OTL logfile created on: 10/28/2011 1:07:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.96 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 77.28% Memory free
3.93 Gb Paging File | 3.49 Gb Available in Paging File | 88.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.31 Gb Total Space | 223.35 Gb Free Space | 78.01% Space Free | Partition Type: NTFS
Drive D: | 11.49 Gb Total Space | 1.92 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.67 Mb Free Space | 93.29% Space Free | Partition Type: FAT32
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/10/28 01:04:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2009/11/22 04:25:25 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/03/18 07:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/12 06:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe -- (STacSV)
SRV - [2009/09/04 20:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/09 03:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/06 00:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/03/02 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe -- (AESTFilters)
========== Driver Services (SafeList) ========== DRV - [2011/08/09 13:57:10 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/10/12 06:51:52 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/09/30 02:25:26 | 000,017,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Stopped] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)
DRV - [2009/09/02 01:59:42 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 22:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/29 16:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.jp.msn.com/HPALL/13 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010/09/24 17:39:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/27 08:22:24 | 000,000,000 | ---D | M]
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\HP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HP\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2011/10/27 19:07:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam2.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Facebook Update] C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0279F581-45C4-476E-A3D7-B7119C0E981B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{071731F0-E10C-4DA2-82A3-476A7F586E38}: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) -C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) -C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ========== [2011/10/28 01:04:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/10/27 19:29:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/27 19:25:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/27 18:14:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/27 18:14:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/27 18:14:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/27 18:13:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/27 18:12:57 | 000,000,000 | ---D | C] -- C:\pcxmuahah
[2011/10/27 18:07:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/27 18:06:13 | 004,274,802 | R--- | C] (Swearware) -- C:\pcxmuahah.exe
[2011/10/27 16:59:57 | 000,000,000 | ---D | C] -- C:\mbrfix
[2011/10/27 13:05:02 | 000,348,704 | ---- | C] (ESET spol. s r.o.) -- C:\EOlmarikRemover.exe
[2011/10/27 13:04:45 | 000,090,240 | ---- | C] (ESET spol. s r.o.) -- C:\EOlmarikTdl4Cleaner.exe
[2011/10/27 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\99882
[2011/10/27 08:39:01 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2011/10/27 08:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/27 08:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/27 08:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/27 07:43:36 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\ESET.NOD32.Anitvirus.5(32.and.64.bit)
[2011/10/27 07:43:18 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Crack
[2011/10/27 07:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/10/27 07:31:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\ESET
[2011/10/27 07:30:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\IObit
[2011/10/27 07:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/10/27 04:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/10/22 01:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\91D1
[2011/10/21 06:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/10/21 04:38:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\99882
[2011/10/21 04:37:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\D6A99
[2011/10/13 04:13:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\song_files
[2011/10/13 04:06:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Nicki Minaj - Fly ft. Rihanna - YouTube_files
[2011/10/13 04:05:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Katy Perry - Last Friday Night (T.G.I.F.) - YouTube_files
[2011/10/03 12:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\1816F
[2011/10/01 23:43:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Emma Watson Pics In Marie Claire Magazine_files
========== Files - Modified Within 30 Days ========== [2011/10/28 01:04:32 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/28 01:04:32 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/28 01:04:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/10/28 01:00:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/28 01:00:16 | 1581,867,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 00:58:31 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/10/27 23:18:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000UA.job
[2011/10/27 19:14:39 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 19:14:39 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 19:07:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/27 18:06:28 | 004,274,802 | R--- | M] (Swearware) -- C:\pcxmuahah.exe
[2011/10/27 16:59:52 | 000,138,820 | ---- | M] () -- C:\mbrfix.zip
[2011/10/27 13:05:17 | 000,348,704 | ---- | M] (ESET spol. s r.o.) -- C:\EOlmarikRemover.exe
[2011/10/27 13:04:50 | 000,090,240 | ---- | M] (ESET spol. s r.o.) -- C:\EOlmarikTdl4Cleaner.exe
[2011/10/27 05:18:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000Core.job
[2011/10/27 04:53:06 | 000,000,146 | ---- | M] () -- C:\Users\HP\Desktop\HP Wireless Assistant - Shortcut.lnk
[2011/10/26 00:34:24 | 000,000,012 | ---- | M] () -- C:\ProgramData\ReminderNextRun
[2011/10/20 11:25:41 | 000,001,118 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
[2011/10/13 04:13:05 | 000,161,129 | ---- | M] () -- C:\Users\Public\Documents\song.htm
[2011/10/13 04:06:07 | 000,124,740 | ---- | M] () -- C:\Users\Public\Documents\Nicki Minaj - Fly ft. Rihanna - YouTube.htm
[2011/10/13 04:05:53 | 000,136,723 | ---- | M] () -- C:\Users\Public\Documents\Katy Perry - Last Friday Night (T.G.I.F.) - YouTube.htm
[2011/10/09 19:30:33 | 000,000,044 | ---- | M] () -- C:\Windows\System32\imon1.dat
[2011/10/08 15:38:01 | 000,037,202 | ---- | M] () -- C:\Users\Public\Documents\200721_192821544084146_100000689055425_541820_1891414_n.jpg
[2011/10/07 10:12:38 | 000,173,379 | ---- | M] () -- C:\Users\HP\Documents\Snapshot.png
[2011/10/01 23:43:23 | 000,019,211 | ---- | M] () -- C:\Users\Public\Documents\Emma Watson Pics In Marie Claire Magazine.htm
[2011/10/01 03:26:09 | 000,081,710 | ---- | M] () -- C:\Users\Public\Documents\daniel-and-emma-harry-and-hermione-17153790-500-500 (1).jpg
========== Files Created - No Company Name ========== [2011/10/27 18:14:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/27 18:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/27 18:14:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/27 18:14:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/27 18:14:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/27 16:59:51 | 000,138,820 | ---- | C] () -- C:\mbrfix.zip
[2011/10/27 04:53:06 | 000,000,146 | ---- | C] () -- C:\Users\HP\Desktop\HP Wireless Assistant - Shortcut.lnk
[2011/10/20 11:25:41 | 000,001,118 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
[2011/10/19 05:13:38 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000UA.job
[2011/10/19 05:13:38 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000Core.job
[2011/10/13 04:13:05 | 000,161,129 | ---- | C] () -- C:\Users\Public\Documents\song.htm
[2011/10/13 04:06:04 | 000,124,740 | ---- | C] () -- C:\Users\Public\Documents\Nicki Minaj - Fly ft. Rihanna - YouTube.htm
[2011/10/13 04:05:49 | 000,136,723 | ---- | C] () -- C:\Users\Public\Documents\Katy Perry - Last Friday Night (T.G.I.F.) - YouTube.htm
[2011/10/11 09:14:12 | 000,001,206 | ---- | C] () -- C:\Users\HP\Desktop\RealPlayer.lnk
[2011/10/08 15:38:29 | 000,037,202 | ---- | C] () -- C:\Users\Public\Documents\200721_192821544084146_100000689055425_541820_1891414_n.jpg
[2011/10/07 10:12:38 | 000,173,379 | ---- | C] () -- C:\Users\HP\Documents\Snapshot.png
[2011/10/01 23:43:19 | 000,019,211 | ---- | C] () -- C:\Users\Public\Documents\Emma Watson Pics In Marie Claire Magazine.htm
[2011/10/01 03:26:12 | 000,081,710 | ---- | C] () -- C:\Users\Public\Documents\daniel-and-emma-harry-and-hermione-17153790-500-500 (1).jpg
[2011/07/18 17:37:26 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
[2011/02/22 20:29:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\imon1.dat
[2010/09/24 17:38:21 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/24 17:38:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/24 17:38:10 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/24 17:38:09 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/09/24 17:38:07 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/09/24 17:38:02 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/02/24 18:28:27 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/02/24 18:22:53 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/02/24 18:21:03 | 000,000,276 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/02/24 18:21:03 | 000,000,217 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2009/09/27 21:49:50 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,419,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 22:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ========== [2011/10/27 05:18:18 | 000,000,894 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000Core.job
[2011/10/27 23:18:03 | 000,000,916 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000UA.job
[2011/10/21 09:21:28 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2011/10/27 13:05:17 | 000,348,704 | ---- | M] (ESET spol. s r.o.) -- C:\EOlmarikRemover.exe
[2011/10/27 13:04:50 | 000,090,240 | ---- | M] (ESET spol. s r.o.) -- C:\EOlmarikTdl4Cleaner.exe
[2011/10/28 01:04:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/10/27 18:06:28 | 004,274,802 | R--- | M] (Swearware) -- C:\pcxmuahah.exe
< MD5 for: EXPLORER.EXE >[2009/11/22 04:25:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/10/27 07:59:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2011/10/27 07:59:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/11/22 04:25:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/11/22 04:25:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\explorer.exe
[2009/11/22 04:25:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
< MD5 for: SVCHOST.EXE >[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: USERINIT.EXE >[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s > < >< End of report >