Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Not sure if my computer is still infected


  • Please log in to reply

#1
LGC

LGC

    Member

  • Member
  • PipPip
  • 12 posts
Hi,

My partner had a rootkit virus on his pc. I believe it was called windows xp recovery.

The computer was getting what is commonly known as the BSOD and was also getting redirected on google search results.

After running rkill, he ran Malwarebytes, combofix, aswMBR, as well as a scan with antivir. The computer now seems to be running faster, and doesn't seem to be having the same systoms but we would rather be safe then sorry.

I tried running Gmer but it has frozen twice on me.

I have attached the DDS logs as well as any relevant logs that I have from other programs that were run. please let me know if you require anything else.

Any help would be greatly appreciated.

Thamks in Advance,

Lee
---------------------------------------------------
DDS Log
--------



.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jack Menashe at 0:40:21 on 2011-05-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.115 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jack Menashe\Desktop\lee\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.5672\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn10\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: MoneySide: {d6a116e7-5906-42e4-87f6-e7e15936415e} - c:\program files\microsoft money\system\mnyside.dll
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [USB Storage Toolbox] c:\windows\umstor\Res.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} - hxxp://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148917885531
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://agiusa.net/dwa7W.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15029/CTPID.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-2 11608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-2 61960]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2004-3-30 118106]
.
=============== Created Last 30 ================
.
2011-05-21 03:39:47 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{1d01d793-b604-4617-8455-2948e5c1eed3}\mpengine.dll
2011-05-18 23:30:55 89088 ----a-w- c:\windows\MBR.exe
2011-05-18 23:30:55 256512 ----a-w- c:\windows\PEV.exe
2011-05-18 16:49:20 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-05-18 14:17:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 16:10:06 -------- d-----w- c:\program files\iPod
2011-05-10 15:52:45 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-09 03:13:24 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2010-04-13 16:46:10 271060312 ----a-w- c:\program files\501_b049_multilanguage.exe
2009-01-25 00:36:07 2851216 ----a-w- c:\program files\PlaxoInstall_en.exe
2008-07-30 19:28:39 133227519 -c--a-w- c:\program files\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
2007-09-05 21:43:37 50009400 -c--a-w- c:\program files\iTunesSetup.exe
2007-08-27 15:55:07 1305088 -c--a-w- c:\program files\Netflix_Movie_Viewer_Installer.msi
2007-08-16 18:42:52 15732984 -c--a-w- c:\program files\Google_Earth_BZXD.exe
2007-06-01 02:52:10 2168968 -c--a-w- c:\program files\Vindigo_PPC.exe
2007-05-31 20:56:01 5248120 -c--a-w- c:\program files\AgPPCEN.exe
2007-05-31 20:42:48 4018320 -c--a-w- c:\program files\msasync31.exe
2006-11-08 04:06:24 17533000 -c--a-w- c:\program files\ie7setup_mail.exe
2006-10-20 01:27:00 408024 -c--a-w- c:\program files\DNLDSSC.exe
.
============= FINISH: 0:42:11.89 ===============

---------------------------------------------------

Attached Files


Edited by LGC, 23 May 2011 - 11:51 AM.

  • 0

Advertisements


#2
LGC

LGC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi,

I forgot to add the OTL Log.

----------------------------------

OTL logfile created on: 5/23/2011 3:10:12 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Jack Menashe\Desktop\lee
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 31.37 Mb Available Physical Memory | 6.25% Memory free
1.20 Gb Paging File | 0.37 Gb Available in Paging File | 30.50% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 3.73 Gb Free Space | 5.02% Space Free | Partition Type: NTFS

Computer Name: DEN | User Name: Jack Menashe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 15:09:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack Menashe\Desktop\lee\OTL.exe
PRC - [2011/05/18 12:51:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/05/18 12:51:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/15 05:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/04/15 05:14:11 | 000,108,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\tv_w32.exe
PRC - [2011/03/08 23:13:17 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/23 17:12:30 | 000,851,968 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/28 20:59:03 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/09/14 21:44:14 | 000,065,536 | ---- | M] (ali) -- C:\WINDOWS\UMStor\Res.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/12/02 19:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 16:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/04/01 20:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 15:09:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack Menashe\Desktop\lee\OTL.exe
MOD - [2011/04/15 05:14:10 | 000,050,552 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\tv_w32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/08/04 07:00:00 | 000,149,019 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CRTDLL.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - [2011/05/18 12:51:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/05/18 12:51:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/04/01 20:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe -- (BAsfIpM)
SRV - [2004/03/01 11:40:52 | 000,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpbpro.exe -- (HP Port Resolver)
SRV - [2004/03/01 11:40:52 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpboid.exe -- (HP Status Server)


========== Driver Services (SafeList) ==========

DRV - [2011/05/18 12:51:36 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/03/08 23:13:24 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2006/09/28 20:59:08 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/16 12:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\StMp3Rec.sys -- (StMp3Rec)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2004/06/10 16:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Sacm2A.sys -- (USBCM)
DRV - [2004/05/29 19:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/30 12:29:36 | 000,118,106 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
DRV - [2003/04/24 18:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys -- (BASFND)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/26 14:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/26 14:04:46 | 000,000,000 | ---D | M]

[2009/11/02 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jack Menashe\Application Data\Mozilla\Extensions
[2009/11/02 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jack Menashe\Application Data\Mozilla\Extensions\[email protected]
[2006/04/26 21:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jack Menashe\Application Data\Mozilla\Firefox\Profiles\kj4ymmqo.default\extensions
[2007/10/21 19:40:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/06/22 13:44:58 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/08/01 11:43:24 | 000,000,703 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.png
[2007/08/01 11:43:24 | 000,000,531 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.src

O1 HOSTS File: ([2011/05/19 02:53:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - File not found
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.exe (ali)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/06/02 11:33:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/06/02 11:33:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/06/02 11:33:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/06/02 11:33:45 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} https://www-secure.s...trl/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} https://www-secure.s...trl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecu...vex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...rl/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} http://download.ebay.../US/install.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1148917885531 (MUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} http://www.trendmicr...scan/as4web.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://agiusa.net/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by107fd.bay10...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15029/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1 68.237.161.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 11:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack Menashe\Application Data\TeamViewer
[2011/05/23 11:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/05/23 11:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/05/19 11:49:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/19 02:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack Menashe\Desktop\avast
[2011/05/19 01:46:26 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jack Menashe\Desktop\aswMBR.exe
[2011/05/18 16:20:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Symbols
[2011/05/18 12:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Debugging Tools for Windows (x86)
[2011/05/18 12:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2011/05/18 12:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack Menashe\Desktop\lee
[2011/05/18 11:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/05/18 10:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/18 10:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/18 10:17:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/18 10:11:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jack Menashe\Recent
[2011/05/16 21:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack Menashe\Start Menu\Programs\Windows XP Recovery
[2011/05/10 12:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/10 12:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/10 11:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/01/24 20:35:49 | 002,851,216 | ---- | C] (Plaxo, Inc.) -- C:\Program Files\PlaxoInstall_en.exe
[2007/09/05 17:43:29 | 050,009,400 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2007/08/16 14:42:39 | 015,732,984 | ---- | C] (Google ) -- C:\Program Files\Google_Earth_BZXD.exe
[2007/05/31 22:52:05 | 002,168,968 | ---- | C] (Vindigo, Inc. ) -- C:\Program Files\Vindigo_PPC.exe
[2007/05/31 16:56:01 | 005,248,120 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\AgPPCEN.exe
[2007/05/31 16:39:00 | 004,018,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msasync31.exe
[2006/10/22 09:48:59 | 017,533,000 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie7setup_mail.exe
[2006/10/19 21:27:00 | 000,408,024 | ---- | C] (America Online, Inc.) -- C:\Program Files\DNLDSSC.exe
[2005/01/14 16:11:02 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/23 11:28:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/05/23 09:32:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/23 09:31:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/23 09:28:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/23 00:39:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jack Menashe\defogger_reenable
[2011/05/19 02:53:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/05/19 02:13:38 | 004,351,523 | R--- | M] () -- C:\Documents and Settings\Jack Menashe\Desktop\ComboFix.exe
[2011/05/19 01:35:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/18 19:40:49 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\Jack Menashe\Desktop\Shortcut to ComboFix.lnk
[2011/05/18 12:51:36 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/18 10:17:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 21:20:19 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16965412
[2011/05/16 21:17:31 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Jack Menashe\Desktop\Windows XP Recovery.lnk
[2011/05/16 21:17:31 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16965412r
[2011/05/16 21:17:31 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16965412
[2011/05/16 12:41:18 | 018,636,800 | ---- | M] () -- C:\jacksMy Money 1.mny
[2011/05/16 12:40:48 | 000,000,128 | ---- | M] () -- C:\jacksMy Money 1.lrd
[2011/05/10 11:43:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 13:26:34 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jack Menashe\Desktop\aswMBR.exe
[2011/05/02 13:43:59 | 001,149,805 | ---- | M] () -- C:\Documents and Settings\Jack Menashe\Desktop\scan0001.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 11:28:34 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/05/23 00:39:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jack Menashe\defogger_reenable
[2011/05/18 23:31:27 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2011/05/18 23:31:27 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/05/18 23:31:27 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/05/18 23:30:49 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.LNK
[2011/05/18 23:30:49 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Mail.lnk
[2011/05/18 23:30:49 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/05/18 23:30:49 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/18 23:30:49 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/05/18 23:30:48 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Messenger 7.5.lnk
[2011/05/18 23:30:48 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2003.lnk
[2011/05/18 23:30:48 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money.LNK
[2011/05/18 23:30:48 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/05/18 23:30:47 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 6.0 Standard.lnk
[2011/05/18 23:30:47 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0.lnk
[2011/05/18 23:30:47 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2011/05/18 23:30:47 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Album Starter Edition 3.0.lnk
[2011/05/18 23:30:47 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/05/18 23:30:46 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 6.0.lnk
[2011/05/18 19:40:49 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\Jack Menashe\Desktop\Shortcut to ComboFix.lnk
[2011/05/18 19:30:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/18 19:30:55 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/18 19:28:24 | 004,351,523 | R--- | C] () -- C:\Documents and Settings\Jack Menashe\Desktop\ComboFix.exe
[2011/05/18 10:17:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 21:17:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16965412r
[2011/05/16 21:17:31 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16965412
[2011/05/16 21:17:30 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Jack Menashe\Desktop\Windows XP Recovery.lnk
[2011/05/16 21:17:03 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16965412
[2011/05/16 12:40:45 | 000,000,128 | ---- | C] () -- C:\jacksMy Money 1.lrd
[2011/05/02 13:44:07 | 001,149,805 | ---- | C] () -- C:\Documents and Settings\Jack Menashe\Desktop\scan0001.jpg
[2010/12/29 00:44:08 | 000,188,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/04 20:45:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/26 13:58:47 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/08/19 12:34:48 | 000,077,377 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/08/18 10:28:02 | 000,166,115 | ---- | C] () -- C:\WINDOWS\hpoins30.dat.temp
[2010/04/13 12:34:44 | 271,060,312 | ---- | C] () -- C:\Program Files\501_b049_multilanguage.exe
[2010/02/23 19:44:20 | 000,000,547 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat.temp
[2009/12/29 21:29:47 | 000,150,682 | ---- | C] () -- C:\WINDOWS\hpoins30.dat
[2009/12/29 21:29:47 | 000,000,547 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/06 13:32:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/06 13:32:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/06 13:32:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/30 16:26:34 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/07/30 15:27:56 | 133,227,519 | ---- | C] () -- C:\Program Files\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
[2008/04/05 21:06:02 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/01/30 14:33:17 | 000,033,704 | ---- | C] () -- C:\Documents and Settings\Jack Menashe\Application Data\Comma Separated Values (Windows).ADR
[2007/08/27 11:55:07 | 001,305,088 | ---- | C] () -- C:\Program Files\Netflix_Movie_Viewer_Installer.msi
[2007/08/16 14:44:15 | 000,000,330 | ---- | C] () -- C:\Program Files\3D_Warehouse.kmz
[2007/02/18 19:50:50 | 000,703,956 | ---- | C] () -- C:\Program Files\GoogleToolbarEnterprise.zip
[2007/01/27 21:01:06 | 000,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/12/04 21:44:06 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/12/04 21:44:06 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/12/04 21:44:06 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/11/29 23:40:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/28 20:54:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/21 00:28:45 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2006/05/29 11:40:02 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/05/18 23:14:53 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/29 22:07:13 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/26 23:37:44 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/04/26 21:42:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/26 21:41:23 | 000,003,077 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/18 18:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/02/24 18:26:53 | 000,087,553 | ---- | C] () -- C:\WINDOWS\hpfins01.dat.temp
[2006/02/24 18:26:52 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl03.dat.temp
[2005/12/22 15:02:16 | 000,000,268 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/11/03 21:22:26 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/04/20 23:14:49 | 000,000,011 | ---- | C] () -- C:\WINDOWS\nextsteps.ini
[2005/02/27 20:12:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
[2005/02/27 20:12:00 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl25a.dll
[2005/02/27 20:12:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2005/02/03 01:07:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/02/02 02:17:45 | 000,154,112 | ---- | C] () -- C:\Documents and Settings\Jack Menashe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/18 10:13:40 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Jack Menashe\Local Settings\Application Data\fusioncache.dat
[2005/01/17 22:49:43 | 000,087,553 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2005/01/17 22:49:43 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl03.dat
[2005/01/17 22:48:52 | 000,000,424 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/01/17 22:48:51 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2005/01/17 22:36:19 | 000,004,078 | ---- | C] () -- C:\WINDOWS\hpdj6800.ini
[2005/01/17 22:36:07 | 000,001,651 | ---- | C] () -- C:\WINDOWS\hpf6800m.ini
[2005/01/14 16:11:03 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2005/01/14 16:11:03 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2004/12/29 12:13:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/29 12:08:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/29 11:56:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/12/29 11:56:10 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/12/29 11:56:10 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/12/29 11:43:18 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 19:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 19:20:10 | 000,364,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:14:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:12:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 12:31:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/11 12:31:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 18:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/28 17:20:54 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

========== LOP Check ==========

[2009/12/27 20:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2006/03/17 09:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
[2010/12/29 00:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/03/28 18:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/14 17:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/11/21 00:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/07 21:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/03/20 22:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\acccore
[2005/03/27 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\Aim
[2010/12/29 00:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\Blackberry Desktop
[2006/12/16 19:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\iPodSoft
[2006/04/30 10:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\Leadertech
[2007/06/01 08:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\OfficeUpdate12
[2010/12/29 00:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\Research In Motion
[2009/03/30 15:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\Smith Micro
[2005/12/26 17:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\Snapfish
[2011/05/23 11:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\TeamViewer
[2007/04/22 17:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\Walgreens
[2006/10/17 21:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\WholeSecurity
[2007/12/31 16:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\XLAB ISL Light Client3
[2007/12/31 15:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack Menashe\Application Data\XLAB ISL Plugins
[2011/05/23 09:32:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP