Attached Files
-
OTL 1.txt 529.3KB
151 downloads
Edited by SandyStone, 02 June 2011 - 11:16 PM.
Host File Hijack. High Memory Usage by IE
Started by
SandyStone
, Jun 02 2011 11:03 PM
-
This topic is locked
#1
Posted 02 June 2011 - 11:03 PM
SandyStone
-
- Member
-
- 69 posts
Member
#2
Posted 03 June 2011 - 01:09 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi again ... I can see no apparent malware but your hosts file does look a little weird, I will reset that and remove some redundant items
Run OTL
Does it state what is trying to switch it ?noticed the IE was not my default, so I adujusted that, and I have gotten a couple of messages telling me than my IE is trying to be switched.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/05/15 11:16:29 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\ErrorEND.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#3
Posted 03 June 2011 - 04:08 PM
SandyStone
- Topic Starter
-
- Member
-
- 69 posts
Member
Good to hear from you again. 
It did not list a specific program, or at leat one that I recognised. It it happens again I will take note of the pop up. I opened Norton to see if it was loged, but I don't see it.
Malwarebytes loged this:
02:19:45 Sandra C MESSAGE Protection started successfully
02:19:57 Sandra C MESSAGE IP Protection started successfully
04:08:47 Sandra C MESSAGE Protection started successfully
04:08:59 Sandra C MESSAGE IP Protection started successfully
04:20:59 Sandra C MESSAGE Protection started successfully
04:21:04 Sandra C MESSAGE IP Protection started successfully
04:45:48 (null) MESSAGE Protection started successfully
04:45:58 Sandra C MESSAGE IP Protection started successfully
05:08:56 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
05:08:59 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
05:09:05 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
05:30:09 (null) MESSAGE Protection started successfully
05:30:25 Sandra C MESSAGE IP Protection started successfully
14:52:46 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
14:52:49 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
14:52:55 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
23:29:17 Sandra C MESSAGE Protection started successfully
23:29:22 Sandra C MESSAGE IP Protection started successfully
This does not reveal too much though.
Does it state what is trying to switch it ?
It did not list a specific program, or at leat one that I recognised. It it happens again I will take note of the pop up. I opened Norton to see if it was loged, but I don't see it.
Malwarebytes loged this:
02:19:45 Sandra C MESSAGE Protection started successfully
02:19:57 Sandra C MESSAGE IP Protection started successfully
04:08:47 Sandra C MESSAGE Protection started successfully
04:08:59 Sandra C MESSAGE IP Protection started successfully
04:20:59 Sandra C MESSAGE Protection started successfully
04:21:04 Sandra C MESSAGE IP Protection started successfully
04:45:48 (null) MESSAGE Protection started successfully
04:45:58 Sandra C MESSAGE IP Protection started successfully
05:08:56 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
05:08:59 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
05:09:05 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
05:30:09 (null) MESSAGE Protection started successfully
05:30:25 Sandra C MESSAGE IP Protection started successfully
14:52:46 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
14:52:49 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
14:52:55 Sandra C IP-BLOCK 78.129.205.118 (Type: outgoing)
23:29:17 Sandra C MESSAGE Protection started successfully
23:29:22 Sandra C MESSAGE IP Protection started successfully
This does not reveal too much though.
#4
Posted 03 June 2011 - 04:12 PM
SandyStone
- Topic Starter
-
- Member
-
- 69 posts
Member
Here is the OTL scan.
Attached Files
-
06032011_163018.log 21.22KB
124 downloads
#5
Posted 03 June 2011 - 04:27 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hmm that IP address resolves to the UK
What problems are you experiencing ?
What problems are you experiencing ?
#6
Posted 03 June 2011 - 05:01 PM
SandyStone
- Topic Starter
-
- Member
-
- 69 posts
Member
What problems are you experiencing ?
Well, there were a couple of memory dumps. One when I had two windows of a video application open. Video files can sometimes take 3 minutes to delete/close. I will try to delete a file and I am told it is in use so I can't. No applications using said file are open. Jamming may occur. Yesterday When posting to this site I copied the OTL file to paste it here and things jammed up. I restarted the computer and it did the same again. So I then put the OTL file as an attachment. The curser still worked on the taskbar. But on the page it was useless I could still open another window. I was waiting for the hourglass to dissapper, it did I would move the curser and then it would go back to the hourglass. On the thid try I got it to work, I thought it was toast.
Edited by SandyStone, 03 June 2011 - 05:50 PM.
#7
Posted 04 June 2011 - 12:40 AM
SandyStone
- Topic Starter
-
- Member
-
- 69 posts
Member
I had scanned with spybot search and destroy, which I am told updates the Hosts file with each weekly update release. So maybe that muddied the waters? Also I have security task manager which I scanned with and told me there was a problem and would I like to write a new host file? I clicked no because I have to clue how to do such a thing. Anyway afterwards I found this microsoft site for rolling back the host file. http://support.microsoft.com/kb/972034
But you are the one in the know here. Maybe this is not correct or necessary.
But you are the one in the know here. Maybe this is not correct or necessary.
Edited by SandyStone, 04 June 2011 - 12:41 AM.
#8
Posted 04 June 2011 - 06:50 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
I have reset the host file so there is no need to use the MS fix unless you want to play 
Download OTS to your Desktop and double-click on it to run it
I must admit I had problems opening your OTL file - so lets use a different programme where I can remove the several video prgramme updaters from the startOne when I had two windows of a video application open. Video files can sometimes take 3 minutes to delete/close. I will try to delete a file and I am told it is in use so I can't. No applications using said file are open
Download OTS to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
#9
Posted 04 June 2011 - 10:08 AM
SandyStone
- Topic Starter
-
- Member
-
- 69 posts
Member
OTS logfile created on: 6/4/2011 10:37:51 AM - Run 2
OTS by OldTimer - Version 3.1.43.0 Folder = C:\Documents and Settings\Sandra C\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 428.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1600 3100 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 123.72 Gb Free Space | 53.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SANDRA
Current User Name: Sandra C
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Sandra C\Desktop\OTS.exe -> [2011/06/04 09:52:17 | 000,645,632 | ---- | M] (OldTimer Tools)
mbamgui.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
mbamservice.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
ccsvchst.exe -> C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe -> [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation)
flvsrvc.exe -> C:\Program Files\Freecorder\FLVSrvc.exe -> [2011/03/24 02:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
pifsvc.exe -> C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation)
aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation)
iaanotif.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation)
iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation)
stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
[Modules - Safe List]
flvsrvlib.dll -> C:\Documents and Settings\Sandra C\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> [2011/06/04 10:09:51 | 000,018,432 | ---- | M] (Applian Technologies, Inc.)
ots.exe -> C:\Documents and Settings\Sandra C\Desktop\OTS.exe -> [2011/06/04 09:52:17 | 000,645,632 | ---- | M] (OldTimer Tools)
asoehook.dll -> C:\Program Files\Norton 360\Engine\5.1.0.29\asoehook.dll -> [2011/04/28 19:29:01 | 000,413,112 | R--- | M] (Symantec Corporation)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
msvcr90.dll -> C:\Program Files\Norton 360\Engine\5.1.0.29\microsoft.vc90.crt\msvcr90.dll -> [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation)
msvcp90.dll -> C:\Program Files\Norton 360\Engine\5.1.0.29\microsoft.vc90.crt\msvcp90.dll -> [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation)
msvcr90.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll -> [2008/07/29 09:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation)
cabinet.dll -> C:\WINDOWS\system32\cabinet.dll -> [2008/04/13 19:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 06:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 06:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] -> -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] -> -> File not found
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
(N360) Norton 360 [Unknown | Running] -> C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -> [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation)
(LiveUpdate Notice Service) LiveUpdate Notice Service [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -> [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation)
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation)
(LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -> [2007/08/23 15:35:22 | 003,192,184 | ---- | M] (Symantec Corporation)
(DSBrokerService) DSBrokerService [On_Demand | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007/03/07 15:47:46 | 000,076,848 | ---- | M] ()
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation)
(dlbx_device) dlbx_device [On_Demand | Stopped] -> C:\WINDOWS\System32\dlbxcoms.exe -> [2004/12/16 10:26:58 | 000,462,848 | ---- | M] (Dell)
[Driver Services - Safe List]
(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110603.038\NAVEX15.SYS -> [2011/05/17 20:54:58 | 001,542,392 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110603.038\NAVENG.SYS -> [2011/05/17 20:54:58 | 000,086,008 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2011/05/11 09:42:27 | 000,126,584 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2011/05/09 18:39:28 | 000,374,392 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2011/05/09 18:39:28 | 000,105,592 | ---- | M] (Symantec Corporation)
(BHDrvx86) BHDrvx86 [Kernel | System | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys -> [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation)
(SRTSP) Symantec Real Time Storage Protection [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -> [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation)
(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -> [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation)
(SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -> [2011/03/21 19:39:49 | 000,369,784 | ---- | M] (Symantec Corporation)
(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -> [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation)
(IDSxpx86) IDSxpx86 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110603.003\IDSXpx86.sys -> [2011/03/14 13:58:34 | 000,341,944 | ---- | M] (Symantec Corporation)
(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -> [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation)
(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -> [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\dsunidrv.sys -> [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.)
(IntelC52) IntelC52 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\IntelC52.sys -> [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.)
(STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.)
(IntelC51) IntelC51 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\IntelC51.sys -> [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation)
(IntelC53) IntelC53 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\IntelC53.sys -> [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation)
(mohfilt) mohfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mohfilt.sys -> [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation)
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\bvrp_pci.sys -> [2004/03/24 11:12:44 | 000,004,272 | ---- | M] ()
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://search.foxtab.com/?s=0&chnl=irn ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\] > -> ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\: Main\\"SearchMigratedDefaultName" -> Google ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\: Main\\"Start Page" -> http://www.geekstogo.com/forum/topic/301971-host-file-hijack-high-memory-usage-by-ie/page__pid__2019739#entry2019739 ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 1A D5 36 94 72 A1 CB 01 [binary data] ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\: "ProxyOverride" -> *.local ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN\] -> [2011/05/11 10:58:49 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN\] -> [2011/05/09 18:38:53 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2011/06/03 16:30:27 | 000,000,098 | ---- | M] - 2 lines) -> C:\WINDOWS\system32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{1392b8d2-5c05-419f-a8f6-b9f15a596612} [HKLM] -> C:\Program Files\Freecorder\prxtbFre0.dll [Freecorder Toolbar] -> [2011/01/17 09:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
{30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\prxConduitEngine.dll [Conduit Engine ] -> [2011/01/17 09:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll [Symantec NCO BHO] -> [2011/04/28 17:33:29 | 000,436,152 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll [Symantec Intrusion Prevention] -> [2011/03/30 22:01:20 | 000,210,872 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}" [HKLM] -> C:\Program Files\Freecorder\prxtbFre0.dll [Freecorder Toolbar] -> [2011/01/17 09:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files\ConduitEngine\prxConduitEngine.dll [Conduit Engine ] -> [2011/01/17 09:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll [Norton Toolbar] -> [2011/04/28 17:33:29 | 000,436,152 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\] > -> HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{1392B8D2-5C05-419F-A8F6-B9F15A596612}" [HKLM] -> C:\Program Files\Freecorder\prxtbFre0.dll [Freecorder Toolbar] -> [2011/01/17 09:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files\ConduitEngine\prxConduitEngine.dll [Conduit Engine ] -> [2011/01/17 09:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll [Norton Toolbar] -> [2011/04/28 17:33:29 | 000,436,152 | R--- | M] (Symantec Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"] -> [2011/01/30 10:45:14 | 000,035,736 | ---- | M] (Adobe Systems Incorporated)
"DLBXCATS" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16] -> [2004/12/07 16:43:44 | 000,069,632 | ---- | M] ()
"Freecorder FLV Service" -> C:\Program Files\Freecorder\FLVSrvc.exe ["C:\Program Files\Freecorder\FLVSrvc.exe" /run] -> [2011/03/24 02:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.)
"IAAnotif" -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe] -> [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation)
"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
"SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
"Symantec PIF AlertEng" -> C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"SymLnch" -> C:\Documents and Settings\Sandra C\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe ["C:\Documents and Settings\Sandra C\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sandra C\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Setup.exe" "/REALUPREBOOT /temp /patched"] -> [2007/08/26 19:04:16 | 000,687,976 | R--- | M] (Symantec Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Sandra C Startup Folder > -> C:\Documents and Settings\Sandra C\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006] > -> HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006] > -> HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006] > -> HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\] > -> HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7654 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7654 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7654 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\] > -> HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7654 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\] > -> HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [HKLM] -> http://www.musicnotes.com/download/mnviewer.cab [Musicnotes Viewer] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Facebook Photo Uploader 4 Control] ->
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [HKLM] -> http://static.harpersglobe.com/aurigma/ImageUploader5.cab [Image Uploader Control] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] ->
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6B15E3F6-379A-42EA-BEC4-DE2C5EC62154}\\DhcpNameServer -> 192.168.0.1 (Intel(R) PRO/1000 PL Network Connection) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\eBay\eBay Toolbar2\eBayTBBroker.exe" -> [C:\Program Files\eBay\eBay Toolbar2\eBayTBBroker.exe:*:Enabled:eBayTBBroker] -> File not found
"C:\Program Files\eBay\eBay Toolbar2\eBayTBCareApp.exe" -> [C:\Program Files\eBay\eBay Toolbar2\eBayTBCareApp.exe:*:Enabled:eBayTBCareApp] -> File not found
"C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" -> [C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe:*:Enabled:eBayTBDaemon] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 14:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
"Apple Mobile Device" -> ->
"Ati HotKey Poller" -> ->
"Bonjour Service" -> ->
"iPod Service" -> ->
"ose" -> ->
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBay Countdown.url -> -> File not found
C:^Documents and Settings^Sandra C^Start Menu^Programs^Startup^Date.doc -> -> File not found
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2010/11/10 12:49:34 | 000,932,288 | ---- | M] (Adobe Systems Incorporated)
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
eBayToolbar hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
msnmsgr hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2010/04/16 22:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation)
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 0 ->
"services" -> 2 ->
"startup" -> 2 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 19:12:42 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 09:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 19:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 06:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2010/06/17 09:03:00 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 06:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 06:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 19:12:42 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 19:11:55 | 000,755,200 | ---- | M] (Intel Corporation)
"wave" -> C:\WINDOWS\System32\serwvdrv.dll [serwvdrv.dll] -> [2004/08/04 06:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
"wave2" -> C:\WINDOWS\System32\serwvdrv.dll [serwvdrv.dll] -> [2004/08/04 06:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
AppMgmt -> -> File not found
HidServ -> -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
AppMgmt -> -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* ->
exefile [open] -> "%1" %* ->
piffile [open] -> "%1" %* ->
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l ->
scrfile [open] -> "%1" /S ->
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [AddToPlaylistVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2011/04/11 19:45:30 | 000,107,520 | ---- | M] ()
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2011/04/11 19:45:30 | 000,107,520 | ---- | M] ()
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 5/29/2011 4:50:05 PM Computer Name = SANDRA | Source = Application Error | ID = 1000 -> Description = Faulting application mediasub.exe, version 2.0.0.7, faulting module unknown, version 0.0.0.0, fault address 0x0018e8dd.
Application [ Error ] 6/2/2011 7:27:05 PM Computer Name = SANDRA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x715ba067.
Application [ Error ] 6/2/2011 7:27:15 PM Computer Name = SANDRA | Source = Microsoft Office 11 | ID = 1000 -> Description = Faulting application outlook.exe, version 11.0.8326.0, stamp 4c1c2372, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x715ba067.
Application [ Error ] 6/2/2011 10:57:06 PM Computer Name = SANDRA | Source = Application Hang | ID = 1002 -> Description = Hanging application avidemux2.exe, version 2.5.4.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 6/2/2011 10:57:29 PM Computer Name = SANDRA | Source = Application Hang | ID = 1002 -> Description = Hanging application avidemux2.exe, version 2.5.4.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 6/2/2011 11:46:39 PM Computer Name = SANDRA | Source = Application Hang | ID = 1002 -> Description = Hanging application TaskMan.exe, version 1.8.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 6/3/2011 12:48:42 AM Computer Name = SANDRA | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 6/3/2011 12:49:10 AM Computer Name = SANDRA | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 6/3/2011 12:49:56 AM Computer Name = SANDRA | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 6/3/2011 12:50:14 AM Computer Name = SANDRA | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 6/3/2011 11:08:48 AM Computer Name = SANDRA | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 6/3/2011 11:08:48 AM Computer Name = SANDRA | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 6/3/2011 11:08:48 AM Computer Name = SANDRA | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 6/3/2011 11:08:49 AM Computer Name = SANDRA | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 6/3/2011 11:08:49 AM Computer Name = SANDRA | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 6/3/2011 11:08:49 AM Computer Name = SANDRA | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 6/3/2011 5:30:19 PM Computer Name = SANDRA | Source = Service Control Manager | ID = 7034 -> Description = The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 6/3/2011 5:30:20 PM Computer Name = SANDRA | Source = Service Control Manager | ID = 7034 -> Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 6/3/2011 5:30:20 PM Computer Name = SANDRA | Source = Service Control Manager | ID = 7034 -> Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 6/3/2011 5:30:21 PM Computer Name = SANDRA | Source = Service Control Manager | ID = 7034 -> Description = The MBAMService service terminated unexpectedly. It has done this 1 time(s).
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Sandra C\Desktop\OTS.exe -> [2011/06/04 09:52:16 | 000,645,632 | ---- | C] (OldTimer Tools)
Books -> C:\Documents and Settings\Sandra C\My Documents\Books -> [2011/06/03 20:59:16 | 000,000,000 | ---D | C]
Old Scans -> C:\Documents and Settings\Sandra C\Desktop\Old Scans -> [2011/06/03 17:19:06 | 000,000,000 | ---D | C]
_OTL -> C:\_OTL -> [2011/06/03 16:30:18 | 000,000,000 | ---D | C]
OTL.exe -> C:\Documents and Settings\Sandra C\Desktop\OTL.exe -> [2011/06/02 22:49:50 | 000,580,096 | ---- | C] (OldTimer Tools)
SecTaskMan -> C:\Documents and Settings\All Users\Application Data\SecTaskMan -> [2011/06/02 22:30:12 | 000,000,000 | ---D | C]
Security Task Manager -> C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager -> [2011/06/02 22:30:09 | 000,000,000 | ---D | C]
Security Task Manager -> C:\Program Files\Security Task Manager -> [2011/06/02 22:30:05 | 000,000,000 | ---D | C]
Freecorder -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Freecorder -> [2011/06/02 20:27:06 | 000,000,000 | ---D | C]
PriceGong -> C:\Documents and Settings\Sandra C\Application Data\PriceGong -> [2011/06/02 14:14:49 | 000,000,000 | ---D | C]
Conduit -> C:\Program Files\Conduit -> [2011/06/02 14:14:39 | 000,000,000 | ---D | C]
Conduit -> C:\Documents and Settings\Sandra C\Local Settings\Application Data\Conduit -> [2011/06/02 14:14:39 | 000,000,000 | ---D | C]
Freecorder -> C:\Documents and Settings\Sandra C\Local Settings\Application Data\Freecorder -> [2011/06/02 14:14:38 | 000,000,000 | ---D | C]
ConduitEngine -> C:\Program Files\ConduitEngine -> [2011/06/02 14:14:36 | 000,000,000 | ---D | C]
ConduitEngine -> C:\Documents and Settings\Sandra C\Local Settings\Application Data\ConduitEngine -> [2011/06/02 14:14:36 | 000,000,000 | ---D | C]
Freecorder -> C:\Documents and Settings\Sandra C\My Documents\Freecorder -> [2011/06/02 14:12:51 | 000,000,000 | ---D | C]
FLVService -> C:\Documents and Settings\Sandra C\Local Settings\Application Data\FLVService -> [2011/06/02 14:12:50 | 000,000,000 | ---D | C]
Freecorder -> C:\Documents and Settings\All Users\Start Menu\Programs\Freecorder -> [2011/06/02 14:12:45 | 000,000,000 | ---D | C]
Freecorder -> C:\Program Files\Freecorder -> [2011/06/02 14:12:43 | 000,000,000 | ---D | C]
xVideoServiceThief -> C:\Documents and Settings\Sandra C\Application Data\xVideoServiceThief -> [2011/06/02 13:49:40 | 000,000,000 | ---D | C]
Xesc & Technology -> C:\Program Files\Xesc & Technology -> [2011/06/02 13:47:53 | 000,000,000 | ---D | C]
ZillaTube -> C:\Program Files\ZillaTube -> [2011/06/02 13:29:29 | 000,000,000 | ---D | C]
vlc -> C:\Documents and Settings\Sandra C\Application Data\vlc -> [2011/06/02 04:41:54 | 000,000,000 | ---D | C]
VideoLAN -> C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN -> [2011/06/02 04:41:44 | 000,000,000 | ---D | C]
Games -> C:\Documents and Settings\All Users\Start Menu\Programs\Games -> [2011/06/01 20:05:59 | 000,000,000 | R--D | C]
wmp11-windowsxp-x86-enu.exe -> C:\Program Files\wmp11-windowsxp-x86-enu.exe -> [2011/06/01 00:11:46 | 025,740,256 | ---- | C] (Microsoft Corporation)
PCDr -> C:\Documents and Settings\Sandra C\Application Data\PCDr -> [2011/05/28 23:53:32 | 000,000,000 | ---D | C]
avidemux -> C:\Documents and Settings\Sandra C\Application Data\avidemux -> [2011/05/28 21:17:37 | 000,000,000 | ---D | C]
Avidemux 2.5 -> C:\Program Files\Avidemux 2.5 -> [2011/05/28 21:17:18 | 000,000,000 | ---D | C]
Templates -> C:\Program Files\Templates -> [2011/05/28 20:29:56 | 000,000,000 | ---D | C]
Plugins -> C:\Program Files\Plugins -> [2011/05/28 20:29:56 | 000,000,000 | ---D | C]
PascalScripts -> C:\Program Files\PascalScripts -> [2011/05/28 20:29:56 | 000,000,000 | ---D | C]
Docs -> C:\Program Files\Docs -> [2011/05/28 20:29:56 | 000,000,000 | ---D | C]
CustomFormats -> C:\Program Files\CustomFormats -> [2011/05/28 20:29:56 | 000,000,000 | ---D | C]
Dell -> C:\Documents and Settings\Sandra C\Local Settings\Application Data\Dell -> [2011/05/28 01:00:25 | 000,000,000 | ---D | C]
ATI Technologies -> C:\Program Files\ATI Technologies -> [2011/05/28 00:53:20 | 000,000,000 | ---D | C]
Imsmudlg.exe -> C:\WINDOWS\System32\Imsmudlg.exe -> [2011/05/28 00:39:38 | 000,126,976 | ---- | C] (Intel(R) Corporation)
ENU -> C:\WINDOWS\System32\ENU -> [2011/05/28 00:39:38 | 000,000,000 | ---D | C]
PC-Doctor -> C:\Documents and Settings\All Users\Application Data\PC-Doctor -> [2011/05/27 23:26:42 | 000,000,000 | ---D | C]
PCDr -> C:\Documents and Settings\All Users\Application Data\PCDr -> [2011/05/27 23:26:41 | 000,000,000 | ---D | C]
supportsoft -> C:\Program Files\Common Files\supportsoft -> [2011/05/27 23:25:51 | 000,000,000 | ---D | C]
Dell -> C:\Documents and Settings\All Users\Application Data\Dell -> [2011/05/27 23:25:27 | 000,000,000 | ---D | C]
Dell Inc -> C:\Documents and Settings\Sandra C\Start Menu\Programs\Dell Inc -> [2011/05/27 23:21:40 | 000,000,000 | ---D | C]
Tific -> C:\Documents and Settings\Sandra C\Application Data\Tific -> [2011/05/25 23:35:37 | 000,000,000 | ---D | C]
Fish SRT Files -> C:\Documents and Settings\Sandra C\My Documents\Fish SRT Files -> [2011/05/25 23:03:15 | 000,000,000 | ---D | C]
Green Fish Subtitler -> C:\Program Files\Green Fish Subtitler -> [2011/05/25 22:49:29 | 000,000,000 | ---D | C]
Subtitler dotNetFx40_Full_x86_x64.exe -> C:\Program Files\Subtitler dotNetFx40_Full_x86_x64.exe -> [2011/05/25 22:40:15 | 050,449,456 | ---- | C] (Microsoft Corporation)
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy -> [2011/05/15 13:26:55 | 000,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2011/05/15 13:26:51 | 000,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2011/05/15 13:26:51 | 000,000,000 | ---D | C]
ErrorEND -> C:\Documents and Settings\All Users\Application Data\ErrorEND -> [2011/05/15 11:16:29 | 000,000,000 | ---D | C]
FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2011/05/15 11:07:08 | 000,404,640 | ---- | C] (Adobe Systems Incorporated)
NPE -> C:\Documents and Settings\Sandra C\Local Settings\Application Data\NPE -> [2011/05/10 20:25:28 | 000,000,000 | ---D | C]
NPE.exe -> C:\Documents and Settings\Sandra C\Desktop\NPE.exe -> [2011/05/10 20:24:49 | 006,141,880 | ---- | C] (Symantec Corporation)
Tracing -> C:\Documents and Settings\Sandra C\Tracing -> [2011/05/09 23:27:13 | 000,000,000 | ---D | C]
Microsoft -> C:\Program Files\Microsoft -> [2011/05/09 23:26:26 | 000,000,000 | ---D | C]
Windows Live SkyDrive -> C:\Program Files\Windows Live SkyDrive -> [2011/05/09 23:26:11 | 000,000,000 | ---D | C]
Windows Live -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live -> [2011/05/09 23:26:04 | 000,000,000 | ---D | C]
Windows Live -> C:\Program Files\Windows Live -> [2011/05/09 23:25:49 | 000,000,000 | ---D | C]
ATI -> C:\ATI -> [2011/05/09 23:19:58 | 000,000,000 | ---D | C]
11-4_xp32_dd_ccc_enu.exe -> C:\WINDOWS\System32\11-4_xp32_dd_ccc_enu.exe -> [2011/05/09 23:12:20 | 051,474,416 | ---- | C] (Advanced Micro Devices, Inc.)
Recent -> C:\Documents and Settings\Sandra C\Recent -> [2011/05/09 21:23:39 | 000,000,000 | RH-D | C]
CCleaner -> C:\Program Files\CCleaner -> [2011/05/09 21:14:30 | 000,000,000 | ---D | C]
symefa.sys -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys -> [2011/05/09 18:39:24 | 000,744,568 | ---- | C] (Symantec Corporation)
symtdi.sys -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys -> [2011/05/09 18:39:24 | 000,369,784 | ---- | C] (Symantec Corporation)
symds.sys -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys -> [2011/05/09 18:39:24 | 000,340,088 | ---- | C] (Symantec Corporation)
symtdiv.sys -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys -> [2011/05/09 18:39:24 | 000,331,384 | ---- | C] (Symantec Corporation)
symnets.sys -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys -> [2011/05/09 18:39:24 | 000,296,568 | ---- | C] (Symantec Corporation)
srtsp.sys -> C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys -> [2011/05/09 18:39:23 | 000,516,216 | ---- | C] (Symantec Corporation)
ironx86.sys -> C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys -> [2011/05/09 18:39:23 | 000,136,312 | R--- | C] (Symantec Corporation)
srtspx.sys -> C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys -> [2011/05/09 18:39:23 | 000,050,168 | ---- | C] (Symantec Corporation)
0501000.01D -> C:\WINDOWS\System32\drivers\N360\0501000.01D -> [2011/05/09 18:38:53 | 000,000,000 | ---D | C]
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2011/05/09 17:51:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/05/09 17:51:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2011/05/09 17:51:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
FileHippo.com -> C:\Program Files\FileHippo.com -> [2011/05/09 17:25:11 | 000,000,000 | ---D | C]
Puran Defrag -> C:\Documents and Settings\All Users\Start Menu\Programs\Puran Defrag -> [2011/05/09 14:38:38 | 000,000,000 | ---D | C]
Puran Defrag -> C:\Program Files\Puran Defrag -> [2011/05/09 14:38:37 | 000,000,000 | ---D | C]
PuranDefragSetup.exe -> C:\Program Files\PuranDefragSetup.exe -> [2011/05/09 14:37:41 | 002,733,484 | ---- | C] (Puran Software )
JavaSetup6u25.exe -> C:\Documents and Settings\Sandra C\Desktop\JavaSetup6u25.exe -> [2011/05/09 14:35:54 | 000,887,072 | ---- | C] (Sun Microsystems, Inc.)
RECYCLER -> C:\RECYCLER -> [2011/05/08 21:03:38 | 000,000,000 | -HSD | C]
cmdcons -> C:\cmdcons -> [2011/05/08 13:22:40 | 000,000,000 | RHSD | C]
ERDNT -> C:\WINDOWS\ERDNT -> [2011/05/08 12:48:08 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Sandra C\Application Data\Malwarebytes -> [2011/05/08 11:21:20 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2011/05/08 11:21:07 | 000,039,984 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/08 11:21:07 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2011/05/08 11:21:06 | 000,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/05/08 11:21:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/05/08 11:21:03 | 000,000,000 | ---D | C]
N360_BACKUP -> C:\N360_BACKUP -> [2011/05/07 21:04:02 | 000,000,000 | ---D | C]
S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> [2011/05/06 11:47:31 | 000,060,872 | ---- | C] (Symantec Corporation)
SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2011/05/06 11:47:30 | 000,126,584 | ---- | C] (Symantec Corporation)
GEARAspi.dll -> C:\WINDOWS\System32\GEARAspi.dll -> [2011/05/06 11:47:13 | 000,106,928 | ---- | C] (GEAR Software Inc.)
N360 -> C:\WINDOWS\System32\drivers\N360 -> [2011/05/06 11:46:28 | 000,000,000 | ---D | C]
Norton 360 -> C:\Program Files\Norton 360 -> [2011/05/06 11:46:19 | 000,000,000 | ---D | C]
Norton 360 -> C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360 -> [2011/05/06 11:46:19 | 000,000,000 | ---D | C]
PCSettings -> C:\Documents and Settings\All Users\Application Data\PCSettings -> [2011/05/06 11:38:48 | 000,000,000 | ---D | C]
Mozilla -> C:\Documents and Settings\Sandra C\Local Settings\Application Data\Mozilla -> [2011/05/05 15:30:17 | 000,000,000 | ---D | C]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2011/05/05 15:30:07 | 000,000,000 | ---D | C]
Shockwave_Installer_Full.exe -> C:\Program Files\Shockwave_Installer_Full.exe -> [2011/05/05 00:57:11 | 009,519,088 | ---- | C] (Adobe Systems Inc.)
Real_Alternative_202.exe -> C:\Program Files\Real_Alternative_202.exe -> [2011/01/14 19:48:15 | 006,909,232 | ---- | C] ( )
registryeasy_lite.exe -> C:\Program Files\registryeasy_lite.exe -> [2011/01/09 11:58:36 | 004,966,432 | ---- | C] (CheeseSoft Inc. )
IE8_IEAK_XP32.exe -> C:\Program Files\IE8_IEAK_XP32.exe -> [2010/12/21 19:57:35 | 017,063,752 | ---- | C] (Microsoft Corporation)
QuickTimeInstaller.exe -> C:\Program Files\QuickTimeInstaller.exe -> [2010/11/27 18:31:36 | 034,452,784 | ---- | C] (Apple Inc.)
RealPlayer.exe -> C:\Program Files\RealPlayer.exe -> [2010/11/26 21:01:11 | 025,825,936 | ---- | C] (RealNetworks, Inc.)
setup-client.exe -> C:\Program Files\setup-client.exe -> [2010/08/18 20:05:34 | 004,451,992 | ---- | C] (MTS Allstream )
Dell_Upgrade.v2806_5_9(Dell)_DVD060410-01_R3.exe -> C:\Program Files\Dell_Upgrade.v2806_5_9(Dell)_DVD060410-01_R3.exe -> [2007/04/05 21:21:36 | 013,667,376 | ---- | C] ( )
82 C:\Documents and Settings\Sandra C\My Documents\*.tmp files -> C:\Documents and Settings\Sandra C\My Documents\*.tmp ->
7 C:\Documents and Settings\Sandra C\Desktop\*.tmp files -> C:\Documents and Settings\Sandra C\Desktop\*.tmp ->
[Files/Folders - Modified Within 30 Days]
User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job -> [2011/06/04 10:14:55 | 000,000,444 | -H-- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/06/04 10:09:41 | 000,002,206 | ---- | M] ()
RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job -> [2011/06/04 10:09:40 | 000,000,300 | ---- | M] ()
RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job -> [2011/06/04 10:09:40 | 000,000,276 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/06/04 10:07:24 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/06/04 10:07:18 | 1071,812,608 | -HS- | M] ()
OTS.exe -> C:\Documents and Settings\Sandra C\Desktop\OTS.exe -> [2011/06/04 09:52:17 | 000,645,632 | ---- | M] (OldTimer Tools)
Shortcut to VLC Videos with Subs.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to VLC Videos with Subs.lnk -> [2011/06/03 21:28:28 | 000,001,614 | ---- | M] ()
Dictionary.lnk -> C:\Documents and Settings\Sandra C\Desktop\Dictionary.lnk -> [2011/06/03 21:22:42 | 000,000,869 | ---- | M] ()
Shortcut to Whole Shows.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to Whole Shows.lnk -> [2011/06/03 21:21:59 | 000,000,797 | ---- | M] ()
Shortcut to Hands.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to Hands.lnk -> [2011/06/03 21:21:38 | 000,000,563 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Sandra C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/06/03 20:48:01 | 000,035,328 | ---- | M] ()
Hosts -> C:\WINDOWS\System32\drivers\etc\Hosts -> [2011/06/03 16:30:27 | 000,000,098 | ---- | M] ()
OTL.exe -> C:\Documents and Settings\Sandra C\Desktop\OTL.exe -> [2011/06/02 22:49:53 | 000,580,096 | ---- | M] (OldTimer Tools)
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2011/06/02 20:27:03 | 000,000,284 | ---- | M] ()
Shortcut to Freecorder.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to Freecorder.lnk -> [2011/06/02 14:41:11 | 000,000,720 | ---- | M] ()
evf6 -> C:\Documents and Settings\Sandra C\Application Data\evf6 -> [2011/06/02 13:39:51 | 000,000,002 | -HS- | M] ()
date -> C:\Documents and Settings\Sandra C\Application Data\date -> [2011/06/02 13:30:31 | 000,000,006 | -HS- | M] ()
Shortcut to My Videos.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to My Videos.lnk -> [2011/06/02 06:28:06 | 000,000,462 | ---- | M] ()
Shortcut to Video Downloads.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to Video Downloads.lnk -> [2011/06/02 05:20:33 | 000,000,489 | ---- | M] ()
VLC media player.lnk -> C:\Documents and Settings\All Users\Desktop\VLC media player.lnk -> [2011/06/02 04:41:44 | 000,000,719 | ---- | M] ()
RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job -> [2011/06/02 04:15:09 | 000,000,308 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\Sandra C\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/06/02 02:18:46 | 000,000,802 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/06/02 02:18:46 | 000,000,784 | ---- | M] ()
Shortcut to Fish SRT Files.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to Fish SRT Files.lnk -> [2011/06/01 23:06:11 | 000,000,443 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/06/01 20:07:15 | 000,004,507 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/06/01 20:07:11 | 000,471,450 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/06/01 20:07:11 | 000,082,306 | ---- | M] ()
npd6.d -> C:\WINDOWS\System32\npd6.d -> [2011/06/01 19:46:30 | 000,000,017 | ---- | M] ()
Cat.DB -> C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB -> [2011/06/01 02:50:15 | 000,721,986 | ---- | M] ()
WMSysPr9.prx -> C:\WINDOWS\WMSysPr9.prx -> [2011/06/01 00:28:14 | 000,316,640 | ---- | M] ()
nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [2011/06/01 00:28:03 | 000,023,392 | ---- | M] ()
amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [2011/06/01 00:28:03 | 000,016,832 | ---- | M] ()
wmp11-windowsxp-x86-enu.exe -> C:\Program Files\wmp11-windowsxp-x86-enu.exe -> [2011/06/01 00:11:48 | 025,740,256 | ---- | M] (Microsoft Corporation)
RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job -> [2011/05/31 23:54:00 | 000,000,284 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation)
Avidemux 2.5.lnk -> C:\Documents and Settings\All Users\Desktop\Avidemux 2.5.lnk -> [2011/05/28 21:17:24 | 000,000,717 | ---- | M] ()
Subtitler dotNetFx40_Full_x86_x64.exe -> C:\Program Files\Subtitler dotNetFx40_Full_x86_x64.exe -> [2011/05/25 22:40:17 | 050,449,456 | ---- | M] (Microsoft Corporation)
Green Fish Subtitler.zip -> C:\Program Files\Green Fish Subtitler.zip -> [2011/05/25 22:28:38 | 000,010,399 | ---- | M] ()
Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Sandra C\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2011/05/15 13:26:56 | 000,000,951 | ---- | M] ()
Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Sandra C\Desktop\Spybot - Search & Destroy.lnk -> [2011/05/15 13:26:56 | 000,000,933 | ---- | M] ()
FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2011/05/15 11:07:08 | 000,404,640 | ---- | M] (Adobe Systems Incorporated)
Launch Microsoft Office Outlook.lnk -> C:\Documents and Settings\Sandra C\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk -> [2011/05/14 09:22:19 | 000,000,792 | ---- | M] ()
Norton 360.LNK -> C:\Documents and Settings\All Users\Desktop\Norton 360.LNK -> [2011/05/11 10:58:02 | 000,001,900 | ---- | M] ()
SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2011/05/11 09:42:27 | 000,126,584 | ---- | M] (Symantec Corporation)
S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> [2011/05/11 09:42:27 | 000,060,872 | ---- | M] (Symantec Corporation)
SYMEVENT.CAT -> C:\WINDOWS\System32\drivers\SYMEVENT.CAT -> [2011/05/11 09:42:27 | 000,007,468 | ---- | M] ()
SYMEVENT.INF -> C:\WINDOWS\System32\drivers\SYMEVENT.INF -> [2011/05/11 09:42:27 | 000,000,806 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2011/05/10 20:30:17 | 000,000,327 | RHS- | M] ()
NPE.exe -> C:\Documents and Settings\Sandra C\Desktop\NPE.exe -> [2011/05/10 20:24:59 | 006,141,880 | ---- | M] (Symantec Corporation)
11-4_xp32_dd_ccc_enu.exe -> C:\WINDOWS\System32\11-4_xp32_dd_ccc_enu.exe -> [2011/05/09 23:12:23 | 051,474,416 | ---- | M] (Advanced Micro Devices, Inc.)
CCleaner.lnk -> C:\Documents and Settings\All Users\Desktop\CCleaner.lnk -> [2011/05/09 21:14:31 | 000,000,682 | ---- | M] ()
deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2011/05/09 17:51:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2011/05/09 17:51:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/05/09 17:51:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2011/05/09 17:51:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2011/05/09 17:51:20 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
Adobe Reader X.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk -> [2011/05/09 17:33:27 | 000,001,734 | ---- | M] ()
Update Checker.lnk -> C:\Documents and Settings\Sandra C\Desktop\Update Checker.lnk -> [2011/05/09 17:25:12 | 000,001,632 | ---- | M] ()
FHSetup.exe -> C:\Program Files\FHSetup.exe -> [2011/05/09 17:24:39 | 000,252,991 | ---- | M] ()
Puran Defrag.lnk -> C:\Documents and Settings\Sandra C\Desktop\Puran Defrag.lnk -> [2011/05/09 14:38:38 | 000,000,740 | ---- | M] ()
PuranDefragSetup.exe -> C:\Program Files\PuranDefragSetup.exe -> [2011/05/09 14:37:59 | 002,733,484 | ---- | M] (Puran Software )
JavaSetup6u25.exe -> C:\Documents and Settings\Sandra C\Desktop\JavaSetup6u25.exe -> [2011/05/09 14:35:56 | 000,887,072 | ---- | M] (Sun Microsystems, Inc.)
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/05/09 14:30:34 | 000,216,064 | ---- | M] ()
hosts.20110515-141939.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20110515-141939.backup -> [2011/05/09 14:22:21 | 000,000,098 | ---- | M] ()
82 C:\Documents and Settings\Sandra C\My Documents\*.tmp files -> C:\Documents and Settings\Sandra C\My Documents\*.tmp ->
7 C:\Documents and Settings\Sandra C\Desktop\*.tmp files -> C:\Documents and Settings\Sandra C\Desktop\*.tmp ->
[Files - No Company Name]
Shortcut to Hands.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to Hands.lnk -> [2011/06/03 21:21:38 | 000,000,563 | ---- | C] ()
Shortcut to Freecorder.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to Freecorder.lnk -> [2011/06/02 14:41:11 | 000,000,720 | ---- | C] ()
date -> C:\Documents and Settings\Sandra C\Application Data\date -> [2011/06/02 13:30:30 | 000,000,006 | -HS- | C] ()
evf6 -> C:\Documents and Settings\Sandra C\Application Data\evf6 -> [2011/06/02 13:30:29 | 000,000,002 | -HS- | C] ()
Shortcut to My Videos.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to My Videos.lnk -> [2011/06/02 06:28:06 | 000,000,462 | ---- | C] ()
Shortcut to Video Downloads.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to Video Downloads.lnk -> [2011/06/02 05:20:33 | 000,000,489 | ---- | C] ()
VLC media player.lnk -> C:\Documents and Settings\All Users\Desktop\VLC media player.lnk -> [2011/06/02 04:41:44 | 000,000,719 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\Sandra C\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/06/02 02:18:46 | 000,000,802 | ---- | C] ()
Shortcut to Fish SRT Files.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to Fish SRT Files.lnk -> [2011/06/01 23:06:11 | 000,000,443 | ---- | C] ()
Shortcut to Whole Shows.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to Whole Shows.lnk -> [2011/06/01 13:30:04 | 000,000,797 | ---- | C] ()
nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [2011/06/01 00:27:35 | 000,023,392 | ---- | C] ()
amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [2011/06/01 00:27:35 | 000,016,832 | ---- | C] ()
Avidemux 2.5.lnk -> C:\Documents and Settings\All Users\Desktop\Avidemux 2.5.lnk -> [2011/05/28 21:17:23 | 000,000,717 | ---- | C] ()
Green Fish Subtitler.zip -> C:\Program Files\Green Fish Subtitler.zip -> [2011/05/25 22:28:37 | 000,010,399 | ---- | C] ()
Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Sandra C\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2011/05/15 13:26:56 | 000,000,951 | ---- | C] ()
Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Sandra C\Desktop\Spybot - Search & Destroy.lnk -> [2011/05/15 13:26:56 | 000,000,933 | ---- | C] ()
Cat.DB -> C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB -> [2011/05/11 10:56:32 | 000,721,986 | ---- | C] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/05/10 10:31:01 | 000,004,507 | ---- | C] ()
CCleaner.lnk -> C:\Documents and Settings\All Users\Desktop\CCleaner.lnk -> [2011/05/09 21:14:31 | 000,000,682 | ---- | C] ()
symnetv.cat -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat -> [2011/05/09 18:39:24 | 000,007,877 | ---- | C] ()
symnet.cat -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat -> [2011/05/09 18:39:24 | 000,007,458 | ---- | C] ()
symefa.cat -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat -> [2011/05/09 18:39:24 | 000,007,456 | ---- | C] ()
symefa.inf -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf -> [2011/05/09 18:39:24 | 000,003,373 | ---- | C] ()
symds.inf -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf -> [2011/05/09 18:39:24 | 000,002,792 | ---- | C] ()
symnetv.inf -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf -> [2011/05/09 18:39:24 | 000,001,474 | ---- | C] ()
symnet.inf -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf -> [2011/05/09 18:39:24 | 000,001,446 | ---- | C] ()
iron.cat -> C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat -> [2011/05/09 18:39:23 | 000,007,528 | R--- | C] ()
srtspx.cat -> C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat -> [2011/05/09 18:39:23 | 000,007,454 | ---- | C] ()
srtsp.cat -> C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat -> [2011/05/09 18:39:23 | 000,007,450 | ---- | C] ()
srtspx.inf -> C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf -> [2011/05/09 18:39:23 | 000,001,389 | ---- | C] ()
srtsp.inf -> C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf -> [2011/05/09 18:39:23 | 000,001,383 | ---- | C] ()
iron.inf -> C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf -> [2011/05/09 18:39:23 | 000,000,742 | R--- | C] ()
symds.cat -> C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat -> [2011/05/09 18:38:56 | 000,000,000 | ---- | C] ()
isolate.ini -> C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini -> [2011/05/09 18:38:53 | 000,000,172 | ---- | C] ()
Adobe Reader X.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk -> [2011/05/09 17:33:27 | 000,001,804 | ---- | C] ()
Adobe Reader X.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk -> [2011/05/09 17:33:27 | 000,001,734 | ---- | C] ()
Update Checker.lnk -> C:\Documents and Settings\Sandra C\Start Menu\Programs\Update Checker.lnk -> [2011/05/09 17:25:12 | 000,001,638 | ---- | C] ()
Update Checker.lnk -> C:\Documents and Settings\Sandra C\Desktop\Update Checker.lnk -> [2011/05/09 17:25:12 | 000,001,632 | ---- | C] ()
FHSetup.exe -> C:\Program Files\FHSetup.exe -> [2011/05/09 17:24:39 | 000,252,991 | ---- | C] ()
npd6.d -> C:\WINDOWS\System32\npd6.d -> [2011/05/09 14:38:52 | 000,000,017 | ---- | C] ()
Puran Defrag.lnk -> C:\Documents and Settings\Sandra C\Desktop\Puran Defrag.lnk -> [2011/05/09 14:38:38 | 000,000,740 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2011/05/08 13:22:52 | 000,000,211 | ---- | C] ()
cmldr -> C:\cmldr -> [2011/05/08 13:22:50 | 000,260,272 | RHS- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/08 11:21:07 | 000,000,784 | ---- | C] ()
Shortcut to VLC Videos with Subs.lnk -> C:\Documents and Settings\Sandra C\Desktop\Shortcut to HAH VLC Videos with Subs.lnk -> [2011/05/06 12:58:03 | 000,001,614 | ---- | C] ()
SYMEVENT.CAT -> C:\WINDOWS\System32\drivers\SYMEVENT.CAT -> [2011/05/06 11:47:30 | 000,007,468 | ---- | C] ()
SYMEVENT.INF -> C:\WINDOWS\System32\drivers\SYMEVENT.INF -> [2011/05/06 11:47:30 | 000,000,806 | ---- | C] ()
Norton 360.LNK -> C:\Documents and Settings\All Users\Desktop\Norton 360.LNK -> [2011/05/06 11:47:23 | 000,001,900 | ---- | C] ()
OVDecode.dll -> C:\WINDOWS\System32\OVDecode.dll -> [2011/04/05 22:09:48 | 000,059,904 | ---- | C] ()
K-Lite_Codec_Pack_666_Full.exe -> C:\Program Files\K-Lite_Codec_Pack_666_Full.exe -> [2011/01/14 19:43:32 | 014,786,095 | ---- | C] ()
ati2sgag.exe -> C:\WINDOWS\System32\ati2sgag.exe -> [2010/12/02 13:43:00 | 000,516,096 | ---- | C] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/11/29 03:17:30 | 000,000,664 | ---- | C] ()
mlfcache.dat -> C:\WINDOWS\System32\mlfcache.dat -> [2010/10/21 16:40:44 | 000,043,548 | -H-- | C] ()
d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2008/11/14 22:47:54 | 000,000,552 | ---- | C] ()
PCFriend.INI -> C:\WINDOWS\PCFriend.INI -> [2008/10/12 23:59:13 | 000,000,000 | ---- | C] ()
Sonyhcp.dll -> C:\WINDOWS\System32\drivers\Sonyhcp.dll -> [2007/11/19 14:07:58 | 000,003,654 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2007/10/10 10:18:17 | 000,000,118 | ---- | C] ()
QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2007/03/15 14:14:58 | 000,001,387 | ---- | C] ()
liveup.ini -> C:\WINDOWS\liveup.ini -> [2007/03/09 16:02:06 | 000,000,044 | ---- | C] ()
Textart.INI -> C:\WINDOWS\Textart.INI -> [2006/03/16 21:14:16 | 000,000,000 | ---- | C] ()
Blink.ini -> C:\WINDOWS\Blink.ini -> [2006/03/08 02:50:25 | 000,000,052 | ---- | C] ()
FxSetDll.INI -> C:\WINDOWS\FxSetDll.INI -> [2006/01/20 00:35:12 | 000,000,021 | ---- | C] ()
PFP120JPR.{PB -> C:\Documents and Settings\Sandra C\Application Data\PFP120JPR.{PB -> [2006/01/19 15:47:36 | 000,061,678 | ---- | C] ()
PFP120JCM.{PB -> C:\Documents and Settings\Sandra C\Application Data\PFP120JCM.{PB -> [2006/01/19 15:47:36 | 000,012,358 | ---- | C] ()
QTW.INI -> C:\WINDOWS\QTW.INI -> [2005/12/18 18:33:29 | 000,000,046 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2005/12/15 22:53:34 | 000,007,866 | ---- | C] ()
mpnatapi.dll -> C:\WINDOWS\System32\mpnatapi.dll -> [2005/12/14 12:20:33 | 000,013,312 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Sandra C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2005/12/11 13:09:56 | 000,035,328 | ---- | C] ()
dellstat.ini -> C:\WINDOWS\dellstat.ini -> [2005/12/10 17:32:33 | 000,000,861 | ---- | C] ()
dlbxins.dll -> C:\WINDOWS\System32\dlbxins.dll -> [2005/12/10 17:30:02 | 000,139,264 | ---- | C] ()
dlbxinsr.dll -> C:\WINDOWS\System32\dlbxinsr.dll -> [2005/12/10 17:30:02 | 000,098,304 | ---- | C] ()
dlbxvs.dll -> C:\WINDOWS\System32\dlbxvs.dll -> [2005/12/10 17:30:01 | 000,040,960 | ---- | C] ()
dlbxutil.dll -> C:\WINDOWS\System32\dlbxutil.dll -> [2005/12/10 17:29:59 | 000,397,312 | ---- | C] ()
dlbxcu.dll -> C:\WINDOWS\System32\dlbxcu.dll -> [2005/12/10 17:29:59 | 000,069,632 | ---- | C] ()
dlbxcur.dll -> C:\WINDOWS\System32\dlbxcur.dll -> [2005/12/10 17:29:59 | 000,032,768 | ---- | C] ()
dlbxinsb.dll -> C:\WINDOWS\System32\dlbxinsb.dll -> [2005/12/10 17:29:57 | 000,176,128 | ---- | C] ()
dlbxjswr.dll -> C:\WINDOWS\System32\dlbxjswr.dll -> [2005/12/10 17:29:57 | 000,135,168 | ---- | C] ()
dlbxcub.dll -> C:\WINDOWS\System32\dlbxcub.dll -> [2005/12/10 17:29:57 | 000,077,824 | ---- | C] ()
KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2005/12/08 10:58:05 | 000,003,350 | -HS- | C] ()
54FD0C73B9.sys -> C:\WINDOWS\System32\54FD0C73B9.sys -> [2005/12/08 10:58:05 | 000,000,056 | RHS- | C] ()
bvrp_pci.sys -> C:\WINDOWS\System32\drivers\bvrp_pci.sys -> [2005/12/08 10:46:35 | 000,004,272 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/12/08 01:01:56 | 000,000,376 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2005/12/07 23:39:46 | 000,000,002 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2005/11/28 16:40:19 | 000,000,061 | ---- | C] ()
UNWISE.EXE -> C:\WINDOWS\UNWISE.EXE -> [2005/11/28 16:37:05 | 000,149,504 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2005/11/28 16:31:09 | 000,000,564 | ---- | C] ()
nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2005/11/28 16:27:19 | 000,000,335 | ---- | C] ()
DVEMODEM.DAT -> C:\WINDOWS\System32\drivers\DVEMODEM.DAT -> [2005/11/28 16:08:18 | 000,000,017 | ---- | C] ()
setpwrcg.exe -> C:\WINDOWS\setpwrcg.exe -> [2005/11/28 16:08:08 | 000,049,152 | ---- | C] ()
atiicdxx.dat -> C:\WINDOWS\System32\atiicdxx.dat -> [2005/11/28 16:08:00 | 000,095,617 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2005/11/28 16:07:32 | 000,000,494 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 14:12:05 | 000,000,780 | ---- | C] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2004/08/10 14:07:31 | 000,002,048 | --S- | C] ()
emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2004/08/10 14:02:15 | 000,021,640 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 14:01:18 | 000,001,793 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 13:57:52 | 000,004,161 | ---- | C] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2004/08/10 13:57:15 | 000,216,064 | ---- | C] ()
secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/10 13:51:21 | 000,004,569 | ---- | C] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2004/08/10 13:51:20 | 000,471,450 | ---- | C] ()
perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2004/08/10 13:51:20 | 000,272,128 | ---- | C] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2004/08/10 13:51:20 | 000,082,306 | ---- | C] ()
perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2004/08/10 13:51:20 | 000,028,626 | ---- | C] ()
oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2004/08/10 13:51:18 | 000,004,627 | ---- | C] ()
oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2004/08/10 13:51:17 | 013,107,200 | ---- | C] ()
noise.dat -> C:\WINDOWS\System32\noise.dat -> [2004/08/10 13:51:16 | 000,000,741 | ---- | C] ()
mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2004/08/10 13:51:12 | 000,673,088 | ---- | C] ()
mib.bin -> C:\WINDOWS\System32\mib.bin -> [2004/08/10 13:51:11 | 000,046,258 | ---- | C] ()
dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2004/08/10 13:51:05 | 000,218,003 | ---- | C] ()
dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2004/08/10 13:50:56 | 000,001,804 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] ()
[File - Lop Check]
BVRP Software -> C:\Documents and Settings\All Users\Application Data\BVRP Software -> [2005/12/10 17:34:13 | 000,000,000 | ---D | M]
eBay -> C:\Documents and Settings\All Users\Application Data\eBay -> [2011/06/01 20:09:22 | 000,000,000 | ---D | M]
ErrorEND -> C:\Documents and Settings\All Users\Application Data\ErrorEND -> [2011/05/15 11:16:39 | 000,000,000 | ---D | M]
MSScanAppDataDir -> C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir -> [2005/12/12 17:38:35 | 000,000,000 | ---D | M]
PC Drivers HeadQuarters -> C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters -> [2010/12/02 03:07:39 | 000,000,000 | ---D | M]
PC-Doctor -> C:\Documents and Settings\All Users\Application Data\PC-Doctor -> [2011/05/27 23:26:42 | 000,000,000 | ---D | M]
PCDr -> C:\Documents and Settings\All Users\Application Data\PCDr -> [2011/05/27 23:26:41 | 000,000,000 | ---D | M]
PCSettings -> C:\Documents and Settings\All Users\Application Data\PCSettings -> [2011/05/06 11:38:48 | 000,000,000 | ---D | M]
RegCure -> C:\Documents and Settings\All Users\Application Data\RegCure -> [2011/04/06 14:20:35 | 000,000,000 | ---D | M]
SecTaskMan -> C:\Documents and Settings\All Users\Application Data\SecTaskMan -> [2011/06/02 22:30:32 | 000,000,000 | ---D | M]
Temp -> C:\Documents and Settings\All Users\Application Data\Temp -> [2011/01/09 22:15:25 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2005/11/28 16:28:21 | 000,000,000 | ---D | M]
WholeSecurity -> C:\Documents and Settings\All Users\Application Data\WholeSecurity -> [2009/01/12 12:00:27 | 000,000,000 | ---D | M]
WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2010/02/27 01:41:47 | 000,000,000 | ---D | M]
YAHOO -> C:\Documents and Settings\All Users\Application Data\YAHOO -> [2009/01/22 02:54:53 | 000,000,000 | ---D | M]
{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/07/21 12:36:03 | 000,000,000 | ---D | M]
avidemux -> C:\Documents and Settings\Sandra C\Application Data\avidemux -> [2011/05/29 09:38:43 | 000,000,000 | ---D | M]
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> C:\Documents and Settings\Sandra C\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [2009/05/02 21:06:00 | 000,000,000 | ---D | M]
eBay -> C:\Documents and Settings\Sandra C\Application Data\eBay -> [2011/06/01 20:09:22 | 000,000,000 | ---D | M]
ElevatedDiagnostics -> C:\Documents and Settings\Sandra C\Application Data\ElevatedDiagnostics -> [2010/11/24 12:13:41 | 000,000,000 | ---D | M]
Gygan -> C:\Documents and Settings\Sandra C\Application Data\Gygan -> [2010/11/17 20:15:35 | 000,000,000 | ---D | M]
Leadertech -> C:\Documents and Settings\Sandra C\Application Data\Leadertech -> [2005/12/09 22:16:04 | 000,000,000 | ---D | M]
OfficeUpdate12 -> C:\Documents and Settings\Sandra C\Application Data\OfficeUpdate12 -> [2007/02/11 17:46:40 | 000,000,000 | ---D | M]
PCDr -> C:\Documents and Settings\Sandra C\Application Data\PCDr -> [2011/05/28 23:53:32 | 000,000,000 | ---D | M]
PriceGong -> C:\Documents and Settings\Sandra C\Application Data\PriceGong -> [2011/06/04 10:10:42 | 000,000,000 | ---D | M]
Tific -> C:\Documents and Settings\Sandra C\Application Data\Tific -> [2011/05/25 23:35:37 | 000,000,000 | ---D | M]
Uniblue -> C:\Documents and Settings\Sandra C\Application Data\Uniblue -> [2010/12/01 18:42:12 | 000,000,000 | ---D | M]
xVideoServiceThief -> C:\Documents and Settings\Sandra C\Application Data\xVideoServiceThief -> [2011/06/02 13:59:40 | 000,000,000 | ---D | M]
User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job -> C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job -> [2011/06/04 10:14:55 | 000,000,444 | -H-- | M] ()
[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< MD5 Scans Start>
< %systemdrive%\EXPLORER.EXE /md5 /s >
explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\ERDNT\cache\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\ServicePackFiles\i386\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -> C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe -> [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=97BD6515465659FF8F3B7BE375B2EA87 -> C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=A0732187050030AE399B241436565E64 -> C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -> [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SVCHOST.EXE /md5 /s >
svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\ERDNT\cache\svchost.exe -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\ServicePackFiles\i386\svchost.exe -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\system32\svchost.exe -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
svchost.exe : MD5=8F078AE4ED187AAABC0A305146DE6716 -> C:\i386\svchost.exe -> [2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation)
svchost.exe : MD5=8F078AE4ED187AAABC0A305146DE6716 -> C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -> [2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation)
< %systemdrive%\USERINIT.EXE /md5 /s >
userinit.exe : MD5=39B1FFB03C2296323832ACBAE50D2AFF -> C:\i386\userinit.exe -> [2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation)
userinit.exe : MD5=39B1FFB03C2296323832ACBAE50D2AFF -> C:\WINDOWS\$NtServicePackUninstall$\userinit.exe -> [2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation)
userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\ERDNT\cache\userinit.exe -> [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\ServicePackFiles\i386\userinit.exe -> [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
< %systemdrive%\WINLOGON.EXE /md5 /s >
winlogon.exe : MD5=01C3346C241652F43AED8E2149881BFE -> C:\i386\winlogon.exe -> [2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation)
winlogon.exe : MD5=01C3346C241652F43AED8E2149881BFE -> C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -> [2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation)
winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\ERDNT\cache\winlogon.exe -> [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation)
winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\ServicePackFiles\i386\winlogon.exe -> [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation)
winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\system32\winlogon.exe -> [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
Restore point Set: OTS Restore Point (0)
< End of report >
#10
Posted 04 June 2011 - 10:58 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
What I am going to do now is disable some toolbars and your flv updater from running at start, it will not affect the programmes or the files. Once complete can you let me know if you still get the alerts and associated problems
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {1392b8d2-5c05-419f-a8f6-b9f15a596612} [HKLM] -> C:\Program Files\Freecorder\prxtbFre0.dll [Freecorder Toolbar]
YN -> {30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\prxConduitEngine.dll [Conduit Engine ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{1392b8d2-5c05-419f-a8f6-b9f15a596612}" [HKLM] -> C:\Program Files\Freecorder\prxtbFre0.dll [Freecorder Toolbar]
YN -> "{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files\ConduitEngine\prxConduitEngine.dll [Conduit Engine ]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\] > -> HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{1392B8D2-5C05-419F-A8F6-B9F15A596612}" [HKLM] -> C:\Program Files\Freecorder\prxtbFre0.dll [Freecorder Toolbar]
YN -> WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files\ConduitEngine\prxConduitEngine.dll [Conduit Engine ]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"]
YN -> "Freecorder FLV Service" -> C:\Program Files\Freecorder\FLVSrvc.exe ["C:\Program Files\Freecorder\FLVSrvc.exe" /run]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\] > -> HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\eBay\eBay Toolbar2\eBayTBBroker.exe" -> [C:\Program Files\eBay\eBay Toolbar2\eBayTBBroker.exe:*:Enabled:eBayTBBroker]
YN -> "C:\Program Files\eBay\eBay Toolbar2\eBayTBCareApp.exe" -> [C:\Program Files\eBay\eBay Toolbar2\eBayTBCareApp.exe:*:Enabled:eBayTBCareApp]
YN -> "C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" -> [C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe:*:Enabled:eBayTBDaemon]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
#11
Posted 04 June 2011 - 12:21 PM
SandyStone
- Topic Starter
-
- Member
-
- 69 posts
Member
Okay, the computer restarted and I did not get a report, maybe I missed something when I copied. Can I repeat the last step?
Edited by SandyStone, 04 June 2011 - 12:56 PM.
#12
Posted 04 June 2011 - 12:56 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Nope no need, could you run it for a bit now and let me know of any problems
#13
Posted 05 June 2011 - 02:04 PM
SandyStone
- Topic Starter
-
- Member
-
- 69 posts
Member
There is some sort of problem, I'll try to describe it as best as I can without knowing the terminolgy.
In post numer 8 there was a word that was double-underlined in green. It was right below or above %systemroot%\*./mp/s. I had a problem before when I had to copy and paste, I had to do it in two parts. The regular text would move when I scrolled, while the green double lined text stayed in one spot. At this moment I don't see the green double lined word, but I saw it earlier on today. Also when I click on anywhere on a non-link the scroll bar locks for about 2 seconds. Also I have to wait a moment for the curser to work.
I just checked out this locking thing on other sites and it just seems to be only this one that is slow.
On another less important note, FreeCorder does not appear in the, tool bar menu. Its not listed in manage add ons. It is listed in task manager processes.
In post numer 8 there was a word that was double-underlined in green. It was right below or above %systemroot%\*./mp/s. I had a problem before when I had to copy and paste, I had to do it in two parts. The regular text would move when I scrolled, while the green double lined text stayed in one spot. At this moment I don't see the green double lined word, but I saw it earlier on today. Also when I click on anywhere on a non-link the scroll bar locks for about 2 seconds. Also I have to wait a moment for the curser to work.
I just checked out this locking thing on other sites and it just seems to be only this one that is slow.
On another less important note, FreeCorder does not appear in the, tool bar menu. Its not listed in manage add ons. It is listed in task manager processes.
#14
Posted 05 June 2011 - 03:53 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Do you use freecorder ?
Do you mean this one
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
If so it is not a problem as it is a double check line
Do you mean this one
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
If so it is not a problem as it is a double check line
#15
Posted 05 June 2011 - 04:37 PM
SandyStone
- Topic Starter
-
- Member
-
- 69 posts
Member
I don't know which one it is, but I decided I am going to delete Freecorder because I've heard there are spyware/adware/trojan issues. Plus it starts to download whatever you are watching, whether or not you ever want to see it again, without permission.
Internet Download Manager looks better.
Internet Download Manager looks better.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
