Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I am getting random pop-ups, cannot get rid of them

Started by boyn0010 , Apr 20 2011 11:42 PM

  • Please log in to reply

#1
boyn0010
Posted 20 April 2011 - 11:42 PM

boyn0010

    New Member

  • Member
  • Pip
  • 8 posts
I am running on XP 64-bit SP2. I have run full scans with Symantec Endpoint, Spybot, and Malwarebytes. Symantec and Malwarebytes removed some stuff but I am still getting random pop-ups. I am not sure what else to do. Please help.

OTL quick scan log here:

OTL logfile created on: 4/21/2011 12:44:32 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 73.00% Memory free
37.00 Gb Paging File | 35.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): c:\pagefile.sys 30000 30000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 259.67 Gb Free Space | 55.75% Space Free | Partition Type: NTFS

Computer Name: BOYNTON | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/21 00:44:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/06 22:48:52 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Mozilla Firefox\firefox.exe
PRC - [2011/01/05 15:52:28 | 002,468,352 | ---- | M] (DS Development) -- C:\Easy Mail Merge 2.0.208\EMMOpts.exe
PRC - [2011/01/05 15:50:30 | 000,681,984 | ---- | M] (DS Development) -- C:\Easy Mail Merge 2.0.208\EMMData.exe
PRC - [2010/11/09 18:53:00 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Symantec\Rtvscan.exe
PRC - [2009/09/17 19:55:12 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Symantec\ProtectionUtilSurrogate.exe
PRC - [2009/07/08 21:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Spybot\TeaTimer.exe
PRC - [2005/11/28 06:21:46 | 000,069,632 | ---- | M] (VoyagerSoft, LLC) -- C:\SolidConverterPDF\SCPDF\SolidPdfService.exe
PRC - [2002/08/19 05:16:40 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\AIM95\aim.exe


========== Modules (SafeList) ==========

MOD - [2011/04/21 00:44:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/09/07 19:04:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll
MOD - [2007/02/18 11:05:22 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2005/03/25 06:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2002/08/19 05:12:36 | 000,028,672 | ---- | M] (America Online, Inc.) -- C:\AIM95\idlemon.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/24 01:07:58 | 001,039,776 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2010/03/24 01:07:58 | 000,031,136 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2011/01/30 23:49:03 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/01/17 22:19:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/09 18:53:00 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/05/14 22:45:26 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\dell\Drivers\stacsv64.exe -- (STacSV)
SRV - [2010/01/10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Symantec\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:37:56 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Symantec\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:22:16 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Symantec\SNAC64.EXE -- (SNAC)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2005/11/28 06:21:46 | 000,069,632 | ---- | M] (VoyagerSoft, LLC) [Auto | Running] -- C:\SolidConverterPDF\SCPDF\SolidPdfService.exe -- (ScReadSpool)
SRV - [2005/03/25 06:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)


========== Driver Services (SafeList) ==========

DRV - [2011/03/31 03:00:00 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20110420.020\EX64.SYS -- (NAVEX15)
DRV - [2011/03/31 03:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20110420.020\ENG64.SYS -- (NAVENG)
DRV - [2010/12/17 11:54:46 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/12/17 11:54:46 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 21:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/25 21:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/25 21:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtsp64.sys -- (SRTSP)
DRV - [2005/03/25 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Mozilla Firefox\components [2011/03/04 02:11:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011/02/08 00:03:38 | 000,000,000 | ---D | M]

[2011/01/30 21:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/01/30 21:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/04/07 08:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f77ho69n.default\extensions
[2011/01/17 23:25:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f77ho69n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/22 19:39:14 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f77ho69n.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011/01/29 10:21:45 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f77ho69n.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/01/17 23:25:27 | 000,000,000 | ---D | M] (Firefox 2, the theme, reloaded) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f77ho69n.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}
[2011/01/17 23:25:27 | 000,000,000 | ---D | M] (Open link in...) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f77ho69n.default\extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}
[2011/01/17 23:25:28 | 000,000,000 | ---D | M] ("Sidebar Bookmark Selector") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f77ho69n.default\extensions\sidebarBookmarkSelector@alice
[2011/01/17 22:06:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qi2e25ey.default\extensions

Hosts file not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Solid Converter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Solid Converter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O4:64bit: - HKLM..\Run: [BCSSync] C:\Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [AIM] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM95\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O16 - DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://aceonline.asi...ce/ltocx13n.cab (LEAD Main Control (13.0))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/17 19:52:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{365725aa-2714-11e0-9c1e-58946b619490}\Shell - "" = AutoRun
O33 - MountPoints2\{365725aa-2714-11e0-9c1e-58946b619490}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{365725aa-2714-11e0-9c1e-58946b619490}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RapidMatch_Launch_Materials_Contents.pdf
O33 - MountPoints2\{d384ab39-615c-11e0-b982-58946b619490}\Shell - "" = AutoRun
O33 - MountPoints2\{d384ab39-615c-11e0-b982-58946b619490}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d384ab39-615c-11e0-b982-58946b619490}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.ccoera.org
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/21 00:44:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/20 18:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/04/20 18:47:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2011/04/20 18:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/20 18:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/20 18:47:32 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2011/04/20 17:41:24 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/16 19:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Research In Motion
[2011/04/16 19:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2011/04/16 19:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry
[2011/04/16 19:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/04/16 19:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2011/04/16 19:43:33 | 000,000,000 | ---D | C] -- C:\BlackBerry
[2011/04/06 23:03:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\FrostWire
[2011/04/06 23:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2011/04/06 23:02:57 | 000,000,000 | ---D | C] -- C:\FrostWire
[2011/04/06 21:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2011/04/06 21:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InterVideo
[2011/04/06 21:22:11 | 000,000,000 | ---D | C] -- C:\Common
[2011/04/06 21:22:09 | 000,000,000 | ---D | C] -- C:\WinDVD
[2011/04/03 23:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MP3 Tools
[2011/04/03 23:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Shared
[2011/04/03 23:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Incomplete
[2011/04/03 23:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2011/04/03 23:43:05 | 000,000,000 | ---D | C] -- C:\LimeWire
[2011/04/01 14:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/21 00:45:41 | 000,157,536 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\print proof for Haberman2.jpg
[2011/04/21 00:45:17 | 000,020,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305510 - Randalls.pdf
[2011/04/21 00:44:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/20 23:59:16 | 000,020,721 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305519 - CFWEP.pdf
[2011/04/20 23:55:42 | 121,712,640 | R--- | M] () -- C:\Documents and Settings\Administrator\My Documents\RELYmedia.qbw
[2011/04/20 23:55:42 | 001,114,112 | R--- | M] () -- C:\Documents and Settings\Administrator\My Documents\RELYmedia.qbw.TLG
[2011/04/20 23:55:42 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RELYmedia.qbw.ND
[2011/04/20 23:22:45 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Outlook.lnk
[2011/04/20 22:05:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/20 18:06:47 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Word.lnk
[2011/04/20 17:41:37 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/20 17:17:51 | 000,246,294 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ADH3112-digipak-hsP001.jpg
[2011/04/20 17:17:20 | 000,070,751 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LDH2898-disc-hsP001.jpg
[2011/04/20 16:47:22 | 000,020,761 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305520 - Custom Display.pdf
[2011/04/20 16:19:28 | 000,020,770 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305509 - Marietta.pdf
[2011/04/20 16:14:06 | 000,020,883 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305518 - Clarity.pdf
[2011/04/20 15:14:40 | 001,043,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\photo.JPG
[2011/04/20 15:00:13 | 000,275,390 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1135122_Proof_LoRes.pdf
[2011/04/20 15:00:13 | 000,192,061 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1135123_Proof_LoRes.pdf
[2011/04/20 14:37:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2011/04/20 14:23:39 | 000,020,748 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305517 - Medtronic.pdf
[2011/04/19 21:35:25 | 261,276,860 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\interNET.zip
[2011/04/19 13:11:37 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Explorer.lnk
[2011/04/18 22:39:11 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Excel.lnk
[2011/04/17 13:36:47 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Refund.msg
[2011/04/16 08:20:15 | 000,002,119 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AdWords.lnk
[2011/04/15 21:58:06 | 000,000,411 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RELYmedia.ND
[2011/04/15 17:58:50 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\World Media Group - update.msg
[2011/04/14 10:59:24 | 000,378,880 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default Map.est
[2011/04/13 23:42:25 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 23:39:50 | 000,654,546 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/04/11 17:25:02 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Discount Labels.msg
[2011/04/08 15:03:02 | 000,019,086 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Capital One Lindsi.pdf
[2011/04/08 14:58:35 | 000,019,083 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Capital One Payment.pdf
[2011/04/08 14:56:36 | 000,037,981 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Discover Card_ Make a Payment Confirmation.pdf
[2011/04/06 23:03:07 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/04/06 22:01:50 | 000,018,028 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Bank of America _ Online Banking _ Bill Pay & e-Bills _ Pay Bill_ Payment Successful.pdf
[2011/04/01 14:09:04 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/21 00:45:41 | 000,157,536 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\print proof for Haberman2.jpg
[2011/04/21 00:45:17 | 000,020,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305510 - Randalls.pdf
[2011/04/20 23:24:56 | 000,020,721 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305519 - CFWEP.pdf
[2011/04/20 17:17:51 | 000,246,294 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ADH3112-digipak-hsP001.jpg
[2011/04/20 17:17:19 | 000,070,751 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LDH2898-disc-hsP001.jpg
[2011/04/20 16:47:22 | 000,020,761 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305520 - Custom Display.pdf
[2011/04/20 16:19:28 | 000,020,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305509 - Marietta.pdf
[2011/04/20 16:14:06 | 000,020,883 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305518 - Clarity.pdf
[2011/04/20 15:14:40 | 001,043,248 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\photo.JPG
[2011/04/20 15:00:13 | 000,275,390 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1135122_Proof_LoRes.pdf
[2011/04/20 15:00:13 | 000,192,061 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1135123_Proof_LoRes.pdf
[2011/04/20 14:23:39 | 000,020,748 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Invoice 305517 - Medtronic.pdf
[2011/04/19 21:12:09 | 261,276,860 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\interNET.zip
[2011/04/17 13:36:47 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Refund.msg
[2011/04/15 00:03:30 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\World Media Group - update.msg
[2011/04/11 17:25:02 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Discount Labels.msg
[2011/04/08 15:03:02 | 000,019,086 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Capital One Lindsi.pdf
[2011/04/08 14:58:35 | 000,019,083 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Capital One Payment.pdf
[2011/04/08 14:56:36 | 000,037,981 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Discover Card_ Make a Payment Confirmation.pdf
[2011/04/06 23:03:07 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/04/06 22:01:50 | 000,018,028 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Bank of America _ Online Banking _ Bill Pay & e-Bills _ Pay Bill_ Payment Successful.pdf
[2011/04/01 14:09:04 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe
[2011/02/12 18:26:09 | 000,000,167 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2011/02/12 14:09:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2011/02/04 20:35:30 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/01/31 23:55:43 | 000,013,147 | ---- | C] () -- C:\WINDOWS\hpbins01.dat.temp
[2011/01/31 23:55:43 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hpbmdl01.dat.temp
[2011/01/31 23:53:17 | 000,013,147 | ---- | C] () -- C:\WINDOWS\hpbins01.dat
[2011/01/31 23:53:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hpbmdl01.dat
[2011/01/31 00:08:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\AutoKMS.ini
[2011/01/30 23:49:43 | 000,008,192 | ---- | C] () -- C:\WINDOWS\SysWow64\srvany.exe
[2011/01/29 15:44:19 | 000,785,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/29 13:04:25 | 000,009,358 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel 97-2003.EML
[2011/01/29 13:04:22 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/17 23:33:41 | 000,080,368 | ---- | C] () -- C:\WINDOWS\SysWow64\pbadrvdll.dll
[2011/01/17 22:22:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2011/01/17 22:14:44 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/17 22:06:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/17 21:58:54 | 000,654,546 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/01/17 19:57:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/17 13:41:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/10 07:06:04 | 000,344,040 | ---- | C] () -- C:\WINDOWS\SysWow64\vfprintpthelper.dll
[2007/02/18 11:05:48 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 11:05:46 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 11:05:46 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 11:05:46 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 11:05:46 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 11:05:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 11:05:40 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 11:05:34 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 11:05:28 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 11:05:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 11:05:20 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\SysWow64\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\SysWow64\tx12.dll
[2005/03/25 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2005/03/25 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 06:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2005/03/25 06:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2005/03/25 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 06:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2005/03/25 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2005/03/25 06:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe

========== LOP Check ==========

[2011/01/29 11:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
[2011/03/24 12:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2011/01/29 13:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DS Development
[2011/04/16 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2011/01/31 23:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlobalSCAPE
[2011/04/06 21:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2011/04/03 23:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2011/04/16 19:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2011/04/21 00:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SolidDocuments
[2011/01/30 23:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UBitMenu
[2011/01/17 23:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2011/02/04 20:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/01/29 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DS Development
[2011/02/01 00:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2011/01/31 14:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/02/04 20:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/01/17 22:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2011/04/16 19:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/02/12 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2011/02/05 00:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/01/30 22:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/20 22:04:17 | 000,032,516 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C

< End of report >

Edited by boyn0010, 20 April 2011 - 11:47 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP