Google redirect? Following on from WIndowssafemode
#16
Posted 21 March 2011 - 05:30 PM
#17
Posted 21 March 2011 - 05:37 PM
I think this may be interesting- Google too me to the Amreican address I mentioned before (it offeres a "verification check" series of pictures)- but I recognised it while it was loading and hit the red X
on going back I got this lot:
<?xml version="1.0" ?>
- <SearchSuggestion version="2.0" xmlns="http://opensearch.or...earchsuggest2">
<Query>ie.redirect.hp.com</Query>
- <Section title="Google Suggestions">
- <Item>
<Text>ie.redirect.hp.com</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>what is ie.redirect.hp.com</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
</Section>
</SearchSuggestion>
I've seen a folder labeled "2.0" during my wanders around my haddrive recently.
#18
Posted 21 March 2011 - 05:39 PM
This was the web page address (with a stratecally added space)I just tried to search that web address.
I think this may be interesting- Google too me to the Amreican address I mentioned before (it offeres a "verification check" series of pictures)- but I recognised it while it was loading and hit the red X
on going back I got this lot:
<?xml version="1.0" ?>
- <SearchSuggestion version="2.0" xmlns="http://opensearch.or...earchsuggest2">
<Query>ie.redirect.hp.com</Query>
- <Section title="Google Suggestions">
- <Item>
<Text>ie.redirect.hp.com</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>what is ie.redirect.hp.com</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
</Section>
</SearchSuggestion>
I've seen a folder labeled "2.0" during my wanders around my haddrive recently.
http://clients5.google. com/complete/search?hl=en-gb&q=ie.redirect.hp.com&client=ie8&inputencoding=UTF-8&outputencoding=UTF-8
#19
Posted 22 March 2011 - 12:06 PM
Also rummaging through I found an additional DNS attached to your lan drive and it resolves to the US. I think we are so used to redirects coming from the Ukraine or Russia that some to the US are bypassed
So I will remove that and also clear all your temp files plus a couple of yahoo/google bits left
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls] [Win32 Services - Safe List] YN -> (gupdate) Google Update Service (gupdate) [Auto | Stopped] -> [Registry - Safe List] < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\] > -> YN -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\] > -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Microsoft\Internet Explorer\MenuExt\ YN -> Google Sidewiki... -> [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html] < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ YN -> {6538C46C-1BBE-4EBA-BBD1-12A6B68572F0}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) [Registry - Additional Scans - Safe List] < ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ YN -> {1803B9EF-9905-4F34-AFC4-05D1BAB28801} [HKLM] -> Reg Error: Key error. [HKLM: Yahoo! Mail Config I; IsInstalled: 1] < Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ YN -> {4536918A-95A8-498F-B542-CB906C561A43} [HKLM] -> [Google Update Plugin] < Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ YN -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar Helper] YN -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] [Files/Folders - Modified Within 30 Days] NY -> User_Feed_Synchronization-{93FAFC7B-6DD6-469D-A1DB-226D0A4B5F58}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{93FAFC7B-6DD6-469D-A1DB-226D0A4B5F58}.job [Empty Temp Folders] [EmptyFlash] [CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
#20
Posted 22 March 2011 - 03:02 PM
The bad news is that both findtrue. org and searchcruel. org have both appeared in my browsing history over the last 5 mins (so at least it's slowed down from one site every 30 seconds).
I ran the fix (with the internet disconected and my protection turned off)- I wasn't offered a log of actions, but told to reboot.
The log from last night says it was modified at around the right time so I'll post that (OTS.TXT)I also ran a quick scan (OTS2.TXT)
It's now about 10 mins from opening the net- in that time now 4 sites but the original 2 have had 5 shots each.
Oh one of the new sites was
http://20680.19294. filter.omexmlfeeds.com/ncp/checkBrowser?key=laptop&ip=86.30.159.212&n_d=11852963&ua=Mozilla%2F4.0%20%28compatible%3B%20MSIE%207.0%3B%20Windows%20NT%205.1%3B%20Trident%2F4.0%29
AGhhhhhhhhh!!!!!!!!!!!!!!!!!!!!!
Attached Files
#21
Posted 22 March 2011 - 03:24 PM
Evidently it is an injection into a valid fie
Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download
It will download as an 8 digit file save it to your desktop
Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
#22
Posted 22 March 2011 - 04:46 PM
Sorry if I'm being dense here...Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download
It will download as an 8 digit file save it to your desktop
Am I after the Dr. Web LinkChecker? or the Dr.Web CureIt (Both top right but one is more top and the other is more right)
and the EULA? What's that?
#23
Posted 23 March 2011 - 11:56 AM
This one
#24
Posted 23 March 2011 - 02:33 PM
There was something called BackDoor.Tdss.565 in C:\Windows\Explorer.exe:1472
I also had a trojan.Tdlbase1 in system32\ drivers
I'm getting a "Error You aren't permitted to upload this kind of file" message - so I can't attach the report
I promise I'll come back in a day or so to confirm if it's still clear (I'll also be seeking help with removal of the many anti-malware things I've now got all over the place including those from years ago)
Thanks loads for all the help so far.
#25
Posted 23 March 2011 - 02:54 PM
And when you are ready I will remove all the tools - just post a fresh OTL log so that I can get the ones that OTL does not recognise
#26
Posted 23 March 2011 - 04:27 PM
http://www.mediafire...y5kl4ym4ib6xzib
Nothing appeared in my history over the last couple of hours. I almost feel like I'm missing it- like a cyber version of Stockholm Syndrome.
I'm sure I'll recover though.
#27
Posted 23 March 2011 - 04:36 PM
When you are happy for me to clear all the tools away just post a fresh OTL and I will do it for you
#28
Posted 23 March 2011 - 04:55 PM
I think getting that the same day that I thought I'd got rid of the Safemode thing has made me nevrous about if it's really gone or will turn into something else over night.
#29
Posted 24 March 2011 - 11:33 AM
If I fail to answer then PM me
#30
Posted 26 March 2011 - 09:22 AM
I'm not sure what other damage I have done along the way-
Trying to remove progams using the add/remove function now drags up the error message:
The windows installer service could not be accessed this can occur if you are running in safe mode or the windows installer is not correctly installed. contact ....
And Outlook express isn't working either:
Windows cannot find 'c\programme files\ outlook express\ msimn.exe'. Make sure you typed the name correctly and then try again. To search for ...
I've disc cleaned and defragged earlier today and run an OTL since then the report is attached.
Thanks again for all the help.
Oh
One more question and, it's probably the silliest so far...
Is there anything I can do to support the site?
OTL logfile created on: 26/03/2011 15:01:40 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.56 Gb Total Space | 139.69 Gb Free Space | 77.79% Space Free | Partition Type: NTFS
Drive D: | 6.73 Gb Total Space | 0.66 Gb Free Space | 9.78% Space Free | Partition Type: FAT32
Drive E: | 557.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: OLLY | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/03/15 18:51:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/02/16 12:49:15 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/24 17:50:01 | 001,563,016 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\Upgrade.exe
PRC - [2009/08/24 17:49:16 | 001,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/08/24 17:49:12 | 001,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/08/24 17:49:10 | 002,916,816 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2009/03/31 10:23:06 | 000,070,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2009/01/07 11:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/23 22:51:32 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/09/12 15:14:42 | 001,527,808 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/04/13 01:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/01/07 01:36:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2005/11/10 12:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/08/02 15:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 15:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
========== Modules (SafeList) ==========
MOD - [2011/03/15 18:51:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/03/31 10:23:18 | 000,255,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2008/11/13 13:19:40 | 000,148,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- -- (MSIServer)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/25 20:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/12 18:14:40 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/08/24 17:49:12 | 001,097,096 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/03/31 10:23:06 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/01/07 11:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/01/23 22:51:32 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/06 21:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/11/24 16:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/11/24 15:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/24 15:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/08/02 15:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ==========
DRV - [2011/03/26 12:32:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{547BFF38-5AD3-42D8-8320-33DFFB4AA87D}\MpKslf4c19ba1.sys -- (MpKslf4c19ba1)
DRV - [2009/11/24 19:25:44 | 000,206,256 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/03/31 10:23:26 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/03/31 10:23:24 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/03/31 10:23:20 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/12/11 07:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 10:36:04 | 000,064,392 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/05/26 16:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:41:02 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2007/12/28 20:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/01/11 10:20:06 | 000,194,304 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006/10/23 10:15:07 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/24 16:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/04 21:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 16:53:07 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/02/27 05:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://apod.nasa.gov...d/astropix.html [binary data]
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://community.tes.../forums/31.aspx
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF1\ [2009/05/30 13:35:20 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/03/16 23:16:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/10 08:20:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/06/06 20:47:44 | 000,884,736 | R--- | M] (FIRAXIS Games, Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/08/04 16:53:20 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/22 20:27:02 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/03/19 21:30:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/03/19 17:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/03/17 19:14:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/16 23:03:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/16 22:52:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/15 22:10:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/15 18:51:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/03/13 11:14:53 | 000,039,200 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/03/13 11:14:53 | 000,033,056 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/03/13 11:14:53 | 000,012,576 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2011/03/13 11:14:52 | 000,051,488 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/03/12 20:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/03/11 21:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2011/03/08 19:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/07 21:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/03/07 21:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/26 12:39:46 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/03/26 12:34:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/26 12:31:56 | 2079,772,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/26 09:35:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/21 18:39:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/18 19:50:44 | 000,000,444 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_18.03.2011_20-05drv.spi
[2011/03/17 22:04:31 | 000,000,652 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_17.03.2011_22-06drv.spi
[2011/03/16 23:16:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/16 23:03:44 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/03/15 18:51:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/03/12 20:33:18 | 000,513,008 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\avinstall[1].exe
[2011/03/08 19:25:35 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/02/26 14:58:34 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/25 19:23:49 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/23 19:49:56 | 2079,772,672 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/18 19:49:28 | 000,000,444 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_18.03.2011_20-05drv.spi
[2011/03/17 20:24:55 | 000,000,652 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_17.03.2011_22-06drv.spi
[2011/03/16 22:52:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/16 22:52:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/12 20:33:19 | 000,513,008 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\avinstall[1].exe
[2011/03/08 19:25:35 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/08 19:24:52 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/08 19:02:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/07 23:31:02 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/12 18:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/07/25 16:13:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/04/29 20:35:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/29 20:35:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/29 20:35:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/04/27 19:02:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/03/06 00:26:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/14 09:13:50 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/21 09:46:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/03/14 22:59:57 | 000,001,276 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2007/02/17 15:48:37 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/17 12:44:57 | 000,000,504 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/17 11:07:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/02/17 10:50:34 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/10/23 10:26:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/23 10:05:08 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/10/23 10:00:38 | 000,014,309 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/10/23 10:00:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/10/23 09:52:43 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/23 09:47:41 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/10/23 09:46:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/23 09:43:29 | 000,125,796 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/10/23 09:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/10/23 09:18:01 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/10/23 09:18:01 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/10/23 09:17:41 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 11:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/10 08:27:46 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/10/10 08:27:46 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/10/10 08:25:26 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/10 08:20:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/10 08:15:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 21:00:00 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\sbe(2).dll
[2004/08/09 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 21:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/09 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/08 13:37:36 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
Attached Files
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users