Sorry. I re-read the initial malware instructions and ran OTL instead of Highjack This. Here's the log.
OTL logfile created on: 5/14/2011 1:46:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\khaller\My Documents\Program Files (KRH)\Anti-Malware (Geeks To Go)\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 11.67 Gb Free Space | 7.83% Space Free | Partition Type: NTFS
Drive I: | 60.00 Gb Total Space | 32.05 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive J: | 122.07 Gb Total Space | 14.41 Gb Free Space | 11.81% Space Free | Partition Type: NTFS
Drive K: | 1093.49 Gb Total Space | 111.22 Gb Free Space | 10.17% Space Free | Partition Type: NTFS
Drive L: | 125.00 Gb Total Space | 17.25 Gb Free Space | 13.80% Space Free | Partition Type: NTFS
Drive M: | 60.00 Gb Total Space | 2.22 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive N: | 24.41 Gb Total Space | 2.40 Gb Free Space | 9.83% Space Free | Partition Type: NTFS
Drive P: | 50.00 Gb Total Space | 3.05 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
Drive R: | 60.00 Gb Total Space | 2.22 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive S: | 24.41 Gb Total Space | 2.40 Gb Free Space | 9.83% Space Free | Partition Type: NTFS
Drive T: | 24.41 Gb Total Space | 2.40 Gb Free Space | 9.83% Space Free | Partition Type: NTFS
Drive V: | 1093.49 Gb Total Space | 111.22 Gb Free Space | 10.17% Space Free | Partition Type: NTFS
Drive W: | 1093.49 Gb Total Space | 111.22 Gb Free Space | 10.17% Space Free | Partition Type: NTFS
Computer Name: KHALLERXP1-346 | User Name: khaller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/05/14 13:37:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\khaller\My Documents\Program Files (KRH)\Anti-Malware (Geeks To Go)\OTL\OTL.exe
PRC - [2011/04/29 20:39:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/21 19:00:20 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/04/29 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/04/29 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/01/16 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2007/10/26 14:28:10 | 001,544,992 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
PRC - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/04/06 10:25:56 | 000,364,628 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/03/09 15:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 14:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/02/27 18:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007/02/27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2006/12/28 20:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2006/09/06 17:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/12 16:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2006/02/02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ========== MOD - [2011/05/14 13:37:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\khaller\My Documents\Program Files (KRH)\Anti-Malware (Geeks To Go)\OTL\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/05/13 13:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2007/02/27 18:48:08 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
========== Win32 Services (SafeList) ========== SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/04/06 10:25:56 | 000,364,628 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2007/02/27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/05/12 16:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
========== Driver Services (SafeList) ========== DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/04/29 20:07:00 | 000,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/04/29 20:07:00 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/04/29 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/04/29 20:07:00 | 000,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/04/29 20:07:00 | 000,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/04/29 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/10/20 20:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2007/11/20 17:39:56 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/10/26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/09/28 17:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/09/28 17:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/09/21 02:19:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/05/14 13:21:16 | 000,057,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/03/27 06:27:02 | 000,543,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/02/27 19:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/16 16:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/24 19:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/24 19:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/22 12:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 12:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 12:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/10/15 16:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/10 00:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/02/02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://retailbrandalliance.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://retailbrandalliance.com/"FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems:
[email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "
http://www.google.co...com/search?&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{ECDCBFB7-DAB1-429A-BAF2-A8C1F33426F0}: C:\Documents and Settings\khaller\Local Settings\Application Data\{ECDCBFB7-DAB1-429A-BAF2-A8C1F33426F0}\ [2011/05/10 22:16:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{DC172991-D018-4182-A7A0-7E7D26EFA1A6}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{DC172991-D018-4182-A7A0-7E7D26EFA1A6} [2011/05/12 09:34:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 20:39:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 15:10:04 | 000,000,000 | ---D | M]
[2008/07/09 17:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\khaller\Application Data\Mozilla\Extensions
[2011/04/03 12:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\khaller\Application Data\Mozilla\Firefox\Profiles\1d9xfj0p.default\extensions
[2011/02/18 14:21:18 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\khaller\Application Data\Mozilla\Firefox\Profiles\1d9xfj0p.default\extensions\
[email protected][2010/07/12 14:43:00 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\khaller\Application Data\Mozilla\Firefox\Profiles\1d9xfj0p.default\searchplugins\bing.xml
[2009/05/26 09:56:02 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\khaller\Application Data\Mozilla\Firefox\Profiles\1d9xfj0p.default\searchplugins\wolframalpha.xml
[2010/07/12 14:43:18 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\khaller\Application Data\Mozilla\Firefox\Profiles\1d9xfj0p.default\searchplugins\youtube.xml
[2011/04/03 12:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/23 01:41:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/12 09:34:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{DC172991-D018-4182-A7A0-7E7D26EFA1A6}
[2011/05/10 22:16:13 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KHALLER\LOCAL SETTINGS\APPLICATION DATA\{ECDCBFB7-DAB1-429A-BAF2-A8C1F33426F0}
[2009/01/05 10:33:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/06/24 09:38:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/29 20:39:31 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/04/29 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/01/26 11:38:29 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2010/09/28 11:43:10 | 000,239,496 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/01/26 11:38:48 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/01/26 11:38:28 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [KMsAsKYhhcwX] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: marketsight.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: retailbrandalliance.com ([]http in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71}
http://download.micr...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://harrisongrou...ent/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NY.retailbrandalliance.ad
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/09 02:20:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2330cd01-562e-11e0-acbb-001e4c39e391}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{2330cd01-562e-11e0-acbb-001e4c39e391}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{2d03194c-c7f2-11dc-a76b-00059a3c7800}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{4549b7a4-5982-11dd-a84d-001e4c39e391}\Shell - "" = AutoRun
O33 - MountPoints2\{4549b7a4-5982-11dd-a84d-001e4c39e391}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4549b7a4-5982-11dd-a84d-001e4c39e391}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{4549b7a6-5982-11dd-a84d-001e4c39e391}\Shell - "" = AutoRun
O33 - MountPoints2\{4549b7a6-5982-11dd-a84d-001e4c39e391}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4549b7a6-5982-11dd-a84d-001e4c39e391}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{5fb0c60f-415f-11de-a9a3-001e4cf9c397}\Shell\AutoRun\command - "" = E:\PC.exe
O33 - MountPoints2\{6db043c5-e04f-11de-aa91-001e4cf9c397}\Shell\AutoRun\command - "" = E:\__DTMEDIA\DTMedia.exe
O33 - MountPoints2\{6f0e0a8b-ddfc-11df-abf5-001e4c39e391}\Shell - "" = AutoRun
O33 - MountPoints2\{6f0e0a8b-ddfc-11df-abf5-001e4c39e391}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f0e0a8b-ddfc-11df-abf5-001e4c39e391}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{827ecb4a-664c-11dd-a861-00059a3c7800}\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{84e4e472-6764-11e0-acd5-001e4c39e391}\Shell\AutoRun\command - "" = E:\urDrive.exe
O33 - MountPoints2\{a87a3300-199a-11e0-ac55-001e4c39e391}\Shell - "" = AutoRun
O33 - MountPoints2\{a87a3300-199a-11e0-ac55-001e4c39e391}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a87a3300-199a-11e0-ac55-001e4c39e391}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cb7d8641-be4e-11dc-9b7b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{cb7d8641-be4e-11dc-9b7b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb7d8641-be4e-11dc-9b7b-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{cdd1ba3f-5ba1-11e0-acc2-001e4c39e391}\Shell\AutoRun\command - "" = E:\urDrive.exe
O33 - MountPoints2\{d6503350-eac8-11dc-a7a3-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{d6503350-eac8-11dc-a7a3-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6503350-eac8-11dc-a7a3-00059a3c7800}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f7db7dde-d1bb-11dc-a77c-00059a3c7800}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{fc5ba1a0-995f-11de-aa2a-001e4cf9c397}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/05/14 00:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/14 00:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khaller\Application Data\SUPERAntiSpyware.com
[2011/05/14 00:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khaller\Start Menu\Programs\SUPERAntiSpyware
[2011/05/14 00:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/13 16:54:58 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPCo0.dll
[2011/05/13 15:43:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/12 20:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/12 20:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/12 20:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/12 08:53:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/12 08:37:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/05/12 08:37:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/05/12 08:37:36 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/05/12 08:35:37 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/05/10 22:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khaller\Local Settings\Application Data\{ECDCBFB7-DAB1-429A-BAF2-A8C1F33426F0}
[2008/01/09 18:29:05 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/01/09 18:29:04 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\Documents and Settings\khaller\*.tmp files -> C:\Documents and Settings\khaller\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/05/14 13:44:39 | 000,007,110 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/05/14 13:09:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/14 13:06:24 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/05/14 12:17:37 | 000,000,462 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2011/05/14 12:15:56 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/05/14 12:14:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/14 12:13:57 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/14 12:12:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/14 12:12:18 | 2103,734,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 00:10:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\khaller\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/13 17:16:16 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\khaller\Desktop\Microsoft Office Outlook 2003.lnk
[2011/05/13 16:56:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/05/13 16:56:04 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/05/13 15:43:51 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/05/12 21:02:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/12 18:49:24 | 000,000,174 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/05/12 17:50:35 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\khaller\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/05/12 12:47:30 | 000,001,329 | ---- | M] () -- C:\WINDOWS\Bloxebebebagu.dat
[2011/05/12 09:35:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Grutijosifaduju.bin
[2011/05/12 09:09:22 | 000,500,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/12 09:09:22 | 000,085,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/12 08:52:25 | 000,622,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/12 08:40:39 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/12 08:40:39 | 000,001,836 | ---- | M] () -- C:\WINDOWS\setupinf.mif
[2011/05/12 08:39:59 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/12 08:34:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/12 08:34:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/12 08:34:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/12 08:33:56 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/12 08:27:21 | 000,022,832 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/12 07:52:46 | 001,569,257 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/05/10 22:12:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\khaller\2gweorjqjutp92vjy9gake
[2011/05/09 22:29:06 | 000,181,760 | ---- | M] () -- C:\Documents and Settings\khaller\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/02 08:55:44 | 000,000,826 | RHS- | M] () -- C:\Documents and Settings\khaller\ntuser.pol
[2011/05/01 15:30:29 | 000,006,272 | ---- | M] () -- C:\Documents and Settings\khaller\Application Data\PrimoPDFSet.xml
[2011/05/01 14:43:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/27 09:49:49 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\khaller\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/24 15:10:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/21 18:59:46 | 000,120,104 | ---- | M] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPCo0.dll
[1 C:\Documents and Settings\khaller\*.tmp files -> C:\Documents and Settings\khaller\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/05/14 00:10:46 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\khaller\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/13 16:56:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/05/13 16:56:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/05/12 08:52:23 | 2103,734,272 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/12 08:40:39 | 000,001,836 | ---- | C] () -- C:\WINDOWS\setupinf.mif
[2011/05/12 08:37:25 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/05/12 08:36:48 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/05/12 08:36:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/05/12 08:36:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/05/12 08:36:30 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/05/12 08:36:18 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/05/12 08:36:10 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/05/12 08:36:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/05/12 08:35:41 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/05/12 08:32:39 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/12 08:27:25 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/05/11 13:15:27 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/05/11 13:15:27 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/05/11 13:15:27 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/05/11 13:15:27 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/05/11 13:15:27 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/05/11 13:15:26 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/05/11 13:15:26 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/05/11 13:15:26 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/05/11 13:15:26 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/05/11 13:15:26 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/05/11 13:15:26 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/05/11 13:15:26 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/05/11 13:15:26 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/05/11 13:15:26 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/05/11 13:15:26 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/05/11 13:15:26 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/05/11 13:15:26 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/05/11 13:15:25 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/10 22:16:15 | 000,001,329 | ---- | C] () -- C:\WINDOWS\Bloxebebebagu.dat
[2011/05/10 22:16:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Grutijosifaduju.bin
[2011/05/10 22:12:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\khaller\2gweorjqjutp92vjy9gake
[2011/04/11 23:12:14 | 000,464,254 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2143859127-1516982502-3389632016-3411-0.dat
[2011/03/11 18:55:16 | 000,464,254 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/04 22:11:42 | 000,315,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/28 09:33:13 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2010/08/28 09:32:15 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/08/24 12:43:28 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/24 12:43:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/07/03 16:50:15 | 000,148,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/24 17:46:31 | 000,000,041 | ---- | C] () -- C:\WINDOWS\webica.ini
[2010/06/02 12:02:10 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2009/11/30 15:34:25 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/11/30 15:34:25 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/11/05 10:45:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\khaller\Application Data\winscp.rnd
[2009/10/21 12:24:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/13 13:02:24 | 000,050,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/02/05 17:44:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/22 01:18:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/10/06 10:17:13 | 000,000,078 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/06/12 14:35:50 | 000,163,896 | ---- | C] () -- C:\WINDOWS\sequencer.exe
[2008/06/12 14:35:18 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/30 10:20:12 | 000,006,272 | ---- | C] () -- C:\Documents and Settings\khaller\Application Data\PrimoPDFSet.xml
[2008/04/30 10:20:12 | 000,000,311 | ---- | C] () -- C:\Documents and Settings\khaller\Application Data\APUSet.xml
[2008/04/30 10:18:04 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/30 10:17:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/20 15:48:51 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL
[2008/03/19 10:50:15 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2008/03/12 13:21:21 | 000,181,760 | ---- | C] () -- C:\Documents and Settings\khaller\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/27 20:13:50 | 000,000,174 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/02/06 13:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/01/12 12:02:28 | 000,000,462 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/12 01:13:44 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2008/01/12 01:13:44 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/01/11 17:00:45 | 000,001,270 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/01/11 16:05:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL
[2008/01/11 16:05:09 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2008/01/11 16:05:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DAT
[2008/01/09 18:29:07 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2008/01/09 18:29:05 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/01/09 06:59:51 | 000,000,041 | ---- | C] () -- C:\WINDOWS\CSERVE.INI
[2008/01/09 06:45:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/09 06:00:52 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/01/09 06:00:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/01/09 02:25:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/01/09 02:18:06 | 000,022,832 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/01/08 21:05:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/08 21:04:26 | 000,622,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/26 14:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 14:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 11:43:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2007/08/09 11:28:52 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/02/27 18:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 18:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/11/06 17:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/06/14 12:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,500,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,085,974 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ========== [2008/04/20 15:48:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/22 16:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2009/11/30 15:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/05/30 13:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/02 00:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\Amazon
[2008/11/22 01:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\Blackberry Desktop
[2010/08/28 09:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\Canon
[2009/05/20 18:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/06/22 11:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\ICAClient
[2008/07/14 16:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\InterVideo
[2009/05/24 14:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\Leadertech
[2010/06/01 14:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1
[2008/11/22 01:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\Research In Motion
[2010/02/08 15:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/01/18 16:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\webex
[2009/05/26 15:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\Windows Desktop Search
[2009/05/26 17:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\Windows Search
[2009/05/05 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khaller\Application Data\Xerox
[2011/05/14 13:06:24 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
========== Purity Check ========== < End of report >