellewMffnCakeLvr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/11/04 19:24:43 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OTL.exe
PRC - [2010/04/03 11:33:12 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/10 13:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/04 12:53:00 | 000,132,656 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2007/06/04 12:52:20 | 001,197,616 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/02/02 08:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 16:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
========== Modules (SafeList) ==========
MOD - [2010/11/04 19:24:43 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/02/02 08:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/28 16:45:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/10 13:23:50 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/10 13:23:42 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/11/10 13:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/04 12:52:20 | 001,197,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rasirda.sys -- (Rasirda) WAN Miniport (IrDA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\PELLEW~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys -- (pciinfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PELLEW~1\LOCALS~1\Temp\bDMusicb.sys -- (bDMusicb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTRD.sys -- (Ad-Watch Registry Filter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/01/14 16:01:29 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/25 01:23:41 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 14:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 20:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/04 12:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/22 10:39:44 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 10:39:42 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 10:39:40 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 12:14:52 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 12:14:52 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 05:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/02 07:58:58 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/11 19:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/06/28 06:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 10:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 14:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 2F 2F FF 2E 84 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.5
FF - prefs.js..extensions.enabledItems: {EF7406F7-18A0-4399-A694-5BDFE609582D}:1.9.1
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{EF7406F7-18A0-4399-A694-5BDFE609582D}: C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\{EF7406F7-18A0-4399-A694-5BDFE609582D} [2010/10/29 01:07:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 11:33:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 00:14:32 | 000,000,000 | ---D | M]
[2010/01/06 21:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Extensions
[2010/01/06 21:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Extensions\[email protected]
[2009/10/10 21:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\cuipi1z3.minkju053\extensions
[2010/03/26 00:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\nkyevssj.withjulie\extensions
[2010/11/01 22:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions
[2009/08/05 15:19:38 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/09/29 17:40:31 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/07/25 19:20:58 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
[2010/09/21 09:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2010/07/25 19:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/27 01:24:39 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/07/26 17:24:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/25 19:20:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/08/05 14:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\[email protected]
[2009/04/12 15:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\morningCoffee@shaneliesegang
[2010/07/17 13:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mozilla\Firefox\Profiles\sy2c1hn7.default\extensions\[email protected]
[2010/11/01 22:19:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/25 12:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/02 22:08:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5bdfefe0-760c-11de-8aa9-0014a5293452}\Shell - "" = AutoRun
O33 - MountPoints2\{5bdfefe0-760c-11de-8aa9-0014a5293452}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b3dbbe5-ef0a-11dc-87a3-0014a5293452}\Shell\AutoRun\command - "" = F:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\{b647864e-7de8-11de-8ab6-0014a5293452}\Shell - "" = AutoRun
O33 - MountPoints2\{b647864e-7de8-11de-8ab6-0014a5293452}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/04 19:24:38 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OTL.exe
[2010/11/04 15:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\cmoa films
[2010/11/04 01:16:00 | 009,705,656 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\SUPERAntiSpyware.exe
[2010/11/04 01:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/11/04 00:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2010/11/04 00:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegInOut
[2010/11/03 23:53:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\Recent
[2010/11/03 21:03:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/03 21:03:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/29 01:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\{EF7406F7-18A0-4399-A694-5BDFE609582D}
[2010/10/26 13:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\SanDisk
[2010/10/23 21:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Any Audio Converter
[2010/10/23 00:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Any Video Converter
[2010/10/22 23:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\acorn king
[2010/10/14 20:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\facebook-142100337
[2010/10/06 00:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\QI
[1 C:\Documents and Settings\PellewMffnCakeLvr\Desktop\*.tmp files -> C:\Documents and Settings\PellewMffnCakeLvr\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/04 19:33:00 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4231050008-2816408000-3767758718-1006UA.job
[2010/11/04 19:24:43 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OTL.exe
[2010/11/04 18:33:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4231050008-2816408000-3767758718-1006Core.job
[2010/11/04 17:14:08 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7C7D538B-9426-4A72-B746-E51D3A36F01C}.job
[2010/11/04 16:52:25 | 000,107,452 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Account+Application+Form+-+Migrants.pdf
[2010/11/04 15:04:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/04 15:04:01 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/04 13:14:28 | 000,110,852 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Car%20buying%20Checklist.pdf
[2010/11/04 01:16:29 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\SUPERAntiSpyware.exe
[2010/11/04 01:15:14 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/04 01:05:53 | 000,798,000 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\RegpairSetup.exe
[2010/11/04 00:53:17 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\RegInOut Scheduled Scan - PellewMffnCakeLvr.job
[2010/11/03 21:48:41 | 058,025,396 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\avira_antivir_personal_en.zip
[2010/11/03 11:57:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xjiqazob.dat
[2010/11/03 00:32:58 | 000,157,184 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 00:32:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pcuvibug.bin
[2010/11/01 23:16:21 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\monthly-budget.doc
[2010/11/01 23:11:47 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\BUDGET.doc
[2010/11/01 22:22:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/01 21:18:45 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\Desktop\all stuff.doc
[2010/11/01 19:52:57 | 000,088,267 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ir595.pdf
[2010/10/31 22:03:26 | 001,812,278 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\2010%20%20Bus%20timetable%20WEB%20Version.pdf
[2010/10/31 22:01:51 | 000,138,398 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Zone_Map.png
[2010/10/31 21:47:01 | 000,123,307 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\BankAuthorityForm.pdf
[2010/10/31 20:36:08 | 000,775,793 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Parking-Where-You-Can-Park-September-2010.pdf
[2010/10/31 19:25:16 | 000,041,463 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\HRTrainingApplnForm2010.pdf
[2010/10/31 19:21:54 | 001,099,598 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ANZWorkBrochure.pdf
[2010/10/31 19:21:39 | 000,117,894 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ANZMigrantBankingPackage.pdf
[2010/10/31 19:21:08 | 000,117,533 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OtagoUniDunedinCampus.pdf
[2010/10/31 19:20:33 | 000,668,806 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\otago000718.pdf
[2010/10/30 18:53:27 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\item.doc
[2010/10/30 16:17:55 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/10/30 16:17:55 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/10/30 01:36:27 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\J.doc
[2010/10/28 00:21:05 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/10/28 00:21:05 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2010/10/28 00:21:04 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2010/10/27 22:34:42 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop.lnk
[2010/10/27 01:31:17 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\done.doc
[2010/10/26 22:55:36 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\~$done.doc
[2010/10/26 14:08:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/10/25 15:22:48 | 000,170,886 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ChefCard_Interactive.pdf
[2010/10/19 23:39:52 | 000,142,848 | ---- | M] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\oct 10 notes.doc
[2010/10/14 23:31:12 | 001,603,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/08 18:15:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\PellewMffnCakeLvr\Desktop\*.tmp files -> C:\Documents and Settings\PellewMffnCakeLvr\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/04 16:52:25 | 000,107,452 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Account+Application+Form+-+Migrants.pdf
[2010/11/04 13:14:28 | 000,110,852 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Car%20buying%20Checklist.pdf
[2010/11/04 01:05:52 | 000,798,000 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\RegpairSetup.exe
[2010/11/04 00:53:17 | 000,000,356 | ---- | C] () -- C:\WINDOWS\tasks\RegInOut Scheduled Scan - PellewMffnCakeLvr.job
[2010/11/03 23:25:57 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/03 21:39:39 | 058,025,396 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\avira_antivir_personal_en.zip
[2010/11/01 23:15:21 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\monthly-budget.doc
[2010/11/01 23:11:46 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\BUDGET.doc
[2010/11/01 21:18:45 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Desktop\all stuff.doc
[2010/10/31 22:03:26 | 001,812,278 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\2010%20%20Bus%20timetable%20WEB%20Version.pdf
[2010/10/31 22:01:49 | 000,138,398 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Zone_Map.png
[2010/10/31 21:47:01 | 000,123,307 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\BankAuthorityForm.pdf
[2010/10/31 20:36:08 | 000,775,793 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\Parking-Where-You-Can-Park-September-2010.pdf
[2010/10/31 19:25:16 | 000,041,463 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\HRTrainingApplnForm2010.pdf
[2010/10/31 19:21:54 | 001,099,598 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ANZWorkBrochure.pdf
[2010/10/31 19:21:39 | 000,117,894 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ANZMigrantBankingPackage.pdf
[2010/10/31 19:21:08 | 000,117,533 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\OtagoUniDunedinCampus.pdf
[2010/10/31 19:20:33 | 000,668,806 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\otago000718.pdf
[2010/10/30 18:53:26 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\item.doc
[2010/10/30 01:36:26 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\J.doc
[2010/10/29 01:07:31 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xjiqazob.dat
[2010/10/29 01:07:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pcuvibug.bin
[2010/10/26 22:55:36 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\~$done.doc
[2010/10/26 22:55:33 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\done.doc
[2010/10/26 14:08:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/10/25 15:22:48 | 000,170,886 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ChefCard_Interactive.pdf
[2010/10/20 22:34:37 | 000,088,267 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\ir595.pdf
[2010/10/09 00:33:16 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\My Documents\oct 10 notes.doc
[2010/03/14 15:03:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/10/05 21:12:20 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\$_hpcst$.hpc
[2009/09/23 21:01:03 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/21 21:34:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/05/21 21:34:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/05/21 21:34:37 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/05/21 21:34:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/05/21 21:34:36 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/05/21 21:34:35 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2008/08/07 21:18:44 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2007/11/29 23:05:53 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/02 11:46:32 | 000,153,840 | ---- | C] () -- C:\WINDOWS\System32\ARThumb.dll
[2007/04/07 01:00:34 | 000,002,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 16:04:46 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\fusioncache.dat
[2006/11/10 16:38:34 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\.zreglib
[2006/05/17 06:02:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Antarcti.ini
[2006/03/11 06:53:24 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/12/23 00:16:53 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS43.DLL
[2005/12/15 20:16:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\wklnhst.dat
[2005/12/04 18:53:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BMUpdate.ini
[2005/12/04 18:49:48 | 000,001,318 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/12/04 18:49:48 | 000,000,020 | ---- | C] () -- C:\WINDOWS\calera.ini
[2005/12/04 18:49:38 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2005/12/04 18:49:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2005/12/04 18:49:38 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2005/12/04 18:49:10 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2005/12/04 00:57:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/12/02 00:47:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/26 20:53:48 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\PellewMffnCakeLvr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/12 00:02:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/12 00:02:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/12 00:02:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/12 00:02:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/12 00:02:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/12 00:02:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/11 23:49:08 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/13 15:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/08/06 05:33:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2008/05/23 17:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2009/03/20 20:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/05/26 14:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2010/02/28 17:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/11/22 15:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/05/21 21:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2005/05/12 00:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/11/04 01:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2007/09/02 13:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2008/01/06 17:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiComponents
[2010/07/11 14:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Ambient Design
[2010/07/25 16:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\AnvSoft
[2010/10/31 23:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Any Video Converter
[2010/07/25 19:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Audacity
[2007/01/28 15:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\BitTorrent
[2008/06/20 19:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\CoreFTP
[2008/08/12 18:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\DeepBurner
[2009/05/17 11:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Dropbox
[2010/10/31 23:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\FileZilla
[2009/10/10 00:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\FMZilla
[2005/11/28 23:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\InterVideo
[2005/11/28 22:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Leadertech
[2007/01/21 01:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\MayaWebBrowser
[2008/09/07 17:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Mp3tag
[2008/03/06 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\MPEG Streamclip
[2006/01/15 22:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\MSNInstaller
[2005/12/04 00:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\muvee Technologies
[2010/06/15 19:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Opera
[2010/06/27 14:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\OverDrive
[2010/10/26 13:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\SanDisk
[2006/11/10 16:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\SlySoft
[2009/07/28 17:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\stickies
[2009/10/17 01:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\StreamTorrent
[2005/12/15 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Template
[2007/01/24 18:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\uk.co.planetside
[2008/04/24 13:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\Uniblue
[2010/11/01 22:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PellewMffnCakeLvr\Application Data\uTorrent
[2010/11/04 00:53:17 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\RegInOut Scheduled Scan - PellewMffnCakeLvr.job
[2010/11/04 17:14:08 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7C7D538B-9426-4A72-B746-E51D3A36F01C}.job
========== Purity Check ==========
< End of report >