Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My PC may be hijacked

Started by Billy H , Nov 30 2010 06:22 PM

  • Please log in to reply

#1
Billy H
Posted 30 November 2010 - 06:22 PM

Billy H

    Member

  • Member
  • PipPip
  • 11 posts
Hi,
I was infected by a win32 trojan a couple of months back but i was able to disinfected with my av (Kaspersky)which i bought after using the free av without any successful attempts. After disinfection, i ran hijacked this and i noticed some of the dll and exe where labeled as unknown in my windows folder. Well, i never did anything about till now because i think hackers still have access to my pc. Please help. Here is the OTL log below:


OTL logfile created on: 12/1/2010 10:48:40 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\haglelgam\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 134.35 Gb Total Space | 3.78 Gb Free Space | 2.82% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 2.89 Gb Free Space | 96.48% Space Free | Partition Type: NTFS

Computer Name: BUW-PC | User Name: haglelgam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/01 10:44:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\haglelgam\Desktop\OTL.exe
PRC - [2010/11/22 13:32:50 | 000,304,272 | ---- | M] (YL Software) -- C:\Program Files (x86)\WinUtilities\ToolMemoryOptimizer.exe
PRC - [2010/11/01 13:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\haglelgam\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/14 08:33:03 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/13 08:05:16 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/01/14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/12/01 10:44:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\haglelgam\Desktop\OTL.exe
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFWAH.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/11/18 20:19:28 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/11/17 19:22:44 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/11/17 07:29:18 | 000,032,768 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 03:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2010/10/13 08:05:16 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/09/22 20:56:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/06/17 10:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/04/10 22:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/29 20:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/10/13 08:05:15 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/18 22:08:26 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/01/14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010/01/14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/01/14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/30 16:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/03/19 16:02:00 | 000,311,296 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2009/03/06 06:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/12/02 14:01:42 | 000,068,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/11/18 20:19:28 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/11/17 07:29:18 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/11/17 07:29:14 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/10/07 08:08:20 | 008,036,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/07/24 10:03:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 13:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF DD 20 F9 22 55 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\HyperCam Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6
FF - prefs.js..keyword.URL: "http://www.bigseekpr...5A8A273DAC}?q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/09 15:22:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/09 15:22:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/10/12 16:54:50 | 000,000,000 | ---D | M]

[2010/02/14 14:50:51 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\Mozilla\Extensions
[2010/11/29 09:24:28 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\Mozilla\Firefox\Profiles\s60zv90f.default\extensions
[2010/09/03 16:03:13 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\haglelgam\AppData\Roaming\Mozilla\Firefox\Profiles\s60zv90f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/07/22 17:14:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\haglelgam\AppData\Roaming\Mozilla\Firefox\Profiles\s60zv90f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/22 17:14:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\haglelgam\AppData\Roaming\Mozilla\Firefox\Profiles\s60zv90f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/20 12:45:43 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\haglelgam\AppData\Roaming\Mozilla\Firefox\Profiles\s60zv90f.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010/09/12 11:26:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\haglelgam\AppData\Roaming\Mozilla\Firefox\Profiles\s60zv90f.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/03/02 10:01:04 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\haglelgam\AppData\Roaming\Mozilla\Firefox\Profiles\s60zv90f.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/11/09 15:23:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/28 13:03:33 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - Disabled:{FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.209.10.20 10.209.10.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\haglelgam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\haglelgam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{90981302-f02d-11df-b9eb-0023ae2c6a71}\Shell - "" = AutoRun
O33 - MountPoints2\{90981302-f02d-11df-b9eb-0023ae2c6a71}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{96f0ca9e-17ad-11df-b1cb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{96f0ca9e-17ad-11df-b1cb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{e6cee092-a4c8-11df-8f0b-0023ae2c6a71}\Shell - "" = AutoRun
O33 - MountPoints2\{e6cee092-a4c8-11df-8f0b-0023ae2c6a71}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 10:47:23 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\haglelgam\Desktop\OTL.exe
[2010/11/30 13:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinUtilities
[2010/11/28 16:57:49 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2010/11/28 16:57:49 | 000,059,880 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2010/11/28 16:57:49 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2010/11/28 16:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire
[2010/11/28 16:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/20 12:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyperCam Toolbar
[2010/11/20 12:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyCam2
[2010/11/13 02:32:08 | 000,000,000 | ---D | C] -- C:\Users\haglelgam\Documents\Excel Applications
[2010/11/12 16:16:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/09 15:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/11/07 23:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/11/04 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/18 22:08:26 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\haglelgam\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 11:07:26 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F3607084-CB3D-4326-BABC-DAEE739B2B5E}.job
[2010/12/01 11:01:27 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/01 11:01:27 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/01 11:00:05 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/12/01 10:59:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1579429555-1184291412-3592344231-1000UA.job
[2010/12/01 10:44:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\haglelgam\Desktop\OTL.exe
[2010/12/01 10:38:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/01 09:38:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/01 09:08:54 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/01 09:08:54 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/01 09:08:54 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/01 09:05:49 | 000,002,657 | ---- | M] () -- C:\Users\haglelgam\Desktop\Office Outlook 2007.lnk
[2010/12/01 09:02:01 | 000,000,047 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.FRE
[2010/12/01 09:01:55 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job
[2010/12/01 09:01:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/30 15:37:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/30 14:00:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/11/30 13:59:04 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1579429555-1184291412-3592344231-1000Core.job
[2010/11/30 13:43:16 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2010/11/30 13:39:29 | 000,002,098 | ---- | M] () -- C:\Users\haglelgam\Desktop\Google Chrome.lnk
[2010/11/30 13:39:29 | 000,002,060 | ---- | M] () -- C:\Users\haglelgam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/30 10:36:37 | 000,220,672 | ---- | M] () -- C:\Users\haglelgam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/28 23:10:17 | 000,012,284 | ---- | M] () -- C:\Users\haglelgam\Documents\MyFirstProgram.xltm
[2010/11/28 17:49:04 | 000,284,744 | ---- | M] () -- C:\Users\haglelgam\Documents\NeoBux Forum_ [Tips] Rentin...pdf
[2010/11/28 16:57:51 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2010/11/28 14:38:43 | 000,112,590 | ---- | M] () -- C:\Users\haglelgam\Documents\Rheumaticfever.pdf
[2010/11/18 16:58:57 | 000,002,583 | ---- | M] () -- C:\Users\haglelgam\Desktop\Office OneNote 2007.lnk
[2010/11/18 09:34:38 | 000,153,353 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/11/18 09:34:38 | 000,106,761 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/11/12 15:52:01 | 000,001,221 | ---- | M] () -- C:\Users\haglelgam\Desktop\Photoshop CS5.lnk
[2010/11/09 15:22:29 | 000,001,802 | ---- | M] () -- C:\Users\haglelgam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/09 15:22:29 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/30 13:43:16 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2010/11/28 23:10:15 | 000,012,284 | ---- | C] () -- C:\Users\haglelgam\Documents\MyFirstProgram.xltm
[2010/11/28 17:49:01 | 000,284,744 | ---- | C] () -- C:\Users\haglelgam\Documents\NeoBux Forum_ [Tips] Rentin...pdf
[2010/11/28 16:57:51 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2010/11/28 14:38:59 | 000,112,590 | ---- | C] () -- C:\Users\haglelgam\Documents\Rheumaticfever.pdf
[2010/11/12 15:52:01 | 000,001,221 | ---- | C] () -- C:\Users\haglelgam\Desktop\Photoshop CS5.lnk
[2010/11/09 15:22:29 | 000,001,802 | ---- | C] () -- C:\Users\haglelgam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/09 15:22:29 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/24 22:45:04 | 000,004,096 | -H-- | C] () -- C:\Users\haglelgam\AppData\Local\keyfile3.drm
[2010/08/07 16:25:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/04 16:27:29 | 000,570,718 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistMSI147B.txt
[2010/08/04 16:26:59 | 000,016,894 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistUI147B.txt
[2010/08/03 14:40:32 | 000,369,238 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistMSI74E0.txt
[2010/08/03 14:40:32 | 000,012,230 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistUI74E0.txt
[2010/08/02 08:53:04 | 000,374,394 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistMSI1C7B.txt
[2010/08/02 08:52:39 | 000,012,278 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistUI1C7B.txt
[2010/07/21 15:07:22 | 000,000,600 | ---- | C] () -- C:\Users\haglelgam\AppData\Roaming\winscp.rnd
[2010/05/06 16:39:28 | 000,548,316 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistMSI2607.txt
[2010/05/06 16:39:25 | 000,013,432 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistUI2607.txt
[2010/04/24 14:55:04 | 000,370,454 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistMSI2C91.txt
[2010/04/24 14:55:04 | 000,011,466 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistUI2C91.txt
[2010/04/19 11:10:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/04/19 11:06:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/04/18 22:09:51 | 000,001,189 | ---- | C] () -- C:\Users\haglelgam\AppData\Roaming\vso_ts_preview.xml
[2010/04/18 22:09:21 | 000,000,033 | ---- | C] () -- C:\Users\haglelgam\AppData\Roaming\pcouffin.log
[2010/04/18 22:08:26 | 000,099,384 | ---- | C] () -- C:\Users\haglelgam\AppData\Roaming\inst.exe
[2010/04/18 22:08:26 | 000,007,859 | ---- | C] () -- C:\Users\haglelgam\AppData\Roaming\pcouffin.cat
[2010/04/18 22:08:26 | 000,001,167 | ---- | C] () -- C:\Users\haglelgam\AppData\Roaming\pcouffin.inf
[2010/04/16 10:33:45 | 000,000,680 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\d3d9caps.dat
[2010/03/20 14:56:21 | 000,011,472 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistUI7EE5.txt
[2010/03/20 14:56:21 | 000,001,844 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistMSI7EE1.txt
[2010/03/18 16:11:28 | 000,000,952 | ---- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/02/20 02:25:51 | 000,220,672 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/13 17:45:46 | 000,323,112 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistMSI51E5.txt
[2010/02/13 17:45:45 | 000,011,918 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistUI51E5.txt
[2010/02/13 17:23:04 | 000,427,160 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistMSI4085.txt
[2010/02/13 17:23:03 | 000,011,642 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistUI4085.txt
[2010/02/13 11:58:57 | 000,666,285 | ---- | C] () -- C:\Users\haglelgam\AppData\Roaming\UserTile.png
[2010/02/12 01:32:26 | 000,420,550 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistMSI1AD0.txt
[2010/02/12 01:32:26 | 000,011,394 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\dd_vcredistUI1AD0.txt
[2010/02/12 00:25:24 | 000,001,460 | ---- | C] () -- C:\Users\haglelgam\AppData\Local\d3d9caps64.dat
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/08/02 22:00:07 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\CBS Interactive
[2010/03/17 16:48:00 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\CheckPoint
[2010/10/23 13:24:46 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\com.adobe.ExMan
[2010/04/05 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\ESET
[2010/09/25 08:38:21 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\FileZilla
[2010/07/15 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\Foxit
[2010/07/15 16:32:36 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\Foxit Software
[2010/05/21 09:34:23 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\gtk-2.0
[2010/04/22 19:33:40 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\ImgBurn
[2010/02/14 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\Notepad++
[2010/07/21 15:07:51 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\OpenCandy
[2010/04/29 15:11:17 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\Panda Security
[2010/02/13 23:24:57 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\PeerNetworking
[2010/09/01 10:10:40 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\QuickScan
[2010/04/13 13:41:39 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\Softland
[2010/02/13 20:13:24 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\TMP
[2010/02/20 03:05:04 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\TrueCrypt
[2010/11/27 09:18:21 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\uTorrent
[2010/07/24 02:38:04 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\Vso
[2010/07/31 00:13:01 | 000,000,000 | ---D | M] -- C:\Users\haglelgam\AppData\Roaming\WinPatrol
[2010/11/30 15:37:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/04/30 00:05:06 | 000,000,620 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2010/12/01 09:01:55 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job
[2010/12/01 01:01:36 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/01 11:07:26 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F3607084-CB3D-4326-BABC-DAEE739B2B5E}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
  • 0

Advertisements

#2
phillipcorcoran
Posted 01 December 2010 - 08:40 AM

phillipcorcoran

    Member 1K

  • Member
  • PipPipPipPip
  • 1,293 posts
We cannot deal with OTL logs or any virus problems on this forum -- we are not allowed to.

Please post here: http://www.geekstogo...alware-removal/
  • 0

#3
Billy H
Posted 01 December 2010 - 05:20 PM

Billy H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for pointing me in the right direction. Sorry for posting in the wrong category.
  • 0
Back to Windows Vista and Windows 7 · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows Vista and Windows 7

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP