Shortly afterwards my google results were highjacked.
I ran another avast scan with the same non-result, then installed and ran MBAM (couldn’t get it to update).
Now my results are no longer being hijacked – I simply can not connect to anything except google. Nothing else.
I have also tried to run System restore without success.
I have no idea of the source of the infection
Can anyone help? Thanks in advance
OTL Log below:
_______
OTL logfile created on: 30/03/2011 18:59:59 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Tanya\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 576.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 1.82 Gb Free Space | 2.56% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.73 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Drive E: | 245.73 Mb Total Space | 191.98 Mb Free Space | 78.13% Space Free | Partition Type: FAT
Computer Name: SHARPE | User Name: Tanya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/03/30 18:56:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tanya\Desktop\OTL.exe
PRC - [2011/03/21 10:03:12 | 000,069,632 | ---- | M] (Osiris Development) -- C:\Program Files\BatteryBar\BatteryBar.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/07 18:06:30 | 003,600,184 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2009/06/16 08:58:08 | 000,389,120 | ---- | M] (FruitfulTime ®) -- C:\Program Files\FruitfulTime\FruitfulTime NoteKeeper\FruitfulTime NoteKeeper.exe
PRC - [2008/10/07 03:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 05:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
========== Modules (SafeList) ==========
MOD - [2011/03/30 18:56:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tanya\Desktop\OTL.exe
MOD - [2011/02/23 15:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 13:00:00 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008/04/14 13:00:00 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll
MOD - [2008/04/14 13:00:00 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvfw32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (EzEITService)
SRV - File not found [Auto | Stopped] -- -- (EITUACService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/05/13 17:44:00 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008/04/14 13:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 13:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
========== Driver Services (SafeList) ==========
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/11/07 10:04:00 | 000,291,328 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/10/08 07:35:10 | 001,334,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/09/23 21:23:58 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/08/27 00:35:00 | 004,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/15 04:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/10/27 05:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SMSN&bmod=SMSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwat...nkToFoodTracker
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 13:04:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 13:04:40 | 000,000,000 | ---D | M]
[2010/09/06 19:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tanya\Application Data\Mozilla\Extensions
[2010/09/06 19:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tanya\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/30 06:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tanya\Application Data\Mozilla\Firefox\Profiles\nvb02gxk.default\extensions
[2010/10/13 10:49:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tanya\Application Data\Mozilla\Firefox\Profiles\nvb02gxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/18 20:50:23 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Tanya\Application Data\Mozilla\Firefox\Profiles\nvb02gxk.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/01/29 10:59:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tanya\Application Data\Mozilla\Firefox\Profiles\nvb02gxk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2011/03/25 22:56:48 | 000,000,000 | ---D | M] (LiveJournal Addons) -- C:\Documents and Settings\Tanya\Application Data\Mozilla\Firefox\Profiles\nvb02gxk.default\extensions\[email protected]
[2011/03/30 06:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 14:30:02 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/30 12:38:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/30 12:37:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/30 12:37:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\BatteryBar.lnk = C:\Program Files\BatteryBar\BatteryBar.exe (Osiris Development)
O4 - Startup: C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\FruitfulTime NoteKeeper.lnk = C:\Program Files\FruitfulTime\FruitfulTime NoteKeeper\FruitfulTime NoteKeeper.exe (FruitfulTime ®)
O4 - Startup: C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\Movie Magic Screenwriter 6 (2).lnk = C:\Program Files\Write Brothers, Inc\Movie Magic Screenwriter 6\scwriter32.exe (Write Brothers, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/02 02:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7593f051-b9e2-11df-a6c7-001377fc35ce}\Shell - "" = AutoRun
O33 - MountPoints2\{7593f051-b9e2-11df-a6c7-001377fc35ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7593f051-b9e2-11df-a6c7-001377fc35ce}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{7593f051-b9e2-11df-a6c7-001377fc35ce}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{7593f051-b9e2-11df-a6c7-001377fc35ce}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{bcba528d-cbf6-11df-a6f6-0024d29367cc}\Shell - "" = AutoRun
O33 - MountPoints2\{bcba528d-cbf6-11df-a6f6-0024d29367cc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bcba528d-cbf6-11df-a6f6-0024d29367cc}\Shell\AutoRun\command - "" = E:\install.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/30 18:59:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tanya\Desktop\OTL.exe
[2011/03/30 18:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/30 16:23:51 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/30 15:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tanya\Application Data\Malwarebytes
[2011/03/30 15:29:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/30 15:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/30 15:29:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/30 15:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/29 13:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/29 13:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/29 13:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/29 13:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/29 13:13:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/29 13:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/03/29 13:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/27 07:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tanya\My Documents\Screenwriter Documents
[2011/03/05 11:15:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tanya\Recent
[2011/03/05 07:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/30 18:56:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tanya\Desktop\OTL.exe
[2011/03/30 18:54:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 18:43:21 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/30 18:42:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/30 16:23:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/30 15:29:55 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Tanya\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/30 15:29:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/30 14:27:42 | 000,006,184 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/03/30 14:27:42 | 000,004,328 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/03/29 12:59:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/28 13:24:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/27 07:48:08 | 000,531,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/27 07:48:08 | 000,093,656 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/27 07:47:35 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\BatteryBar.lnk
[2011/03/22 18:23:19 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\Tanya\.recently-used.xbel
[2011/03/16 11:05:00 | 000,001,578 | ---- | M] () -- C:\DealUIController
[2011/03/09 16:16:01 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/30 15:29:55 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Tanya\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/30 15:29:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/27 07:47:34 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\BatteryBar.lnk
[2011/03/22 18:23:19 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\Tanya\.recently-used.xbel
[2011/03/09 16:10:43 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/10 20:57:56 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tanya\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 19:15:20 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/09/11 09:12:02 | 000,029,740 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/07 14:36:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/07 09:40:14 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Tanya_KBD.ini
[2010/09/06 21:33:08 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2010/09/06 19:16:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/05 02:29:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/14 03:18:04 | 000,279,629 | ---- | C] () -- C:\WINDOWS\esubmit.exe
[2009/04/02 03:14:12 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SetDisplayResolution.exe
[2009/04/02 03:07:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
[2009/04/02 03:07:28 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/04/02 03:07:28 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2009/04/02 03:07:26 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/04/02 03:07:25 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/04/02 03:07:25 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/04/02 03:07:25 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/04/02 03:07:25 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/04/02 03:07:25 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/04/02 03:07:25 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/04/02 03:07:25 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/04/02 03:07:25 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/04/02 03:07:25 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/04/02 03:07:25 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/04/02 03:07:25 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/04/02 03:07:25 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/04/02 03:07:25 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/04/02 03:07:25 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/04/02 03:07:25 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/04/02 03:07:25 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/04/02 03:05:17 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/04/02 03:05:17 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/04/02 03:02:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/04/02 02:59:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe
[2009/04/02 02:59:34 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/04/02 02:57:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/02 02:53:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/02 01:35:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/04/02 01:34:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/04/02 01:34:32 | 000,531,930 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/02 01:34:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/04/02 01:34:30 | 000,093,656 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/02 01:34:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/04/02 01:34:30 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/04/02 01:34:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/04/02 01:34:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/04/02 01:34:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/04/02 01:34:28 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/04/02 01:34:24 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/04/02 01:34:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/04/01 18:47:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/01 18:46:52 | 000,155,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/02/27 01:49:12 | 006,139,774 | ---- | C] () -- C:\WINDOWS\imagine digital freedom.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 1177 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:FxmilxYiNEJLBgAag28D2CL1YpL9i
@Alternate Data Stream - 1129 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:sfuaOY9Yzs1DzU5FR0ZMDaHa6J
@Alternate Data Stream - 1107 bytes -> C:\Documents and Settings\Tanya\Cookies:B6L3MIAbinlpvuc18j3c
@Alternate Data Stream - 1045 bytes -> C:\Documents and Settings\Tanya\Cookies:l222SsNmq8Io2I364QWF
< End of report >