Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE & Firefox both redirected with <URL>/go?<integer


  • Please log in to reply

#1
DaveTheBaskie

DaveTheBaskie

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

Totally baffled by this one!

Have tried to remove it using Malwarebytes, Kasperskey and Stinger, but none of them find it.

Search results for google or bing come up as usual, however, when mousing over the URL you would normally click on, the displayed URL in the bottom left is always http://www.google.co/go?884736 (or whatever - the integer is different every time and takes you to a mix of sites from other search engines to places I'd rather not go to at all.)

It may be a red herring, but at the same time as this, Kasperskey found a couple of Trojans embedded in Thunderbird caches. Now these would not have been touched for months or even years, but it suddenly still found them but just can't remove them. I ended up uninstalling TBird and deleting the directory containing the mailfile, so I know they have gone; Kasperskey now seems happy but does not find what is causing these redirects.

Hopefully, someone has seen this one before....any help would be dearly appreciated!

OTL log file starts :

OTL logfile created on: 03/10/2011 13:35:00 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Hotel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.74% Memory free
2.58 Gb Paging File | 2.36 Gb Available in Paging File | 91.72% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.45 Gb Total Space | 9.34 Gb Free Space | 13.07% Space Free | Partition Type: NTFS
Drive X: | 586.89 Gb Total Space | 375.26 Gb Free Space | 63.94% Space Free | Partition Type: NTFS
Drive Z: | 586.89 Gb Total Space | 375.26 Gb Free Space | 63.94% Space Free | Partition Type: NTFS

Computer Name: RECEPTION | User Name: Hotel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/03 12:23:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hotel\Desktop\OTL.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2006/08/01 23:57:04 | 000,018,748 | ---- | M] () -- C:\WINDOWS\system32\ddmon.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 17:10:28 | 001,524,544 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/06 17:07:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/05/07 13:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2008/04/14 01:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)


========== Driver Services (SafeList) ==========

DRV - [2011/01/20 17:28:25 | 000,477,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/08/19 22:08:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/05/07 01:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/05/07 01:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/02 21:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 15:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/10/02 19:46:08 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2005/08/17 07:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/03/07 22:51:00 | 000,049,968 | R--- | M] (Sunix) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snxpser.sys -- (SNXPSER)
DRV - [2001/03/07 22:51:00 | 000,023,248 | R--- | M] (Sunix) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snxppal.sys -- (SNXPPAL)
DRV - [2001/03/07 22:51:00 | 000,020,720 | R--- | M] (Sunix) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snxpcard.sys -- (SNXPCARD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://192.168.7.150/ie.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google.co.uk"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 19:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 09:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/01/20 17:29:24 | 000,000,000 | ---D | M]

[2010/04/10 16:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hotel\Application Data\Mozilla\Extensions
[2010/04/10 16:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hotel\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2006/02/21 22:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hotel\Application Data\Mozilla\Firefox\Profiles\5cokuf2r.default\extensions
[2011/10/03 11:18:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hotel\Application Data\Mozilla\Firefox\Profiles\7ia5lgj7.default\extensions
[2010/10/07 17:31:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Hotel\Application Data\Mozilla\Firefox\Profiles\7ia5lgj7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/27 08:47:03 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Hotel\Application Data\Mozilla\Firefox\Profiles\7ia5lgj7.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/12/23 11:34:20 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Hotel\Application Data\Mozilla\Firefox\Profiles\7ia5lgj7.default\extensions\[email protected]
[2007/07/23 13:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hotel\Application Data\Mozilla\Firefox\Profiles\7ia5lgj7.default\extensions\[email protected]
[2007/01/31 15:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hotel\Application Data\Mozilla\Sunbird\Profiles\8l3cdhlc.default\extensions
[2011/10/03 11:18:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 08:48:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 20:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/20 17:30:08 | 000,000,000 | ---D | M] (Kaspersky Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/20 17:30:09 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2004/11/13 04:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/25 23:05:14 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/25 23:05:14 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/25 23:05:15 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/25 23:05:16 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/09/29 16:52:38 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 95.64.61.159 www.google.com
O1 - Hosts: 95.64.61.160 www.bing.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B890A37D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [alarm.exe] C:\Program Files\Chaos Software\Chaos 7\alarm.exe (Chaos Software Group, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\easybook online booking module.lnk = C:\Program Files\EasyBook\ebonline.exe (Western Business Systems Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EasyBookStay.lnk = C:\Program Files\EasyBookStay\EasyBookStay.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhotoSupport present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRecycleBinSize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoExpandedNewMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} http://192.168.7.150/CMSPlugin.cab (PLUGIN Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1156763707515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://192.168.7.7/N...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{361F27AE-818D-4D4B-BFA4-51EEED99D983}: DhcpNameServer = 192.168.7.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6eebe7ee-0e66-11db-a7ac-001320bed558}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/03 12:23:30 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hotel\Desktop\OTL.exe
[2011/10/03 12:09:46 | 007,202,624 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Hotel\Desktop\stinger10.2.0.302.exe
[2011/10/03 09:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hotel\My Documents\New Folder (2)
[2011/10/03 09:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hotel\My Documents\New Folder
[2011/09/30 10:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hotel\Application Data\Xiehki
[2011/09/30 10:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hotel\Application Data\Ufniy
[2011/09/17 10:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hotel\Local Settings\Application Data\ABBYY
[2006/02/13 17:52:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/03 13:34:48 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Hotel\Desktop\stinger10.2.0.302.opt
[2011/10/03 12:23:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hotel\Desktop\OTL.exe
[2011/10/03 12:08:48 | 007,202,624 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Hotel\Desktop\stinger10.2.0.302.exe
[2011/10/03 07:33:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/03 07:32:04 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/10/03 07:31:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/03 07:31:50 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/01 11:02:19 | 001,331,878 | ---- | M] () -- C:\Documents and Settings\Hotel\Desktop\Hotel.zip
[2011/09/30 18:48:13 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\Hotel\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/15 08:19:16 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/09/15 08:19:16 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/09/14 09:04:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/03 13:34:48 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Hotel\Desktop\stinger10.2.0.302.opt
[2011/10/01 09:22:17 | 001,331,878 | ---- | C] () -- C:\Documents and Settings\Hotel\Desktop\Hotel.zip
[2011/06/24 14:50:23 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\HEMavcodec.dll
[2011/06/24 14:50:23 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\HEMmplayer.dll
[2011/06/02 12:20:21 | 000,139,215 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2011/06/02 12:20:21 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011/05/07 10:28:08 | 000,164,805 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/05/07 10:28:08 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2011/04/14 17:30:47 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2011/01/20 17:29:57 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/01/20 17:29:57 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/10/30 10:18:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2010/09/30 09:27:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2010/04/04 17:40:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/09/09 20:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/05/16 08:08:37 | 000,072,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/05/12 07:36:15 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Isb.dll
[2008/03/04 20:29:16 | 000,000,034 | ---- | C] () -- C:\WINDOWS\VAREG.INI
[2008/01/17 15:37:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/30 23:09:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/10/12 13:19:08 | 000,018,748 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2006/08/04 08:24:21 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/06/12 11:34:03 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Hotel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/31 22:08:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/19 12:37:00 | 000,001,061 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/05/02 15:24:38 | 000,070,144 | R--- | C] () -- C:\WINDOWS\System32\ENCODE32.DLL
[2006/05/02 15:24:38 | 000,018,944 | R--- | C] () -- C:\WINDOWS\System32\TALDM32A.dll
[2006/05/02 15:24:38 | 000,017,408 | R--- | C] () -- C:\WINDOWS\System32\TALDM32.DLL
[2006/02/21 23:24:09 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\FBD5F3AA53.sys
[2006/02/21 22:33:03 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/02/21 22:15:25 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2006/02/21 22:15:16 | 000,005,957 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/02/13 18:56:51 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/13 18:56:51 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\54213DF47F.sys
[2006/02/13 17:52:49 | 000,128,000 | ---- | C] () -- C:\WINDOWS\System32\Unwise.exe
[2006/02/13 17:52:46 | 000,030,793 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2006/02/13 17:52:45 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2006/02/13 17:45:51 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Hotel\Local Settings\Application Data\fusioncache.dat
[2006/02/13 17:21:19 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/13 16:54:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/07 19:36:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/07 19:34:37 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/07 19:31:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/07 19:08:30 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2006/02/07 19:08:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/02/07 19:08:00 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,466,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,445,890 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,073,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/03/31 19:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chaos Software
[2008/06/10 09:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eviivo
[2010/08/27 09:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2008/10/17 11:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/10/20 13:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/26 10:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/12/30 10:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/08/20 10:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2010/09/22 08:06:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DB4D1CE1-2C91-4C77-8322-3466A05028AA}
[2010/09/06 19:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\12Pay
[2010/09/19 08:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\BackToTheBeach
[2011/10/02 20:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\Chaos Software
[2009/12/10 14:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\com.constantcontact.add.to.constant.contact.93436992F81E3F56888A803A704436FF5667EB0D.1
[2006/10/12 13:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\deskPDF
[2009/02/18 18:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\Desktop Maestro
[2009/04/02 10:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\EasyBookStay.770ECB1F4EE3D9074CE6E116A207C4AC1C74BB8D.1
[2008/10/18 08:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\gnupg
[2011/04/14 17:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\HotSync
[2008/12/18 15:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\Jasc
[2006/02/25 13:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\Leadertech
[2006/12/04 10:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\MSNInstaller
[2009/02/18 13:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\PCToolsFirewallPlus
[2009/02/18 13:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\PCToolsSpamMonitorPlus
[2010/04/10 15:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\Serif
[2010/03/18 14:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\SpinTop
[2010/10/06 14:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\Temp
[2006/08/02 17:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\TextPad
[2009/06/26 10:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\Trusteer
[2010/12/30 11:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\TuneUp Software
[2011/09/30 19:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\Ufniy
[2006/04/12 14:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\VanDyke
[2011/09/30 10:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hotel\Application Data\Xiehki
[2011/10/03 07:32:04 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D786AE3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE2C623F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP