First of all I'd like to apologize for my English in case I mistranslate some results that I get from software versions in Spanish. By the way, I'm writing you from Mexico.
I am sorry for the long read. I guess some information may be irrelevant but I wanted to leave that decision to you and avoid making a mistake based on my ignorance.
Thanks in advance for your help.
Here are some specifications: I share the infected laptop with my family. We have never had a firewall.
Last Wednesday I searched something in Google. When I pressed the link in the results page I was redirected to one of those suspicious advertising websites. I thought the site had been hacked so I just left it and browsed somewhere else. It happened again and then the antivirus I had, named Prodigy Antivirus (my ISP provided me with it), warned me about something in a file that contained the name Firefox but unfortunately I didn't pay attention. I uninstalled Firefox but the problem remained when I tried with IE8.
I looked for a solution in another laptop, where I am writing this, which works perfectly well, no redirecting, using the same wireless connection. I found one that consisted in downloading Malware Bytes, CCleaner and TSSKiller and execute them in that order. I ran all of them along with a full scan of Prodigy AV. TSSKiller didn't find anything but the rest of the programs found several infected files that were apparently successfully removed. The solution I found also had me run Cmd and input the following: "ipconfig /flushdns". It didn't work, it said "the requested operation requires elevation". The redirecting kept happening. As the problem wasn't solved I downloaded Chrome to use instead of IE, which predictably also redirected the results.
I removed Prodigy Antivirus using Revo Uninstaller and tried to install Avira Antivir (from this point forward, all the software I used was downloaded to this clean computer and burnt to CDs to be taken to the infected laptop). I couldn't install it due to "a Windows update" (that's exactly what it said, not "Windows Update"). I killed the process of Windows Update using the Hunter Mode of Revo Uninstaller and manually disabled Windows Defender and successfully installed Avira. I ran a scan and it found a trojan located in C:\Windows\System32\k.dll but it couldn't remove it and asked me to restart the computer to finish the process. When it restarted, Windows couldn't boot and went to Startup Repair, which was able to restore to a point previous to the installation of Avira but after I had removed Prodigy AV, which left me with no antivirus at all. For that reason I haven't browsed in that computer ever since, so I'm not certain that the redirecting still happens. Should I search for something in Chrome to check it out? Since I have no protection against potential virus in redirected sites I didn't know if I should.
Afterwards, I downloaded AVG Antivirus and couldn't install in the Safe Mode with Networking, it kept saying there was an error so I installed it in Normal Mode and ran a scan. It delivered this results:
Troyano Generic3_c.AVBG located in c:\Windows\System32\k.dll <----I am sure it said AVBG, not AVG.
Process: C:\Windows\System32\wininit.exe
Process ID: 544
Detected when opening
It appeared in the threats box and it replicated every minute or so, appearing in the list with the same name and location. This was happening while the scanning was still in process so by the end of the scan, the threat box warned me of the same file listing it over 50 times in the same list. When I asked it to remove them, a message box said "The action was unsuccessful. The object does not exist or is inaccesible".
I wanted to run a scan in Safe Mode so I rebboted, but once again it failed to boot, but this time Sartup Repair didn't work. I had to manually restore the computer to the same point it had restored itself before (Question: What is it restoring? The registry, the memory or what?). After thet, I could start the computer normally but because of that I had no antivirus once again.
This is where I found you guys. I followed the tutorial on How to Fix Google Redirects.
- I executed ERUNT
- I ran OTM but I couldn't copy the results because it prompted me to restart when it finished and couldn't access the results behind that message box. After rebooting, 2 files named desktop.ini appeared in my desktop. I can also see one named the same in every CD I used on it since then.
- I ran GooredFix
- I ran TDSSKiller and again it found nothing
After this I tried to install AVG again, but it showed a message box like this:
Message Error
basex:0
Cancel Retry
Only that. When I pressed "retry" the box only repeated itself so I pressed cancel.
Then I went to your Malware Removal Guide.
I installed Avira again. Before I ran the scan a message popped up:
Guard: Malware found
Type: Detection
A virus or unwanted program "TR/ATRAPS.Gen" was found in "C:\Windows\System32\k.dll"
Access to file was denied.
I ran the full scan with the following results:
A virus or unwanted program was found!
Detections:
Object .................................................................... Detection...................... Action
k.dll ................................................................... TR/ATRAPS.Gen -----------------Move to quarantine
IMBoosterSetup.4qvcxeiah10jxlvrapcskp45.exe ...... TR/Dldr.Agent.496640 -----------Move to quarantine
secupdat.dat ....................................................... TR/Spy.Gen ----------------------- Move to quarantine
101111170427903.rsc ......................................... JAVA/Dldr.Agent ------------------Move to quarantine
The summary came up like this:
Statistics
Paths: 23898
Scanned: 582388
Archives: 8503
Detections: 5
Objects searched: 607617
Hidden Objects: 0
Warnings: 1
Suspicious: 0
Repaired: 0
Wiped: 0
Deleted: 0
Moved: 3
Warnings
k.dll could not be copied to quarantine or deleted.
It asked me to reboot to complete the repair. The same happened again, couldn't restart, Startup Repair, no Avira again.
Also, when it restarted a message box popped up saying this:
C:\Windows\ERDNT\AutoBackup\29-02-2011\ERDNT.INF
Registry backup will continue, but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files.
I read there were some compatibility issues with ERUNT and Vista. Is this what's going on? I read you recommend this program as prevention in your guides so I figured I could keep it after all the problems are solved.
Finally, I still didn't have antivirus so I installed Avast! to try all the options you suggest. Unlike Avira and AVG, Avast! didn't find any threat, neither with full scans searching for PUPs nor with the boot-time scan. It's still installed, should I uninstall it and run one of the previous ones that did worked?
One more thing, when writing this I went to the infected computer to check the version of IE I have. I went offline before opening it but it took me 3 attempts for IE to start. The first 2 times it didn't work, it kind of opened and instantly closed, because I got to see the window opening for an instant. Is that related to a problem?
I had ran OTL before I had completed all the steps so I ran it a second time when I finished (the log in the end is from that second time, even after writing this message). The difference is that for the second time I had installed Avast! and one thing drew my attention. Avast recommended opening OTL in the sandbox but I said no and opened it normally. The warning also said this:
File: C:\Users\Manuel\Desktop\OTL.exe
Opened by: C:\Windows\System32\wininit.exe
That was the same process that AVG said was running Troyano Generic3_c.AVBG!
Is there a problem with that or is it normal??
I wrote a draft of this message in the clean computer, burnt it to a CD, opened it in the infected computer and added the OTL log, burnt another CD with the complete entry and uploaded it from a cybercafe with the owner's permission after being warned of my problems.
Once again, I am sorry for having you read so much and thank you for making in it all the way to the end.
I hope this problem can be fixed.
- Manuel
EDIT: I made some editions just to correct some grammar. The important stuff was left the same. Thanks.
UPDATE 02/27/11: Okay, last night I checked Chrome in the infected computer and turns out the redirecting still happens, that's for sure. However in the precise moment when Google redirected me to some mobile ad site, the good computer's cooling system began to work, you know, like when the computer is working really hard. I kind of freaked out! Was it downlolading the virus to this machine?! I understand that even under ridiculously unlikely chances correlation doesn't always imply causation, but what are the odds that both actions were unrrelated?? I turned off the good computer immediately. I checked this morning being sure I had screwed up the good computer I had, but it hasn't redirected any of my searches. By the way, this computer has Windows 7.
Here is the OTL log:
OTL logfile created on: 26/02/2011 07:22:05 p.m. - Run 2
OTL by OldTimer - Version 3.2.22.0 Folder = C:\Users\Manuel\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 387.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.16 Gb Total Space | 81.01 Gb Free Space | 57.80% Space Free | Partition Type: NTFS
Drive D: | 8.89 Gb Total Space | 4.38 Gb Free Space | 49.31% Space Free | Partition Type: NTFS
Computer Name: MILAPTOP | User Name: Manuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/01/09 13:20:30 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Sidebar\sidebar.exe
PRC - [2007/01/17 00:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Archivos de programa\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/11/02 06:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
PRC - [2006/11/02 06:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnscfg.exe
PRC - [2006/09/29 11:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (SafeList) ==========
MOD - [2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\snxhk.dll
MOD - [2006/11/02 03:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/02 10:41:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
========== Driver Services (SafeList) ==========
DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/01/17 00:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/02 02:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/18 19:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Controlador del adaptador Intel®
DRV - [2006/11/02 01:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Controlador de conexión de red Intel®
DRV - [2006/07/06 00:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/24 13:16:30 | 000,015,781 | R--- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/10/28 15:56:56 | 000,029,744 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://prodigy.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...s=PTB&M=MX6947M
IE - HKLM\..\URLSearchHook: {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://prodigy.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
[2011/02/22 19:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions
[2009/06/05 19:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/02/25 05:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
O1 HOSTS File: ([2007/08/02 10:33:51 | 000,004,992 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Aplicación auxiliar de inicio de sesión de Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Online Radio America Toolbar) - {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Online Radio America Toolbar) - {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Online Radio America Toolbar) - {9A6BE539-96EA-454D-898B-61891E0844D5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Archivos de programa\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Archivos de programa\ERUNT\AUTOBACK.EXE ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft....ayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUpldes-mx.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{410e1f2d-2ca3-11de-9807-00e0b8c7f0f7}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{410e1f2d-2ca3-11de-9807-00e0b8c7f0f7}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{410e1f2d-2ca3-11de-9807-00e0b8c7f0f7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{4a258bed-3802-11dc-a58e-001b7736a218}\Shell\1\Command - "" = .\System\Memory\autorun.exe
O33 - MountPoints2\{4a258bed-3802-11dc-a58e-001b7736a218}\Shell\2\Command - "" = .\System\Memory\autorun.exe
O33 - MountPoints2\{4a258bed-3802-11dc-a58e-001b7736a218}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\System\Memory\autorun.exe
O33 - MountPoints2\{541086dc-f867-11dc-bc86-00e0b8c7f0f7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
O33 - MountPoints2\{541086e1-f867-11dc-bc86-00e0b8c7f0f7}\Shell - "" = AutoRun
O33 - MountPoints2\{541086e1-f867-11dc-bc86-00e0b8c7f0f7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{b2d0c60d-d1ea-11de-ab63-00e0b8c7f0f7}\Shell - "" = AutoRun
O33 - MountPoints2\{b2d0c60d-d1ea-11de-ab63-00e0b8c7f0f7}\Shell\AutoRun\command - "" = F:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/02/26 02:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/26 02:33:07 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/26 02:33:07 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/26 02:33:03 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/26 02:33:03 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/26 02:33:02 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/02/26 02:32:59 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/26 02:32:08 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/26 02:32:08 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/26 02:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/02/26 02:31:33 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVAST Software
[2011/02/26 00:49:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2011/02/26 00:21:53 | 000,000,000 | ---D | C] -- C:\avrescue
[2011/02/25 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Avira
[2011/02/25 21:59:37 | 000,000,000 | ---D | C] -- C:\Users\Manuel\Desktop\GooredFix Backups
[2011/02/25 21:29:05 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/02/25 21:21:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/25 21:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/25 21:20:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ERUNT
[2011/02/25 21:14:32 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTM.exe
[2011/02/25 21:14:32 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Manuel\Desktop\GooredFix.exe
[2011/02/24 14:13:02 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/02/24 14:06:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/24 14:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/24 13:59:23 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVG
[2011/02/23 20:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/23 20:47:42 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Users\Manuel\Desktop\avg_free_stb_all_2011_1204_free.exe
[2011/02/23 19:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/23 19:58:12 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Avira
[2011/02/23 14:50:42 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\VS Revo Group
[2011/02/23 14:50:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/02/23 14:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/02/23 14:50:18 | 000,000,000 | ---D | C] -- C:\Archivos de programa\VS Revo Group
[2011/02/23 01:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/23 01:35:26 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
[2011/02/22 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Malwarebytes
[2011/02/22 22:41:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/22 22:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/22 22:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/22 22:41:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/22 22:41:37 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/02/22 22:17:52 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Manuel\Desktop\tdsskiller.exe
[2011/02/22 00:16:57 | 000,000,000 | ---D | C] -- C:\Users\Manuel\dwhelper
[2011/02/08 22:33:12 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/02/08 21:21:18 | 000,000,000 | ---D | C] -- C:\38e107bdc5e10e2e5e
========== Files - Modified Within 30 Days ==========
[2011/02/26 19:26:00 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/26 19:26:00 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79B37A82-D378-47A7-95FE-AE69C4ADACDE}.job
[2011/02/26 19:24:43 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18D5EA73-F2B9-4043-9B23-A38431E2E374}.job
[2011/02/26 19:14:33 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/26 19:12:07 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/26 19:11:29 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 19:11:29 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 19:11:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/26 19:11:17 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/26 02:33:08 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/26 02:32:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/26 02:23:22 | 054,078,264 | ---- | M] () -- C:\Users\Manuel\Desktop\setup_av_free_eng.exe
[2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2011/02/25 21:21:13 | 000,000,949 | ---- | M] () -- C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/25 21:20:19 | 000,000,750 | ---- | M] () -- C:\Users\Manuel\Desktop\ERUNT.lnk
[2011/02/25 20:51:58 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Manuel\Desktop\GooredFix.exe
[2011/02/25 20:51:27 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTM.exe
[2011/02/23 20:44:36 | 000,052,736 | ---- | M] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 19:12:57 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Users\Manuel\Desktop\avg_free_stb_all_2011_1204_free.exe
[2011/02/23 14:50:22 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/02/23 14:22:10 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/02/23 09:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/23 09:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/23 08:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/23 03:02:55 | 000,317,794 | ---- | M] () -- C:\Users\Manuel\Documents\cc_20110223_030234.reg
[2011/02/23 01:38:37 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/23 01:35:28 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/22 22:41:42 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/22 22:17:56 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Manuel\Desktop\tdsskiller.exe
[2011/02/13 09:25:43 | 000,687,582 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/02/13 09:25:43 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/13 09:25:43 | 000,122,196 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/02/13 09:25:42 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2011/02/26 11:42:14 | 1063,444,480 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/26 02:33:08 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/26 02:29:32 | 054,078,264 | ---- | C] () -- C:\Users\Manuel\Desktop\setup_av_free_eng.exe
[2011/02/25 21:21:13 | 000,000,949 | ---- | C] () -- C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/25 21:20:19 | 000,000,750 | ---- | C] () -- C:\Users\Manuel\Desktop\ERUNT.lnk
[2011/02/23 14:50:22 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/02/23 03:02:40 | 000,317,794 | ---- | C] () -- C:\Users\Manuel\Documents\cc_20110223_030234.reg
[2011/02/23 01:38:37 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/23 01:35:28 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/22 22:41:42 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/14 02:00:24 | 000,000,680 | ---- | C] () -- C:\Users\Manuel\AppData\Local\d3d9caps.dat
[2007/12/26 20:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/21 13:20:50 | 000,015,781 | R--- | C] () -- C:\Windows\System32\drivers\mdc8021x.sys
[2007/12/13 21:13:57 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2007/12/13 21:13:44 | 000,000,064 | ---- | C] () -- C:\Windows\swcmpc.ini
[2007/08/02 10:33:51 | 000,003,584 | ---- | C] () -- C:\Windows\System32\k.dll
[2007/07/19 17:36:46 | 000,052,736 | ---- | C] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 19:05:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/04/19 19:05:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/04/19 19:05:49 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/19 19:05:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/22 00:00:37 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2006/11/02 09:46:21 | 000,687,582 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2006/11/02 09:46:21 | 000,336,930 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2006/11/02 09:46:21 | 000,122,196 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2006/11/02 09:46:21 | 000,040,258 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,380,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
========== LOP Check ==========
[2010/11/11 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Auslogics
[2011/02/23 22:36:52 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\LimeWire
[2007/07/19 17:20:40 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\SampleView
[2011/02/26 18:24:37 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/26 19:24:43 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{18D5EA73-F2B9-4043-9B23-A38431E2E374}.job
[2011/02/26 19:26:00 | 000,000,476 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{79B37A82-D378-47A7-95FE-AE69C4ADACDE}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07BF512B
< End of report >
Edited by thedeadlystoat, 28 February 2011 - 09:24 PM.