Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Scar.463 found on my computer

Started by catnapper , Dec 11 2010 03:41 PM

  • Please log in to reply

#1
catnapper
Posted 11 December 2010 - 03:41 PM

catnapper

    Member

  • Member
  • PipPip
  • 12 posts
Hi…

TrojanHunter found four ‘bad guys’, three of which it cleaned, leaving one that it couldn’t.

TH identified it as Scar.463, and the path as …\tmp\autoruns.zip\autorunsc.exe.

It said that the reason it couldn’t remove this particular Trojan was because it was hidden inside a .zip or Rar file (whatever that is).

A couple of weeks ago, I installed and used a zip program called 7-zip. Any connection?

After running TH on the day it came up with Scar.463, I couldn’t close the program, even using Task Manager. I had to reboot to go back to ‘normal’. And today I discovered that HP Director wouldn’t open, but I was able to copy what I wanted, using HP Photo & Imaging.. Again, any connection?

Please help…..and thanks.

catspaw

P.S. I’m running Windows XP w/SP3; mostly Firefox, plus IE8 (rarely) and, more
recently, Google Chrome (also rarely).


OTL logfile created on: 12/10/2010 4:25:36 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Norman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 257.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): c:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 21.17 Gb Free Space | 55.30% Space Free | Partition Type: NTFS
Drive D: | 38.40 Gb Total Space | 37.75 Gb Free Space | 98.30% Space Free | Partition Type: NTFS

Computer Name: NORMAN-SP8SZ7LJ | User Name: Norman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/10 16:22:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL(2).exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/02 04:46:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2008/10/24 12:23:10 | 001,056,928 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.0\THGuard.exe
PRC - [2008/09/09 16:41:49 | 001,783,808 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2008/09/09 16:41:49 | 000,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 21:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008/04/09 20:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/04/09 20:14:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/09 20:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/09/14 02:02:34 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/05/12 16:22:52 | 000,249,856 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2002/09/24 15:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/09/04 13:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe


========== Modules (SafeList) ==========

MOD - [2010/12/10 16:22:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL(2).exe
MOD - [2010/09/30 14:35:58 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\Norman\LOCALS~1\Temp\UWRYAZXYU.exe -- (UWRYAZXYU)
SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - File not found [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (aawservice)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/02 04:46:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/02 04:46:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/09 16:41:49 | 000,570,880 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/09 21:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 20:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2002/09/24 15:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/09/04 13:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\B.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Norman\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/11/30 15:22:53 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/11/30 15:22:53 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/11/30 15:22:28 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/11/30 15:22:12 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/30 14:35:53 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/30 14:35:53 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2008/09/01 15:07:43 | 000,141,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2008/07/04 01:33:33 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/09/29 14:31:23 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2004/12/10 21:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (Intels51) Intel®
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 21:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/26 14:00:05 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/05/14 18:26:40 | 000,217,600 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/05/12 10:28:10 | 000,012,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/12/17 08:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 08:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2002/09/04 13:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)
DRV - [2001/12/11 13:30:22 | 000,015,360 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2000/03/29 09:17:42 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (ASUSHWIO)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:28.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/24 15:19:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 16:20:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 16:20:09 | 000,000,000 | ---D | M]

[2008/07/18 14:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Mozilla\Extensions
[2010/12/10 15:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\cpi4wa1g.default\extensions
[2008/12/25 15:36:32 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\cpi4wa1g.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}
[2010/08/11 10:22:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\cpi4wa1g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/20 14:40:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\cpi4wa1g.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/10/15 12:26:44 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\cpi4wa1g.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/01/29 17:25:57 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\cpi4wa1g.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/11/27 11:37:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\cpi4wa1g.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/10 15:08:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\cpi4wa1g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/11 12:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\cpi4wa1g.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/09/21 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\cpi4wa1g.default\extensions\[email protected]
[2010/12/05 14:40:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/23 16:30:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/23 16:29:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/10 15:23:03 | 000,425,276 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14679 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.0\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UnlockerAssistant] C:\UTILITIES\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components] C:\Program Files\Panda Security\ActiveScan 2.0\as2guiie.dll (Panda Security, S.L.)
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components.] C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components..] C:\Program Files\Panda Security\ActiveScan 2.0\libcomm.dll (Panda Security, S.L.)
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components...] C:\Program Files\Panda Security\ActiveScan 2.0\as2inst.dll (Panda Security, S.L.)
O4 - Startup: C:\Documents and Settings\Norman\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\UTILITIES\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: amd.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: annualcreditreport.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: asus.com ([usa] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bitdefender.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kaspersky.com ([usa] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pandasecurity.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: pcpitstop.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([psi] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trendmicro.com ([housecall] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: vanguard.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: wachovia.com ([www] * in Trusted sites)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/ocis/OSInfo.cab (OSInfo Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/o...utodetectNT.cab (SiS_OCX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1120085952027 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1256851325703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/22 21:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/10 16:22:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL(2).exe
[2010/12/09 16:46:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Norman\Recent
[2010/12/07 15:36:10 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Norman\My Documents\install_flash_player.exe
[2010/12/04 15:30:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dumps
[2010/11/29 16:38:16 | 145,674,072 | ---- | C] (Acronis) -- C:\Documents and Settings\Norman\My Documents\TrueImage11.8101_s_en.exe
[2010/11/28 16:40:32 | 000,568,640 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Norman\My Documents\ChromeSetup(2).exe
[2010/11/26 14:52:00 | 189,819,904 | ---- | C] (Acronis) -- C:\Documents and Settings\Norman\My Documents\tih_s_e(2).exe
[2010/11/25 16:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\acronis.true.image.home.11
[2010/11/25 16:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/11/25 16:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norman\My Documents\acronis.true.image.home.11
[2010/11/24 16:24:09 | 138,391,219 | ---- | C] (OEM Downloads Inc) -- C:\Documents and Settings\Norman\My Documents\acronis.true.image.home.11.exe
[2010/11/23 16:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/23 16:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/23 16:30:06 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/23 16:30:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/23 16:30:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/23 16:30:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/23 16:30:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/23 16:23:57 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Norman\My Documents\jxpiinstall.exe
[2010/11/23 11:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norman\Local Settings\Application Data\eSupport.com
[2010/11/22 21:15:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2010/11/22 20:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/11/21 20:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2010/11/21 20:05:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Norman\Cookies
[2010/11/12 15:10:04 | 020,680,392 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Norman\My Documents\OnlineArmorSetup.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/10 16:22:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL(2).exe
[2010/12/10 16:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/10 16:05:23 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/12/10 15:41:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1979792683-725345543-1004UA.job
[2010/12/10 15:21:52 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\major Geeks 01.doc
[2010/12/10 15:19:47 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\Microsoft Word.lnk
[2010/12/10 15:10:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/10 14:48:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/10 14:48:54 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/09 16:41:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1979792683-725345543-1004Core.job
[2010/12/09 15:02:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/08 16:13:54 | 101,267,279 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/07 15:36:28 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Norman\My Documents\install_flash_player.exe
[2010/12/04 15:46:00 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\Google Chrome.lnk
[2010/12/04 15:46:00 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Norman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/01 16:43:37 | 008,921,088 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\My Money.mny
[2010/11/30 15:22:53 | 000,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2010/11/30 15:22:53 | 000,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2010/11/30 15:22:28 | 000,132,224 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010/11/30 15:22:12 | 000,368,480 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2010/11/30 15:22:05 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 11.0.lnk
[2010/11/30 15:09:49 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\My Documents.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 17:01:22 | 145,674,072 | ---- | M] (Acronis) -- C:\Documents and Settings\Norman\My Documents\TrueImage11.8101_s_en.exe
[2010/11/28 16:40:42 | 000,568,640 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Norman\My Documents\ChromeSetup(2).exe
[2010/11/26 15:01:52 | 189,819,904 | ---- | M] (Acronis) -- C:\Documents and Settings\Norman\My Documents\tih_s_e(2).exe
[2010/11/26 14:27:24 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\My Documents.lnk
[2010/11/24 16:40:42 | 138,391,219 | ---- | M] (OEM Downloads Inc) -- C:\Documents and Settings\Norman\My Documents\acronis.true.image.home.11.exe
[2010/11/24 16:06:25 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\7z465.exe
[2010/11/24 15:20:20 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/11/23 16:29:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/23 16:29:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/23 16:29:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/23 16:29:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/23 16:29:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/23 16:24:08 | 000,874,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Norman\My Documents\jxpiinstall.exe
[2010/11/22 21:28:56 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/22 21:26:02 | 002,811,584 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Norman\My Documents\ccsetup300.exe
[2010/11/22 20:42:00 | 000,178,152 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\activescan2_en(2).exe
[2010/11/22 20:01:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/21 15:34:22 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\ParetoLogic PC Health Advisor.lnk
[2010/11/19 18:00:08 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/11/18 02:55:06 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2010/11/12 15:24:05 | 000,426,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/12 15:24:05 | 000,065,720 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/12 15:13:11 | 020,680,392 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Norman\My Documents\OnlineArmorSetup.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/09 16:01:18 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Norman\My Documents\major Geeks 01.doc
[2010/12/07 18:33:50 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/30 15:22:05 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 11.0.lnk
[2010/11/30 15:09:49 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\My Documents.lnk
[2010/11/28 16:41:09 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\Google Chrome.lnk
[2010/11/28 16:41:09 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/28 16:36:27 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1979792683-725345543-1004UA.job
[2010/11/28 16:36:26 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1979792683-725345543-1004Core.job
[2010/11/26 14:27:24 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Norman\My Documents\My Documents.lnk
[2010/11/24 16:06:22 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\Norman\My Documents\7z465.exe
[2010/11/22 20:41:46 | 000,178,152 | ---- | C] () -- C:\Documents and Settings\Norman\My Documents\activescan2_en(2).exe
[2010/10/08 10:30:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\prvlcl.dat
[2010/08/16 20:34:01 | 000,695,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/09/01 15:07:43 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2008/06/22 15:15:26 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/29 22:30:35 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\fusioncache.dat
[2007/03/09 15:47:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/02/19 21:04:21 | 000,108,021 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2007/02/19 21:03:32 | 000,107,871 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006/12/16 18:18:01 | 000,000,074 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/26 21:15:09 | 000,003,507 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/06/26 21:14:48 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/26 14:26:00 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006/02/18 14:24:24 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006/02/08 17:08:42 | 000,000,138 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2006/01/16 22:11:53 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/01/16 22:11:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/16 16:09:03 | 000,000,013 | ---- | C] () -- C:\Program Files\money2.QIF
[2006/01/08 18:48:15 | 000,202,845 | ---- | C] () -- C:\Program Files\MONEY.QIF
[2005/10/20 15:00:12 | 000,000,160 | ---- | C] () -- C:\WINDOWS\NJFINDW.INI
[2005/09/19 15:13:44 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2005/06/24 14:46:56 | 000,002,356 | ---- | C] () -- C:\WINDOWS\DigiPan.INI
[2005/05/20 19:36:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\thxcfg.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/05/02 20:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2005/05/02 20:41:23 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2005/04/26 14:57:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2005/04/15 15:57:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/12/05 00:26:06 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/09/18 14:36:17 | 000,000,274 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2004/07/30 15:30:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/25 21:00:42 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/07/25 21:00:41 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/07/25 20:39:30 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/06/30 15:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/06/26 20:21:53 | 000,000,056 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2004/06/26 14:00:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2004/06/25 16:13:35 | 000,010,793 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini
[2004/06/24 16:30:09 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/24 16:26:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\TBPlugin.INI
[2004/06/24 16:26:14 | 000,000,058 | ---- | C] () -- C:\WINDOWS\avconfig.ini
[2004/06/23 18:15:02 | 000,000,056 | ---- | C] () -- C:\WINDOWS\autmtst.ini
[2004/06/23 17:57:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys
[2004/06/23 17:57:08 | 000,045,401 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2004/06/23 17:57:08 | 000,032,887 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2004/06/23 16:48:47 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2004/06/22 21:50:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/06/22 16:45:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/07 13:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2003/11/18 09:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2002/12/05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2002/12/05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/08/18 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 88 bytes -> C:\ffastun.ffo:SummaryInformation

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP