[Burndenpark]

Sorry I could have sworn I'd attached this.

Attached Files

•  OTS.Txt   158.62KB   102 downloads

[Advertisements]

I just tried to search that web address.
I think this may be interesting- Google too me to the Amreican address I mentioned before (it offeres a "verification check" series of pictures)- but I recognised it while it was loading and hit the red X

on going back I got this lot:

<?xml version="1.0" ?>
- <SearchSuggestion version="2.0" xmlns="http://opensearch.or...earchsuggest2">
<Query>ie.redirect.hp.com</Query>
- <Section title="Google Suggestions">
- <Item>
<Text>ie.redirect.hp.com</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>what is ie.redirect.hp.com</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
</Section>
</SearchSuggestion>

I've seen a folder labeled "2.0" during my wanders around my haddrive recently.

[Burndenpark]

I just tried to search that web address.
I think this may be interesting- Google too me to the Amreican address I mentioned before (it offeres a "verification check" series of pictures)- but I recognised it while it was loading and hit the red X

on going back I got this lot:

<?xml version="1.0" ?>
- <SearchSuggestion version="2.0" xmlns="http://opensearch.or...earchsuggest2">
<Query>ie.redirect.hp.com</Query>
- <Section title="Google Suggestions">
- <Item>
<Text>ie.redirect.hp.com</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>what is ie.redirect.hp.com</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
</Section>
</SearchSuggestion>

I've seen a folder labeled "2.0" during my wanders around my haddrive recently.

[Burndenpark]

I just tried to search that web address.
I think this may be interesting- Google too me to the Amreican address I mentioned before (it offeres a "verification check" series of pictures)- but I recognised it while it was loading and hit the red X

on going back I got this lot:

<?xml version="1.0" ?>
- <SearchSuggestion version="2.0" xmlns="http://opensearch.or...earchsuggest2">
<Query>ie.redirect.hp.com</Query>
- <Section title="Google Suggestions">
- <Item>
<Text>ie.redirect.hp.com</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>what is ie.redirect.hp.com</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
</Section>
</SearchSuggestion>

I've seen a folder labeled "2.0" during my wanders around my haddrive recently.

This was the web page address (with a stratecally added space)
http://clients5.google. com/complete/search?hl=en-gb&q=ie.redirect.hp.com&client=ie8&inputencoding=UTF-8&outputencoding=UTF-8

[Essexboy]

Ok that was good data I found this -the least technical version - about that site http://en.wikipedia....wiki/OpenSearch

Also rummaging through I found an additional DNS attached to your lan drive and it resolves to the US. I think we are so used to redirects coming from the Ukraine or Russia that some to the US are bypassed

So I will remove that and also clear all your temp files plus a couple of yahoo/google bits left

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (gupdate) Google Update Service (gupdate) [Auto | Stopped] -> 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\] > -> 
YN -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\] > -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Google Sidewiki... -> [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html]
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {6538C46C-1BBE-4EBA-BBD1-12A6B68572F0}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243   (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
[Registry - Additional Scans - Safe List]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
YN -> {1803B9EF-9905-4F34-AFC4-05D1BAB28801} [HKLM] -> Reg Error: Key error. [HKLM: Yahoo! Mail Config I; IsInstalled: 1]
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
YN -> {4536918A-95A8-498F-B542-CB906C561A43} [HKLM] -> [Google Update Plugin]
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\
YN -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar Helper]
YN -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar]
[Files/Folders - Modified Within 30 Days]
NY ->  User_Feed_Synchronization-{93FAFC7B-6DD6-469D-A1DB-226D0A4B5F58}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{93FAFC7B-6DD6-469D-A1DB-226D0A4B5F58}.job
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

[Burndenpark]

The good news is that I've done 3 or 4 random searches and not been interupted.

The bad news is that both findtrue. org and searchcruel. org have both appeared in my browsing history over the last 5 mins (so at least it's slowed down from one site every 30 seconds).

I ran the fix (with the internet disconected and my protection turned off)- I wasn't offered a log of actions, but told to reboot.

The log from last night says it was modified at around the right time so I'll post that (OTS.TXT)I also ran a quick scan (OTS2.TXT)

It's now about 10 mins from opening the net- in that time now 4 sites but the original 2 have had 5 shots each.

Oh one of the new sites was
http://20680.19294. filter.omexmlfeeds.com/ncp/checkBrowser?key=laptop&ip=86.30.159.212&n_d=11852963&ua=Mozilla%2F4.0%20%28compatible%3B%20MSIE%207.0%3B%20Windows%20NT%205.1%3B%20Trident%2F4.0%29



AGhhhhhhhhh!!!!!!!!!!!!!!!!!!!!!

Attached Files

•  OTS.Txt   89.45KB   72 downloads
•  OTS2.Txt   89.45KB   97 downloads

[Essexboy]

Well my AV killed the connection to that IP - however that led me to the AV's that do detect it

Evidently it is an injection into a valid fie

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

[Burndenpark]

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Sorry if I'm being dense here...
Am I after the Dr. Web LinkChecker? or the Dr.Web CureIt (Both top right but one is more top and the other is more right)

and the EULA? What's that?

[Essexboy]

It will be the cure-it programme and the eula is the normal gobbleydegook to run the programme... All the legal bits

This one

[Burndenpark]

It's looking good so far (30 mins on line, more than a dozen random searches and nothing unexpected either in history or on the screen)

There was something called BackDoor.Tdss.565 in C:\Windows\Explorer.exe:1472

I also had a trojan.Tdlbase1 in system32\ drivers

I'm getting a "Error You aren't permitted to upload this kind of file" message - so I can't attach the report

I promise I'll come back in a day or so to confirm if it's still clear (I'll also be seeking help with removal of the many anti-malware things I've now got all over the place including those from years ago)

Thanks loads for all the help so far.

[Essexboy]

Could you upload the log to Mediafire and post the sharing link. I will pick it up from there - the data will be usefull for next time

And when you are ready I will remove all the tools - just post a fresh OTL log so that I can get the ones that OTL does not recognise

[Burndenpark]

I don't know if this will work, but here goes.

http://www.mediafire...y5kl4ym4ib6xzib

Nothing appeared in my history over the last couple of hours. I almost feel like I'm missing it- like a cyber version of Stockholm Syndrome.

I'm sure I'll recover though.

[Essexboy]

Yep it was a file injection appended to a legitimate file

When you are happy for me to clear all the tools away just post a fresh OTL and I will do it for you

[Burndenpark]

Are you OK to leave it a day or two?

I think getting that the same day that I thought I'd got rid of the Safemode thing has made me nevrous about if it's really gone or will turn into something else over night.

[Essexboy]

No problem I continue to get notifications for 14 days after the last post - enough time

If I fail to answer then PM me

[Burndenpark]

It's been a few days now and nothing strange has happened so I think we should give the clean up a shot.

I'm not sure what other damage I have done along the way-

Trying to remove progams using the add/remove function now drags up the error message:
The windows installer service could not be accessed this can occur if you are running in safe mode or the windows installer is not correctly installed. contact ....

And Outlook express isn't working either:
Windows cannot find 'c\programme files\ outlook express\ msimn.exe'. Make sure you typed the name correctly and then try again. To search for ...

I've disc cleaned and defragged earlier today and run an OTL since then the report is attached.


Thanks again for all the help.

Oh

One more question and, it's probably the silliest so far...
Is there anything I can do to support the site?

OTL logfile created on: 26/03/2011 15:01:40 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.56 Gb Total Space | 139.69 Gb Free Space | 77.79% Space Free | Partition Type: NTFS
Drive D: | 6.73 Gb Total Space | 0.66 Gb Free Space | 9.78% Space Free | Partition Type: FAT32
Drive E: | 557.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OLLY | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/15 18:51:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/02/16 12:49:15 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/24 17:50:01 | 001,563,016 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\Upgrade.exe
PRC - [2009/08/24 17:49:16 | 001,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/08/24 17:49:12 | 001,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/08/24 17:49:10 | 002,916,816 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2009/03/31 10:23:06 | 000,070,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2009/01/07 11:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/23 22:51:32 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/09/12 15:14:42 | 001,527,808 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/04/13 01:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/01/07 01:36:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2005/11/10 12:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/08/02 15:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 15:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2011/03/15 18:51:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/03/31 10:23:18 | 000,255,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2008/11/13 13:19:40 | 000,148,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- -- (MSIServer)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/25 20:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/12 18:14:40 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/08/24 17:49:12 | 001,097,096 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/03/31 10:23:06 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/01/07 11:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/01/23 22:51:32 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/06 21:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/11/24 16:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/11/24 15:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/24 15:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/08/02 15:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/03/26 12:32:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{547BFF38-5AD3-42D8-8320-33DFFB4AA87D}\MpKslf4c19ba1.sys -- (MpKslf4c19ba1)
DRV - [2009/11/24 19:25:44 | 000,206,256 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/03/31 10:23:26 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/03/31 10:23:24 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/03/31 10:23:20 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/12/11 07:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 10:36:04 | 000,064,392 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/05/26 16:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:41:02 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2007/12/28 20:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/01/11 10:20:06 | 000,194,304 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006/10/23 10:15:07 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/24 16:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/04 21:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 16:53:07 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/02/27 05:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://apod.nasa.gov...d/astropix.html [binary data]
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://community.tes.../forums/31.aspx
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF1\ [2009/05/30 13:35:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/16 23:16:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/10 08:20:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/06/06 20:47:44 | 000,884,736 | R--- | M] (FIRAXIS Games, Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/08/04 16:53:20 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/22 20:27:02 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/03/19 21:30:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/03/19 17:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/03/17 19:14:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/16 23:03:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/16 22:52:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/15 22:10:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/15 18:51:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/03/13 11:14:53 | 000,039,200 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/03/13 11:14:53 | 000,033,056 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/03/13 11:14:53 | 000,012,576 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2011/03/13 11:14:52 | 000,051,488 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/03/12 20:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/03/11 21:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2011/03/08 19:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/07 21:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/03/07 21:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/26 12:39:46 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/03/26 12:34:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/26 12:31:56 | 2079,772,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/26 09:35:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/21 18:39:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/18 19:50:44 | 000,000,444 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_18.03.2011_20-05drv.spi
[2011/03/17 22:04:31 | 000,000,652 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_17.03.2011_22-06drv.spi
[2011/03/16 23:16:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/16 23:03:44 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/03/15 18:51:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/03/12 20:33:18 | 000,513,008 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\avinstall[1].exe
[2011/03/08 19:25:35 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/02/26 14:58:34 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/25 19:23:49 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/23 19:49:56 | 2079,772,672 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/18 19:49:28 | 000,000,444 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_18.03.2011_20-05drv.spi
[2011/03/17 20:24:55 | 000,000,652 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_17.03.2011_22-06drv.spi
[2011/03/16 22:52:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/16 22:52:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/12 20:33:19 | 000,513,008 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\avinstall[1].exe
[2011/03/08 19:25:35 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/08 19:24:52 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/08 19:02:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/07 23:31:02 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/12 18:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/07/25 16:13:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/04/29 20:35:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/29 20:35:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/29 20:35:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/04/27 19:02:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/03/06 00:26:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/14 09:13:50 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/21 09:46:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/03/14 22:59:57 | 000,001,276 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2007/02/17 15:48:37 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/17 12:44:57 | 000,000,504 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/17 11:07:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/02/17 10:50:34 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/10/23 10:26:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/23 10:05:08 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/10/23 10:00:38 | 000,014,309 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/10/23 10:00:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/10/23 09:52:43 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/23 09:47:41 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/10/23 09:46:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/23 09:43:29 | 000,125,796 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/10/23 09:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/10/23 09:18:01 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/10/23 09:18:01 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/10/23 09:17:41 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 11:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/10 08:27:46 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/10/10 08:27:46 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/10/10 08:25:26 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/10 08:20:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/10 08:15:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 21:00:00 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\sbe(2).dll
[2004/08/09 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 21:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/09 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/08 13:37:36 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

< End of report >

Attached Files

•  OTL.Txt   60.62KB   78 downloads