Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google, Epoclick, and Amazonaws redirects

Started by Richardatf , Mar 31 2011 05:59 PM

  • Please log in to reply

#1
Richardatf
Posted 31 March 2011 - 05:59 PM

Richardatf

    New Member

  • Member
  • Pip
  • 3 posts
Here is the OTL file, I did not start my last thread correctly, so I would like to start fresh, thank you in advance for your help. As a side note, I have contacted Google, Amazonaws, and Epoclick and threatened to sue them should this behavior continues, and it HAS continued. Perhaps there are others here that would like to join me in a class action suit, if anyone finds this as aggravating as I do, contact me at [email protected] and we will discuss our options.

The OTL file:

OTL Extras logfile created on: 3/31/2011 4:42:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 114.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.86 Gb Total Space | 54.93 Gb Free Space | 77.52% Space Free | Partition Type: NTFS
Drive D: | 3.66 Gb Total Space | 1.67 Gb Free Space | 45.68% Space Free | Partition Type: FAT32

Computer Name: STUPID | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1" = iMacros version 7.1.2.1109
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D95877BE-0165-42EC-B558-727F9F41372C}" = oobeFlagNetscape0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Foxit Reader" = Foxit Reader
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NVIDIA Drivers" = NVIDIA Drivers
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2011 9:25:44 PM | Computer Name = STUPID | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application presentationfontcache.exe, version 3.0.6920.1427,
stamp 488f1424, faulting module kernel32.dll, version 5.1.2600.2180, stamp 411096b4,
debug? 0, fault address 0x0001eb33.

Error - 3/25/2011 1:19:51 PM | Computer Name = STUPID | Source = nview_info | ID = 11141121
Description =

Error - 3/25/2011 1:19:51 PM | Computer Name = STUPID | Source = nview_info | ID = 11141121
Description =

Error - 3/25/2011 1:19:51 PM | Computer Name = STUPID | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 3/24/2011 2:58:43 PM | Computer Name = STUPID | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/24/2011 2:58:43 PM | Computer Name = STUPID | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/24/2011 2:58:43 PM | Computer Name = STUPID | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/24/2011 2:58:43 PM | Computer Name = STUPID | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/24/2011 2:58:44 PM | Computer Name = STUPID | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/24/2011 2:58:44 PM | Computer Name = STUPID | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/24/2011 2:58:44 PM | Computer Name = STUPID | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/24/2011 2:58:44 PM | Computer Name = STUPID | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/24/2011 2:58:44 PM | Computer Name = STUPID | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/24/2011 10:56:55 PM | Computer Name = STUPID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >
  • 0

Advertisements

#2
Richardatf
Posted 31 March 2011 - 06:02 PM

Richardatf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL logfile created on: 3/31/2011 4:42:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 114.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.86 Gb Total Space | 54.93 Gb Free Space | 77.52% Space Free | Partition Type: NTFS
Drive D: | 3.66 Gb Total Space | 1.67 Gb Free Space | 45.68% Space Free | Partition Type: FAT32

Computer Name: STUPID | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 16:41:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/03/23 12:16:15 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/02/18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/02/15 08:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/02/15 08:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/09/02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/18 15:05:12 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2004/06/03 21:51:54 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/03/19 15:17:00 | 000,078,960 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe


========== Modules (SafeList) ==========

MOD - [2011/03/31 16:41:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2011/02/15 08:25:56 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/07/25 11:17:20 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/23 12:16:15 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/15 08:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/15 08:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/04/21 15:56:10 | 000,242,176 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/10/20 12:39:32 | 000,040,724 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/10/18 15:05:12 | 000,042,968 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/06/17 15:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 15:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/25 16:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/05/25 16:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/05/17 00:00:54 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/05/17 00:00:52 | 000,033,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/04/02 01:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 13:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/03/23 17:24:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 12:47:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/23 12:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/03/23 18:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4irpqgh.default\extensions
[2011/03/23 18:04:40 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4irpqgh.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/03/23 16:49:15 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4irpqgh.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/03/23 20:42:20 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4irpqgh.default\searchplugins\conduit.xml
[2011/03/23 12:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/03/25 09:40:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/24 22:32:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.69.41 213.109.72.20 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/09 00:24:26 | 000,000,045 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{628029d1-564a-11e0-9985-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{628029d1-564a-11e0-9985-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{628029d1-564a-11e0-9985-00038a000015}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/31 15:03:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/03/27 19:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\History
[2011/03/26 13:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2011/03/25 09:42:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/24 22:32:45 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/24 22:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\3-24-2011 Registry Backup
[2011/03/24 22:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Erunt
[2011/03/24 18:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/03/24 18:26:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/24 18:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/24 18:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/24 18:25:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/24 18:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/24 14:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/03/24 14:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/03/24 12:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\U3
[2011/03/24 12:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2011/03/24 12:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
[2011/03/24 11:45:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/03/24 11:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My eBooks
[2011/03/24 11:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/03/24 11:15:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/03/24 11:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/03/23 18:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iOpus iMacros
[2011/03/23 18:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\iOpus
[2011/03/23 18:25:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/03/23 18:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/03/23 18:25:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/03/23 18:24:08 | 000,000,000 | ---D | C] -- C:\c2cfb414c84ce65b51b35a
[2011/03/23 18:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/03/23 17:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/03/23 17:27:39 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/03/23 17:27:36 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/23 17:27:35 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/03/23 17:27:35 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/03/23 17:27:35 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/03/23 17:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/03/23 17:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/03/23 16:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ForceField Shared Files
[2011/03/23 16:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2011/03/23 16:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/03/23 16:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
[2011/03/23 16:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ZoneAlarm_Security
[2011/03/23 16:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/03/23 16:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
[2011/03/23 16:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011/03/23 16:44:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/03/23 16:44:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/03/23 16:44:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/03/23 16:28:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/03/23 16:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2011/03/23 16:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2011/03/23 13:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\iMacros
[2011/03/23 13:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2011/03/23 13:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2011/03/23 12:52:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/03/23 12:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2011/03/23 12:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2011/03/23 12:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/23 12:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/03/23 12:36:03 | 000,242,176 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\rt2500.sys
[2011/03/23 12:36:03 | 000,242,176 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\RT2500.sys
[2011/03/23 12:36:03 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
[2011/03/23 12:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Linksys Wireless-G PCI Adapter
[2011/03/23 12:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
[2011/03/23 12:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2011/03/23 12:20:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/23 12:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/23 12:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2011/03/23 12:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Media Reader
[2011/03/23 12:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/03/23 12:18:31 | 000,020,480 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2011/03/23 12:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD
[2011/03/23 12:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2011/03/23 12:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/03/23 12:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2011/03/23 12:15:59 | 000,212,480 | R--- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL
[2011/03/23 12:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/03/23 12:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/03/23 12:15:06 | 000,018,000 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2011/03/23 12:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\BigFix
[2011/03/23 12:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Burn a CD or Data DVD
[2011/03/23 12:14:25 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll
[2011/03/23 12:14:25 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2011/03/23 12:14:25 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2011/03/23 12:14:24 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll
[2011/03/23 12:14:24 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll
[2011/03/23 12:14:24 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2011/03/23 12:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2011/03/23 12:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2011/03/23 12:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2011/03/23 12:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Companion
[2011/03/23 12:14:09 | 000,102,400 | ---- | C] (4Developers LLC) -- C:\WINDOWS\System32\SimpleRegistry.dll
[2011/03/23 12:14:09 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2011/03/23 12:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2011/03/23 12:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2011/03/23 12:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/23 12:14:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2011/03/23 12:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Learn2.com
[2011/03/23 12:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2011/03/23 12:13:56 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2011/03/23 12:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/03/23 12:13:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/03/23 12:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/23 12:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2011/03/23 12:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2011/03/23 12:13:38 | 000,000,000 | ---D | C] -- C:\My Music
[2011/03/23 12:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/03/23 12:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/03/23 12:13:35 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2011/03/23 12:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2011/03/23 12:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2011/03/23 12:13:11 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2011/03/23 12:13:11 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2011/03/23 12:13:11 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx
[2011/03/23 12:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\America Online
[2011/03/23 12:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2011/03/23 12:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2011/03/23 12:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\America Online 9.0
[2011/03/23 12:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2011/03/23 12:11:56 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/03/23 12:11:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/03/23 12:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2011/03/23 12:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money
[2011/03/23 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money
[2011/03/23 12:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
[2011/03/23 12:09:24 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/03/23 12:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NVIDIA Shared
[2011/03/23 12:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/03/23 12:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2011/03/23 12:08:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2011/03/23 12:08:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/03/23 12:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/03/23 12:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/23 12:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/23 12:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2011/03/23 12:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eMachines Documentation
[2011/03/23 12:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\New Boundary
[2011/03/23 12:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/03/23 12:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Recovery
[2011/03/23 12:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/03/23 11:59:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/03/23 11:42:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\creator
[2011/03/23 11:42:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2011/03/23 11:41:40 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/03/23 11:41:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2011/03/23 11:41:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/03/23 11:41:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup
[2011/03/23 11:41:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2011/03/23 11:41:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2011/03/23 11:41:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2011/03/23 11:41:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2011/03/23 11:41:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Accessories
[2011/03/23 11:41:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2011/03/23 11:41:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/03/23 11:41:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/03/23 11:41:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/03/23 11:41:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/03/23 11:41:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2011/03/23 11:41:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/03/23 11:41:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/03/23 11:41:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/03/23 11:41:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/03/23 11:41:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/03/23 11:41:11 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/03/23 11:38:15 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/03/11 19:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Internet HiJack evidence
[2011/03/10 10:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Gloria's Property

========== Files - Modified Within 30 Days ==========

[2011/03/28 13:21:41 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/28 13:20:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/28 13:20:25 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/25 10:21:00 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/25 10:21:00 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/25 09:53:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/24 22:32:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/24 18:26:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/24 17:18:49 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/03/24 17:18:49 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/03/24 14:54:59 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.html
[2011/03/24 14:54:59 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTApp.html
[2011/03/24 14:51:15 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Files and Settings Transfer Wizard.lnk
[2011/03/24 14:44:19 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/03/24 14:44:19 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/03/24 14:41:44 | 000,415,851 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Christ at His Sanctuary.pdf
[2011/03/24 11:53:19 | 000,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/23 18:26:50 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iMacros 7.lnk
[2011/03/23 17:28:01 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/03/23 16:51:07 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/03/23 16:48:10 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/23 16:48:09 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk
[2011/03/23 13:10:50 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/23 13:10:16 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 13:09:48 | 000,000,557 | ---- | M] () -- C:\WINDOWS\Shortcut to WINDOWS.lnk
[2011/03/23 13:09:15 | 000,000,589 | ---- | M] () -- C:\Program Files\Shortcut to Program Files.lnk
[2011/03/23 12:47:13 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/23 12:47:13 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/23 12:35:53 | 000,001,155 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2011/03/23 12:31:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/23 12:30:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/23 12:29:31 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/23 12:29:28 | 000,000,029 | ---- | M] () -- C:\WINDOWS\wwwbatch.ini
[2011/03/23 12:29:26 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/03/23 12:29:25 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\ISP signup reminder 3.job
[2011/03/23 12:29:24 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\ISP signup reminder 2.job
[2011/03/23 12:23:42 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/03/23 12:20:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eMachines_W3050_Versionxx_CA74C10011220.MRK
[2011/03/23 12:20:18 | 000,001,290 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/03/23 12:20:18 | 000,000,488 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
[2011/03/23 12:14:47 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/23 12:14:18 | 000,000,837 | -H-- | M] () -- C:\IPH.PH
[2011/03/23 12:13:35 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2011/03/23 12:12:41 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/03/23 12:07:57 | 000,028,768 | ---- | M] () -- C:\WINDOWS\System32\javaw.exe
[2011/03/23 12:07:57 | 000,024,670 | ---- | M] () -- C:\WINDOWS\System32\java.exe
[2011/03/23 12:03:28 | 000,000,867 | ---- | M] () -- C:\WINDOWS\System32\VGASwitcher.lnk
[2011/03/19 14:29:39 | 003,812,357 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The History of the Christian Church Vol III.PDF
[2011/03/19 14:24:56 | 004,380,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The History of the Christian Church Vol I.PDF
[2011/03/19 14:17:35 | 003,109,050 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The History of the Christian Church Vol II.PDF
[2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2011/03/24 18:26:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/24 17:18:49 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/03/24 17:18:49 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/03/24 14:54:47 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.html
[2011/03/24 14:52:46 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTApp.html
[2011/03/24 14:50:58 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Files and Settings Transfer Wizard.lnk
[2011/03/24 14:44:19 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/03/24 14:44:19 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/03/24 14:41:44 | 000,415,851 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Christ at His Sanctuary.pdf
[2011/03/23 18:26:50 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\iMacros 7.lnk
[2011/03/23 17:28:01 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/03/23 16:48:10 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/23 16:48:09 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk
[2011/03/23 16:47:47 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/03/23 13:10:17 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/23 13:10:16 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 13:09:48 | 000,000,557 | ---- | C] () -- C:\WINDOWS\Shortcut to WINDOWS.lnk
[2011/03/23 13:09:15 | 000,000,589 | ---- | C] () -- C:\Program Files\Shortcut to Program Files.lnk
[2011/03/23 12:47:13 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/23 12:47:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/23 12:47:13 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/23 12:36:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/03/23 12:36:03 | 000,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
[2011/03/23 12:36:03 | 000,007,870 | ---- | C] () -- C:\WINDOWS\System32\rt2500.cat
[2011/03/23 12:35:53 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/03/23 12:31:00 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/03/23 12:30:59 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/23 12:29:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2011/03/23 12:29:24 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\ISP signup reminder 3.job
[2011/03/23 12:29:24 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\ISP signup reminder 2.job
[2011/03/23 12:23:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/03/23 12:20:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eMachines_W3050_Versionxx_CA74C10011220.MRK
[2011/03/23 12:17:41 | 469,291,008 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/23 12:16:16 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2011/03/23 12:16:16 | 000,030,056 | ---- | C] () -- C:\WINDOWS\System32\oemlogo.bmp
[2011/03/23 12:16:04 | 000,001,961 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/03/23 12:16:04 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/03/23 12:15:20 | 000,003,126 | ---- | C] () -- C:\WINDOWS\emachines_32.bmp
[2011/03/23 12:14:54 | 000,023,512 | ---- | C] () -- C:\WINDOWS\UNNeroBurnRights.cfg
[2011/03/23 12:12:42 | 000,000,837 | -H-- | C] () -- C:\IPH.PH
[2011/03/23 12:12:41 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/23 12:11:04 | 000,001,096 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Encarta Plus.lnk
[2011/03/23 12:08:48 | 000,003,787 | ---- | C] () -- C:\WINDOWS\System32\nvaudio.nvu
[2011/03/23 12:08:44 | 000,002,509 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2011/03/23 12:08:42 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2011/03/23 12:08:41 | 000,001,217 | ---- | C] () -- C:\WINDOWS\System32\nvmctl.nvu
[2011/03/23 12:08:32 | 000,002,124 | ---- | C] () -- C:\WINDOWS\System32\nvgart.nvu
[2011/03/23 12:08:24 | 000,013,474 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/03/23 12:08:24 | 000,004,452 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/23 12:08:06 | 000,028,768 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2011/03/23 12:08:06 | 000,024,670 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2011/03/23 11:42:12 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2011/03/19 14:30:20 | 003,812,357 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The History of the Christian Church Vol III.PDF
[2011/03/19 14:26:01 | 004,380,004 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The History of the Christian Church Vol I.PDF
[2011/03/19 14:20:34 | 003,109,050 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The History of the Christian Church Vol II.PDF
[2011/02/17 14:57:31 | 000,000,302 | ---- | C] () -- C:\WINDOWS\CAD.INI
[2004/08/27 03:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 02:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 11:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 11:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 09:12:43 | 000,001,290 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 000,000,488 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 09:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 09:12:10 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 09:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 09:12:10 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 09:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 09:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 09:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 09:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 09:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 09:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 09:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 09:11:46 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/26 03:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 03:54:01 | 000,145,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/03/23 12:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/23 16:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2011/03/23 16:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2011/03/23 12:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2011/03/23 12:29:24 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2011/03/23 12:29:25 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job

========== Purity Check ==========



< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP