Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Babylon search.

Started by Ste , Oct 27 2011 11:54 AM

Please log in to reply

#16
Ste

Posted 10 November 2011 - 12:49 PM

Member

Topic Starter
Member
240 posts

Hi Ron, I don't know if it did what it was supposed to do but I couldn't get online afterwards so I used SR.

Attached Files

11102011_180737.log 10.39KB 159 downloads

#17
RKinner

Posted 10 November 2011 - 01:03 PM

Malware Expert

Expert
24,625 posts

Run OTL Quickscan and post the log

#18
Ste

Posted 10 November 2011 - 02:09 PM

Member

Topic Starter
Member
240 posts

Hi Ron, not sure where my last post went, I've done this once. The message was that I did as you instructed but then I couldn't get online. I used system restore which worked but then about six icons disappeared from my desktop after using Comodo system cleaner as I do regularly. Then 'all' my desktop icons disappeared. I had to start in safe mode to get back again?

11102011_180737.log 10.39KB 197 downloads

#19
RKinner

Posted 10 November 2011 - 02:27 PM

Malware Expert

Expert
24,625 posts

Your post was there. I need a new OTL Quickscan log.

I have no idea what Comodo did. Would be best if you did not run other cleaning programs until we are done.

Ron

#20
Ste

Posted 10 November 2011 - 06:15 PM

Member

Topic Starter
Member
240 posts

Yes sorry my post was on the next page...

OTL.Txt 109.27KB 136 downloads

#21
RKinner

Posted 10 November 2011 - 07:50 PM

Malware Expert

Expert
24,625 posts

I'm starting to think that it is less a case of zero access and more a case of OTL doesn't understand your system. Let's check on some files that OTL says are missing:

Copy the text in the code box by highlighting and Ctrl + c


/md5start
mswsock.dll
winrnr.dll 
userinit.exe
SHELL32.dll
browseui.dll
mshtml.dll
inetcomm.dll 
urlmon.dll
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done. Save the log and copy and paste it to a reply.

#22
Ste

Posted 11 November 2011 - 04:28 AM

Member

Topic Starter
Member
240 posts

OTL logfile created on: 11/11/2011 10:15:45 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.81 Gb Available Physical Memory | 85.10% Memory free
11.57 Gb Paging File | 10.57 Gb Available in Paging File | 91.33% Paging File free
Paging file location(s): c:\pagefile.sys 4090 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 95.93 Gb Free Space | 64.37% Space Free | Partition Type: NTFS
Drive E: | 677.60 Gb Total Space | 521.00 Gb Free Space | 76.89% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 49.99 Gb Free Space | 67.08% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 48.84 Gb Free Space | 50.01% Space Free | Partition Type: NTFS
Drive H: | 97.65 Gb Total Space | 10.06 Gb Free Space | 10.30% Space Free | Partition Type: NTFS
Drive I: | 58.59 Gb Total Space | 18.91 Gb Free Space | 32.28% Space Free | Partition Type: NTFS

Computer Name: CELLARPOWER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 23:06:11 | 000,201,816 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrB.exe
PRC - [2011/11/08 11:13:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/28 12:19:26 | 001,700,600 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
PRC - [2011/10/18 23:05:05 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/17 09:40:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\SysWOW64\nlssrv32.exe
PRC - [2011/04/19 10:09:28 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2011/04/18 19:30:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/01/22 14:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011/01/22 14:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010/06/13 10:27:32 | 019,384,088 | ---- | M] (Firetrust Ltd) -- C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe
PRC - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2008/10/14 20:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/10 23:06:11 | 000,201,816 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrB.exe
MOD - [2011/11/02 09:57:55 | 008,522,400 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/28 12:19:26 | 001,097,480 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avcodec-53.dll
MOD - [2011/10/28 12:19:26 | 000,189,192 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avformat-53.dll
MOD - [2011/10/28 12:19:26 | 000,121,608 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avutil-51.dll
MOD - [2011/10/18 23:05:05 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
MOD - [2011/07/19 09:03:02 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/01/22 14:57:54 | 000,050,056 | ---- | M] () -- C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
MOD - [2010/05/28 12:57:36 | 000,801,976 | ---- | M] () -- C:\Program Files (x86)\FireTrust\MailWasher Pro\ContactsLib.dll
MOD - [2010/04/19 07:48:28 | 000,277,904 | ---- | M] () -- C:\Program Files (x86)\FireTrust\MailWasher Pro\sqlite3.dll
MOD - [2009/08/25 16:51:10 | 000,155,320 | ---- | M] () -- C:\Program Files (x86)\FireTrust\MailWasher Pro\mailprefs.dll
MOD - [2009/06/25 14:40:04 | 000,977,080 | ---- | M] () -- C:\Program Files (x86)\FireTrust\MailWasher Pro\MCore.dll
MOD - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
MOD - [2008/12/05 16:03:52 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ycc.dll
MOD - [2008/11/25 16:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\libxml2.dll
MOD - [2008/09/12 16:39:34 | 000,611,936 | ---- | M] () -- C:\Program Files (x86)\FireTrust\MailWasher Pro\MailAnalysis.dll
MOD - [2004/10/05 02:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/07 18:47:16 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/12/09 12:08:14 | 000,371,648 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe -- (Cleaner_Validator)
SRV:64bit: - [2010/11/15 10:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2011/11/10 23:06:11 | 000,201,816 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/18 23:05:05 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/17 09:40:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/04/18 19:30:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/22 14:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/11/11 10:01:23 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011/11/07 21:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/05/03 13:59:07 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\giveio.sys -- (giveio)
DRV - [2010/10/03 22:54:04 | 000,012,544 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys -- (RapportIaso)
DRV - [2005/03/25 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ephotozine.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2011/04/19 10:09:44 | 000,000,000 | ---D | M]

Hosts file not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\Update\1.3.21.53\%ProgramW6432%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit File not found
O4:64bit: - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_16_Plus_Download_Version\TrayServer.exe (MAGIX AG)
O4 - HKCU..\Run: [EPSON Stylus Photo R2400] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATI9SE.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_S9.tmp" /EF "HKCU" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: &WordWeb... - C:\WINDOWS\SysWow64\wweb32.dll (Antony Lewis)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1302444191359 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1302445274968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF423631-186A-4595-AD77-BAF62329AC46}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF423631-186A-4595-AD77-BAF62329AC46}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\guard64.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\guard32.dll) -C:\WINDOWS\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) -C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/19 10:02:17 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/04/10 14:34:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 00:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Latest OTL
[2011/11/10 18:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (3)
[2011/11/10 18:03:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/10 11:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\new otl
[2011/11/10 10:10:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/11/09 19:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Epson profiles I think
[2011/11/09 10:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2011/11/08 11:14:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/11/08 10:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SDL International
[2011/11/06 14:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
[2011/11/06 11:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\6th Nov 11
[2011/11/06 11:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Aftermath
[2011/11/03 13:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2011/11/02 16:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2011/11/02 16:32:54 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/11/01 09:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2011/10/28 11:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\A3 printers
[2011/10/28 09:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Malwarebytes
[2011/10/25 22:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/10/24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\SysWow64\QuickTime.qts
[2011/10/23 17:43:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\SysWow64\javaws.exe
[2011/10/23 17:43:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\SysWow64\javaw.exe
[2011/10/23 17:43:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\SysWow64\java.exe
[2011/10/18 22:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ubisoft
[2011/10/17 22:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HideIPEasy
[2011/10/17 10:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HideIPEasy
[2011/10/12 19:16:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\solcache
[2011/10/12 19:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra On-Line
[2011/10/12 15:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\FoxTab Video To MP3
[2011/10/12 15:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxTabVideoToMP3
[2011/10/12 15:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\JockerSoft
[2011/10/12 15:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JockerSoft
[2011/10/12 15:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CodecInstaller
[2011/10/12 15:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVS4YOU
[2011/10/12 15:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2011/10/12 15:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\AVS4YOU
[2011/10/12 15:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
[2011/10/12 15:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2011/10/12 15:31:09 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc70.dll
[2011/10/12 15:31:09 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcp70.dll
[2011/10/12 15:31:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3a.dll
[2011/10/12 15:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2011/10/12 15:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/10/12 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/11 10:04:25 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/11 10:01:23 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\gdrv.sys
[2011/11/11 10:00:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 00:16:52 | 000,022,472 | ---- | M] () -- C:\WINDOWS\cscmondump.bin
[2011/11/11 00:16:44 | 003,662,442 | ---- | M] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011/11/11 00:16:44 | 000,535,882 | ---- | M] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011/11/10 23:42:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 23:06:11 | 000,201,816 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2011/11/10 23:06:11 | 000,201,816 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2011/11/10 15:46:11 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2011/11/10 14:43:55 | 000,002,545 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Outlook 2007.lnk
[2011/11/10 14:42:25 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/10 12:40:52 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD05BF6F-7FF7-43A5-AC6E-54A8B757702E}.job
[2011/11/09 20:59:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\meoShakeIcon.job
[2011/11/09 20:18:27 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/09 20:13:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb
[2011/11/09 20:12:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb
[2011/11/09 10:12:56 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/11/08 22:31:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/08 16:45:09 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db
[2011/11/08 11:13:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/11/07 10:29:36 | 003,155,647 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\r2400_ug.pdf
[2011/11/05 20:15:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/03 11:01:28 | 000,016,711 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Talktalk webspace.htm
[2011/11/03 10:48:45 | 000,310,457 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Webspace.pdf
[2011/11/02 16:32:56 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/11/02 09:57:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/01 09:57:16 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2011/10/31 18:06:09 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Adobe Dreamweaver CS5.5.lnk
[2011/10/31 02:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CELLARPOWER-Administrator.job
[2011/10/27 09:30:55 | 000,000,251 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2011/10/27 09:21:46 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\UserFlag.ini
[2011/10/26 10:19:03 | 005,434,009 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Toshiba C660 Review at D.I.D Electrical - YouTube.flv
[2011/10/24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\SysWow64\QuickTime.qts
[2011/10/18 23:05:05 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2011/10/18 22:49:54 | 000,001,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Far Cry® 2.lnk
[2011/10/16 12:48:05 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011/10/16 12:48:05 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011/10/15 12:06:23 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sound Recorder.lnk
[2011/10/13 13:03:16 | 000,626,688 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/10/12 15:56:55 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FoxTab Video To MP3.lnk
[2011/10/12 15:01:58 | 000,009,728 | ---- | M] () -- C:\WINDOWS\SysWow64\BASSMOD.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/09 20:59:49 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\meoShakeIcon.job
[2011/11/09 10:12:56 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/11/08 16:45:04 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db
[2011/11/07 10:19:40 | 003,155,647 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\r2400_ug.pdf
[2011/11/03 11:01:28 | 000,016,711 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Talktalk webspace.htm
[2011/11/03 10:50:19 | 000,310,457 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Webspace.pdf
[2011/11/01 09:57:16 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2011/10/31 18:06:09 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Adobe Dreamweaver CS5.5.lnk
[2011/10/31 16:54:51 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
[2011/10/31 16:51:35 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/10/31 16:51:23 | 000,001,218 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/10/31 16:51:10 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/10/31 16:49:57 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Widget Browser.lnk
[2011/10/31 16:49:19 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011/10/27 09:21:46 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2011/10/27 09:21:46 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\UserFlag.ini
[2011/10/26 10:18:17 | 005,434,009 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Toshiba C660 Review at D.I.D Electrical - YouTube.flv
[2011/10/18 22:49:54 | 000,001,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Far Cry® 2.lnk
[2011/10/16 12:39:10 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011/10/16 12:39:10 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011/10/12 15:56:55 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FoxTab Video To MP3.lnk
[2011/10/12 15:01:58 | 000,009,728 | ---- | C] () -- C:\WINDOWS\SysWow64\BASSMOD.dll
[2011/09/19 10:26:07 | 000,004,096 | ---- | C] () -- C:\WINDOWS\SysWow64\HDREfexProFC64.dll
[2011/09/12 18:06:41 | 000,120,200 | ---- | C] () -- C:\WINDOWS\SysWow64\DLLDEV32i.dll
[2011/09/10 22:20:55 | 003,662,442 | ---- | C] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011/09/10 22:20:55 | 000,535,882 | ---- | C] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011/09/10 12:49:19 | 000,022,472 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2011/09/07 09:23:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2011/07/31 18:31:38 | 003,854,848 | ---- | C] () -- C:\WINDOWS\SysWow64\ffmpeg.dll
[2011/07/19 19:08:04 | 000,074,752 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2011/07/19 19:06:48 | 000,259,584 | ---- | C] () -- C:\WINDOWS\SysWow64\TomsMoComp_ff.dll
[2011/07/19 19:06:36 | 000,158,208 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_unrar.dll
[2011/07/19 19:06:34 | 001,524,224 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_samplerate.dll
[2011/07/19 19:06:34 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_wmv9.dll
[2011/07/19 19:06:32 | 000,145,920 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_libmad.dll
[2011/07/19 19:06:30 | 000,136,704 | ---- | C] () -- C:\WINDOWS\SysWow64\libmpeg2_ff.dll
[2011/07/19 19:06:30 | 000,113,664 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_liba52.dll
[2011/07/19 19:06:28 | 000,327,680 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_libfaad2.dll
[2011/07/19 19:06:28 | 000,211,456 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_libdts.dll
[2011/07/12 14:52:47 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs
[2011/07/12 14:51:32 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe GIF Format CS5 Prefs
[2011/07/08 14:23:16 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 09:34:51 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2011/05/30 13:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2011/05/23 07:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2011/05/09 12:55:12 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe BMP Format CS5 Prefs
[2011/05/03 13:59:07 | 000,005,248 | ---- | C] () -- C:\WINDOWS\SysWow64\giveio.sys
[2011/04/26 16:24:35 | 000,111,932 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPrinterDB.dat
[2011/04/26 16:24:35 | 000,031,053 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern131.dat
[2011/04/26 16:24:35 | 000,027,417 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern121.dat
[2011/04/26 16:24:35 | 000,026,154 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern1.dat
[2011/04/26 16:24:35 | 000,024,903 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern3.dat
[2011/04/26 16:24:35 | 000,021,390 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern5.dat
[2011/04/26 16:24:35 | 000,020,148 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern2.dat
[2011/04/26 16:24:35 | 000,011,811 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern4.dat
[2011/04/26 16:24:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern6.dat
[2011/04/26 16:24:35 | 000,001,146 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_DU.dat
[2011/04/26 16:24:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_PT.dat
[2011/04/26 16:24:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_BP.dat
[2011/04/26 16:24:35 | 000,001,136 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_ES.dat
[2011/04/26 16:24:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_FR.dat
[2011/04/26 16:24:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_CF.dat
[2011/04/26 16:24:35 | 000,001,120 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_IT.dat
[2011/04/26 16:24:35 | 000,001,107 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_GE.dat
[2011/04/26 16:24:35 | 000,001,104 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_EN.dat
[2011/04/26 16:24:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\SysWow64\PICSDK.ini
[2011/04/26 16:18:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER2400.ini
[2011/04/23 21:26:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/22 10:20:53 | 000,000,032 | ---- | C] () -- C:\WINDOWS\SysWow64\EUOD.DAT
[2011/04/19 10:18:45 | 000,201,816 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2011/04/19 10:18:44 | 000,837,192 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2011/04/19 10:18:44 | 000,075,136 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2011/04/19 09:51:42 | 000,002,623 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2011/04/10 15:40:02 | 000,626,688 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/04/10 15:19:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/10 14:38:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/10 13:58:01 | 000,037,376 | R--- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2011/03/03 11:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\SysWow64\mkx.dll
[2011/03/03 11:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\SysWow64\avi.dll
[2011/03/03 11:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\SysWow64\mp4.dll
[2011/03/03 11:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\ogm.dll
[2011/03/03 11:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\SysWow64\dsmux.exe
[2011/03/03 11:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\SysWow64\ts.dll
[2011/03/03 11:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\SysWow64\dxr.dll
[2011/03/03 11:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\SysWow64\avs.dll
[2011/03/03 11:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\SysWow64\mkv2vfr.exe
[2011/03/03 11:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\SysWow64\avss.dll
[2011/03/03 11:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\SysWow64\gdsmux.exe
[2011/03/03 11:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\SysWow64\mkzlib.dll
[2011/03/03 11:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SysWow64\mkunicode.dll
[2010/10/03 22:16:26 | 000,302,592 | ---- | C] () -- C:\WINDOWS\SysWow64\HDREfexProFC32.dll
[2010/08/18 19:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\SysWow64\Registration.ini
[2009/08/11 21:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\SysWow64\ac3config.exe
[2009/08/11 21:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\SysWow64\ac3filter_intl.dll
[2009/03/21 08:47:30 | 000,001,024 | ---- | C] () -- C:\WINDOWS\SysWow64\r0vdmyq.dll
[2009/03/21 08:47:30 | 000,001,024 | ---- | C] () -- C:\WINDOWS\SysWow64\grcauth2.dll
[2009/03/21 08:47:30 | 000,001,024 | ---- | C] () -- C:\WINDOWS\SysWow64\grcauth1.dll
[2009/03/21 08:47:30 | 000,001,024 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth2.dll
[2009/03/21 08:47:30 | 000,001,024 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth1.dll
[2009/03/21 08:47:30 | 000,000,334 | ---- | C] () -- C:\WINDOWS\SysWow64\pp76706.dll
[2009/03/21 08:47:30 | 000,000,100 | ---- | C] () -- C:\WINDOWS\SysWow64\prsgrc.dll
[2009/03/21 08:47:30 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SysWow64\ssprs.dll
[2009/03/21 08:47:30 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\SysWow64\f7d1p74.dll
[2008/11/06 15:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\SysWow64\qt-dx331.dll
[2006/03/04 04:52:00 | 000,088,576 | ---- | C] () -- C:\WINDOWS\SysWow64\OptimFROG.dll
[2005/03/25 12:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2005/03/25 12:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2005/03/25 12:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2005/03/25 12:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 12:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2005/03/25 12:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2005/03/25 12:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2005/03/25 12:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2005/03/25 12:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2005/03/25 12:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 12:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2005/03/25 12:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 12:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2005/03/25 12:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2005/03/25 12:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2005/03/25 12:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2005/03/25 12:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2005/03/25 12:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 12:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 12:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2005/03/25 12:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2005/03/25 12:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe

========== Custom Scans ==========

< >

< MD5 for: BROWSEUI.DLL >
[2010/12/21 11:36:38 | 001,605,120 | ---- | M] (Microsoft Corporation) MD5=002424F3AE6D770ABD86EB26808E2A90 -- C:\WINDOWS\$hf_mig$\KB2482017\SP2QFE\browseui.dll
[2007/02/16 23:05:24 | 001,605,120 | ---- | M] (Microsoft Corporation) MD5=27692B7692EA8689D0DF3B8D0E13B933 -- C:\WINDOWS\$NtUninstallKB2482017$\browseui.dll
[2007/02/16 23:05:24 | 001,605,120 | ---- | M] (Microsoft Corporation) MD5=27692B7692EA8689D0DF3B8D0E13B933 -- C:\WINDOWS\ServicePackFiles\amd64\browseui.dll
[2005/03/25 12:00:00 | 001,601,536 | ---- | M] (Microsoft Corporation) MD5=29F0A489F3B4321DCBF5AE4472D12F32 -- C:\WINDOWS\$NtServicePackUninstall$\browseui.dll
[2010/12/21 11:39:38 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=76AF936DAD372092DB71C3AD52CF8708 -- C:\WINDOWS\SysWOW64\browseui.dll

< MD5 for: INETCOMM.DLL >
[2011/05/02 22:28:00 | 001,180,672 | ---- | M] (Microsoft Corporation) MD5=000BBEF85270C552C90AA8F32477D0E3 -- C:\WINDOWS\$NtUninstallKB2544893-v2$\inetcomm.dll
[2011/10/10 22:07:08 | 001,180,672 | ---- | M] (Microsoft Corporation) MD5=052ED3D55057B1447A62AA21B8E21DA2 -- C:\WINDOWS\SoftwareDistribution\Download\dfc107817db463009adb94fb93801baa\SP2GDR\inetcomm.dll
[2010/02/01 12:48:36 | 001,179,648 | ---- | M] (Microsoft Corporation) MD5=179DEAD74F88ED6D6254CA974EE48127 -- C:\WINDOWS\$hf_mig$\KB978542\SP2QFE\inetcomm.dll
[2011/03/07 15:13:00 | 001,180,672 | ---- | M] (Microsoft Corporation) MD5=18B2C260290A44E03CC176F2FC7915D9 -- C:\WINDOWS\$NtUninstallKB2544893$\inetcomm.dll
[2007/05/03 09:23:40 | 001,179,136 | ---- | M] (Microsoft Corporation) MD5=20F0A294DCA41B50F1640E8A5888756D -- C:\WINDOWS\$NtUninstallKB978542$\inetcomm.dll
[2011/03/07 15:10:16 | 001,180,672 | ---- | M] (Microsoft Corporation) MD5=27F2598FBD6AEBB9B067D6AABAF822D1 -- C:\WINDOWS\$hf_mig$\KB2503658\SP2QFE\inetcomm.dll
[2011/05/02 22:25:18 | 001,180,672 | ---- | M] (Microsoft Corporation) MD5=46E6AF0F3FEB712D6CA872CC565F3EA5 -- C:\WINDOWS\$hf_mig$\KB2544893\SP2QFE\inetcomm.dll
[2010/08/09 17:15:20 | 001,180,672 | ---- | M] (Microsoft Corporation) MD5=6E824A9EA80FEDC86738057CE4CFA164 -- C:\WINDOWS\$hf_mig$\KB2141007\SP2QFE\inetcomm.dll
[2010/08/09 17:25:02 | 001,180,672 | ---- | M] (Microsoft Corporation) MD5=7FE8146FD813A6DCAF38F65383434000 -- C:\WINDOWS\$NtUninstallKB2503658$\inetcomm.dll
[2011/10/10 22:03:14 | 001,180,672 | ---- | M] (Microsoft Corporation) MD5=877CD3AC0D5584AF8322409656938B5D -- C:\WINDOWS\$hf_mig$\KB2544893-v2\SP2QFE\inetcomm.dll
[2011/10/10 22:03:14 | 001,180,672 | ---- | M] (Microsoft Corporation) MD5=877CD3AC0D5584AF8322409656938B5D -- C:\WINDOWS\SoftwareDistribution\Download\dfc107817db463009adb94fb93801baa\SP2QFE\inetcomm.dll
[2007/05/03 21:51:28 | 001,179,136 | ---- | M] (Microsoft Corporation) MD5=C777FEDF078E2372AD7E2D7E233AC611 -- C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
[2010/02/01 12:52:08 | 001,179,648 | ---- | M] (Microsoft Corporation) MD5=D6688EB37B9B0C24CAA14A60B1811E07 -- C:\WINDOWS\$NtUninstallKB2141007$\inetcomm.dll
[2005/03/25 12:00:00 | 001,159,168 | ---- | M] (Microsoft Corporation) MD5=DB47F569713B68134096CA2A700F20FD -- C:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll
[2007/02/16 23:30:38 | 001,172,480 | ---- | M] (Microsoft Corporation) MD5=EEA51601B53A706C608C2E16020B1292 -- C:\WINDOWS\$NtUninstallKB929123$\inetcomm.dll
[2007/02/16 23:30:38 | 001,172,480 | ---- | M] (Microsoft Corporation) MD5=EEA51601B53A706C608C2E16020B1292 -- C:\WINDOWS\ServicePackFiles\amd64\inetcomm.dll
[2011/10/10 22:07:08 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=FF74B93EC137D0F82AFFA6AE90227916 -- C:\WINDOWS\SysWOW64\inetcomm.dll

< MD5 for: MSHTML.DLL >
[2011/10/03 08:37:02 | 005,971,456 | ---- | M] (Microsoft Corporation) MD5=02028262EEB57BB5268AE142BB3CBE60 -- C:\WINDOWS\SysWOW64\mshtml.dll
[2010/05/07 08:45:12 | 009,250,816 | ---- | M] (Microsoft Corporation) MD5=109E500BE9AF3D7BED8C34F8787092CE -- C:\WINDOWS\ie8updates\KB2482017-IE8\mshtml.dll
[2010/05/07 08:45:12 | 009,250,816 | ---- | M] (Microsoft Corporation) MD5=109E500BE9AF3D7BED8C34F8787092CE -- C:\WINDOWS\SoftwareDistribution\Download\ed9105b5e111986564baf577b542af79\SP2GDR\mshtml.dll
[2011/07/25 22:43:08 | 009,278,976 | ---- | M] (Microsoft Corporation) MD5=1D5972972C8DB6DF2BCAC5F4C28211F4 -- C:\WINDOWS\ie8updates\KB2586448-IE8\mshtml.dll
[2011/10/03 08:33:16 | 009,287,168 | ---- | M] (Microsoft Corporation) MD5=210088A801EC6E21FAD31F8517FE3350 -- C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP2QFE\mshtml.dll
[2010/12/21 04:38:06 | 009,264,640 | ---- | M] (Microsoft Corporation) MD5=3B9EC4694BFD43710CD096B9E7A1FBB8 -- C:\WINDOWS\ie8updates\KB2497640-IE8\mshtml.dll
[2010/12/21 04:38:06 | 009,264,640 | ---- | M] (Microsoft Corporation) MD5=3B9EC4694BFD43710CD096B9E7A1FBB8 -- C:\WINDOWS\SoftwareDistribution\Download\44cf33bf5888f4d6a13d260e8149e72b\SP2GDR\mshtml.dll
[2011/05/31 03:21:08 | 009,273,856 | ---- | M] (Microsoft Corporation) MD5=43F02C804989E3A6645E6336C3BCBDC0 -- C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP2QFE\mshtml.dll
[2010/12/21 04:33:36 | 009,265,152 | ---- | M] (Microsoft Corporation) MD5=4B54F1DFE4D974939158D107AEC1A3E8 -- C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP2QFE\mshtml.dll
[2010/12/21 04:33:36 | 009,265,152 | ---- | M] (Microsoft Corporation) MD5=4B54F1DFE4D974939158D107AEC1A3E8 -- C:\WINDOWS\SoftwareDistribution\Download\44cf33bf5888f4d6a13d260e8149e72b\SP2QFE\mshtml.dll
[2011/05/31 03:24:48 | 009,272,320 | ---- | M] (Microsoft Corporation) MD5=5DFC7DF0AD25E6DCBBE6671501BC71E1 -- C:\WINDOWS\ie8updates\KB2559049-IE8\mshtml.dll
[2009/03/08 03:46:50 | 009,238,016 | ---- | M] (Microsoft Corporation) MD5=76542A1F1E5F07AF24A31D1354D11D35 -- C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll
[2005/03/25 12:00:00 | 005,928,448 | ---- | M] (Microsoft Corporation) MD5=CDE13AF452535D6EFEE6882D1C2CC800 -- C:\WINDOWS\$NtServicePackUninstall$\mshtml.dll
[2011/02/23 04:07:16 | 009,265,664 | ---- | M] (Microsoft Corporation) MD5=DA34E471C224849A2A57974EECEF4308 -- C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP2QFE\mshtml.dll
[2011/07/25 22:39:54 | 009,281,536 | ---- | M] (Microsoft Corporation) MD5=E55B9F1BE387E489F0832F7B9285DA65 -- C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP2QFE\mshtml.dll
[2010/12/21 11:36:38 | 006,033,408 | ---- | M] (Microsoft Corporation) MD5=E7080B290D4FE6C51AF3D03EEAA180F4 -- C:\WINDOWS\$hf_mig$\KB2482017\SP2QFE\mshtml.dll
[2010/05/06 20:00:16 | 009,254,912 | ---- | M] (Microsoft Corporation) MD5=E9E99482DB42F63F8A3166FF6999516A -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP2QFE\mshtml.dll
[2010/05/06 20:00:16 | 009,254,912 | ---- | M] (Microsoft Corporation) MD5=E9E99482DB42F63F8A3166FF6999516A -- C:\WINDOWS\SoftwareDistribution\Download\ed9105b5e111986564baf577b542af79\SP2QFE\mshtml.dll
[2007/02/16 23:38:38 | 005,999,616 | ---- | M] (Microsoft Corporation) MD5=F7AF10306D6FB7011BF0D4F89E6A6106 -- C:\WINDOWS\ie8\mshtml.dll
[2007/02/16 23:38:38 | 005,999,616 | ---- | M] (Microsoft Corporation) MD5=F7AF10306D6FB7011BF0D4F89E6A6106 -- C:\WINDOWS\ServicePackFiles\amd64\mshtml.dll
[2011/02/23 04:10:16 | 009,265,664 | ---- | M] (Microsoft Corporation) MD5=FD140001D20F817099217615DFCE6EEB -- C:\WINDOWS\ie8updates\KB2530548-IE8\mshtml.dll

< MD5 for: MSWSOCK.DLL >
[2005/03/25 12:00:00 | 000,489,472 | ---- | M] (Microsoft Corporation) MD5=50FB63888AE8515FAE0E4367BC16B7A8 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/21 01:29:34 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=7522FBD86A6494EFAB98AF49B12F525C -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2007/02/16 23:39:44 | 000,492,032 | ---- | M] (Microsoft Corporation) MD5=7F6F508DAE92E99B62287562F10343B1 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2007/02/16 23:39:44 | 000,492,032 | ---- | M] (Microsoft Corporation) MD5=7F6F508DAE92E99B62287562F10343B1 -- C:\WINDOWS\ServicePackFiles\amd64\mswsock.dll
[2011/03/03 11:50:58 | 000,233,472 | ---- | M] (Microsoft Corporation) MD5=8CFB662B5EECFABBFBC7F554B55CE82C -- C:\WINDOWS\SysWOW64\mswsock.dll
[2008/06/21 14:07:28 | 000,492,544 | ---- | M] (Microsoft Corporation) MD5=9A143C80CA47FC111FB565B56B2867A9 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2011/03/03 11:47:30 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=E3978EF56F355B258DE579477D253C88 -- C:\WINDOWS\$hf_mig$\KB2509553\SP2QFE\mswsock.dll

< MD5 for: SHELL32.DLL >
[2009/07/29 08:33:14 | 010,510,336 | ---- | M] (Microsoft Corporation) MD5=1FFA03BC4DC40F6CC45051BECC26FAF7 -- C:\WINDOWS\$hf_mig$\KB971029\SP2QFE\shell32.dll
[2009/02/10 06:51:54 | 010,508,288 | ---- | M] (Microsoft Corporation) MD5=37DD14EEC95194A943CAB91FB8C1DB8D -- C:\WINDOWS\$NtUninstallKB2483185$\shell32.dll
[2011/01/22 02:40:50 | 010,510,848 | ---- | M] (Microsoft Corporation) MD5=48F7890CCD327AE3B6590285A5CC19AC -- C:\WINDOWS\$hf_mig$\KB2483185\SP2QFE\shell32.dll
[2005/03/25 12:00:00 | 010,492,416 | ---- | M] (Microsoft Corporation) MD5=74913233CFE06910A8044DAEA52B44A9 -- C:\WINDOWS\$NtServicePackUninstall$\shell32.dll
[2011/01/22 02:42:58 | 008,361,984 | ---- | M] (Microsoft Corporation) MD5=7C676195C5A2F8C666E2B6DAF425484E -- C:\WINDOWS\SysWOW64\shell32.dll
[2007/02/16 23:55:08 | 010,505,728 | ---- | M] (Microsoft Corporation) MD5=8DCC7E1D8B9A4A16F9313B42665B4C2A -- C:\WINDOWS\$NtUninstallKB967715$\shell32.dll
[2007/02/16 23:55:08 | 010,505,728 | ---- | M] (Microsoft Corporation) MD5=8DCC7E1D8B9A4A16F9313B42665B4C2A -- C:\WINDOWS\ServicePackFiles\amd64\shell32.dll
[2009/02/10 06:42:38 | 010,508,800 | ---- | M] (Microsoft Corporation) MD5=92B315D70DD37DD168DEE0794325FE54 -- C:\WINDOWS\$hf_mig$\KB967715\SP2QFE\shell32.dll

< MD5 for: URLMON.DLL >
[2011/05/31 03:21:08 | 001,491,456 | ---- | M] (Microsoft Corporation) MD5=005A90609C87491754980C5AA65FED2B -- C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP2QFE\urlmon.dll
[2011/10/03 08:37:02 | 001,212,416 | ---- | M] (Microsoft Corporation) MD5=05B57588460C1A84F8D3DA849A7FD7BD -- C:\WINDOWS\SysWOW64\urlmon.dll
[2010/12/21 04:38:16 | 001,486,848 | ---- | M] (Microsoft Corporation) MD5=1CEC23DB1EB9170E7F77AF67790A3094 -- C:\WINDOWS\ie8updates\KB2497640-IE8\urlmon.dll
[2010/12/21 04:38:16 | 001,486,848 | ---- | M] (Microsoft Corporation) MD5=1CEC23DB1EB9170E7F77AF67790A3094 -- C:\WINDOWS\SoftwareDistribution\Download\44cf33bf5888f4d6a13d260e8149e72b\SP2GDR\urlmon.dll
[2010/05/06 20:00:36 | 001,487,360 | ---- | M] (Microsoft Corporation) MD5=2BDB376DF1E77BB2C396061C8F435663 -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP2QFE\urlmon.dll
[2010/05/06 20:00:36 | 001,487,360 | ---- | M] (Microsoft Corporation) MD5=2BDB376DF1E77BB2C396061C8F435663 -- C:\WINDOWS\SoftwareDistribution\Download\ed9105b5e111986564baf577b542af79\SP2QFE\urlmon.dll
[2010/05/07 08:45:30 | 001,484,288 | ---- | M] (Microsoft Corporation) MD5=343CFA92EDD39629E67AFA65EA6175D6 -- C:\WINDOWS\ie8updates\KB2482017-IE8\urlmon.dll
[2010/05/07 08:45:30 | 001,484,288 | ---- | M] (Microsoft Corporation) MD5=343CFA92EDD39629E67AFA65EA6175D6 -- C:\WINDOWS\SoftwareDistribution\Download\ed9105b5e111986564baf577b542af79\SP2GDR\urlmon.dll
[2010/12/21 11:36:40 | 001,103,360 | ---- | M] (Microsoft Corporation) MD5=429CFDE7BBBCF9CC7B0F230D46C75615 -- C:\WINDOWS\$hf_mig$\KB2482017\SP2QFE\urlmon.dll
[2007/02/17 00:00:44 | 001,088,000 | ---- | M] (Microsoft Corporation) MD5=771A3084BAD8E12447288D01ECEFFCBE -- C:\WINDOWS\ie8\urlmon.dll
[2007/02/17 00:00:44 | 001,088,000 | ---- | M] (Microsoft Corporation) MD5=771A3084BAD8E12447288D01ECEFFCBE -- C:\WINDOWS\ServicePackFiles\amd64\urlmon.dll
[2011/07/25 22:43:12 | 001,488,384 | ---- | M] (Microsoft Corporation) MD5=9129A4B51903339F8B0CEF2CBF18C929 -- C:\WINDOWS\ie8updates\KB2586448-IE8\urlmon.dll
[2011/05/31 03:24:50 | 001,488,384 | ---- | M] (Microsoft Corporation) MD5=A1286E61406EBD6926A5A01053331EBB -- C:\WINDOWS\ie8updates\KB2559049-IE8\urlmon.dll
[2011/02/23 04:07:26 | 001,490,432 | ---- | M] (Microsoft Corporation) MD5=AE01410D29B0E23A6D74377E34EE5D25 -- C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP2QFE\urlmon.dll
[2011/07/25 22:39:56 | 001,492,992 | ---- | M] (Microsoft Corporation) MD5=B38BAB79773DDDF796F9FC6190D1F751 -- C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP2QFE\urlmon.dll
[2009/03/08 03:41:10 | 001,481,728 | ---- | M] (Microsoft Corporation) MD5=C1779041C5761518ABD5A4287F49BE73 -- C:\WINDOWS\ie8updates\KB982381-IE8\urlmon.dll
[2011/02/23 04:10:24 | 001,486,848 | ---- | M] (Microsoft Corporation) MD5=CA5E11DC73E6B707B8CE263768B349F6 -- C:\WINDOWS\ie8updates\KB2530548-IE8\urlmon.dll
[2011/10/03 08:33:18 | 001,492,480 | ---- | M] (Microsoft Corporation) MD5=CF3675BD54369E3210D4FAD67133F92A -- C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP2QFE\urlmon.dll
[2010/12/21 04:33:40 | 001,489,408 | ---- | M] (Microsoft Corporation) MD5=ECF8D4AA781C89094BDDAAFC4CC031AB -- C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP2QFE\urlmon.dll
[2010/12/21 04:33:40 | 001,489,408 | ---- | M] (Microsoft Corporation) MD5=ECF8D4AA781C89094BDDAAFC4CC031AB -- C:\WINDOWS\SoftwareDistribution\Download\44cf33bf5888f4d6a13d260e8149e72b\SP2QFE\urlmon.dll
[2005/03/25 12:00:00 | 001,074,176 | ---- | M] (Microsoft Corporation) MD5=F09AC6BC546F84379BB06CDBBCE07E57 -- C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll

< MD5 for: USERINIT.EXE >
[2007/02/17 00:00:56 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=438393CC0B5122B5D988BD7BA05FE3C9 -- C:\WINDOWS\ServicePackFiles\amd64\userinit.exe
[2005/03/25 12:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=5EF907A339CAF229F3CE38909C93F53B -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2007/02/18 10:05:56 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\SysWOW64\userinit.exe

< MD5 for: WINRNR.DLL >
[2007/02/18 10:05:58 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=372097347142B42A6DD0DB68E20C37B2 -- C:\WINDOWS\SysWOW64\winrnr.dll
[2005/03/25 12:00:00 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=6EB3E6DCA6696C63F687EC31E00D7611 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2007/02/17 00:03:02 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=AF37F6996D658513E01EA049DAC2FE6B -- C:\WINDOWS\ServicePackFiles\amd64\winrnr.dll

< End of report >

#23
Ste

Posted 11 November 2011 - 04:29 AM

Member

Topic Starter
Member
240 posts

#24
RKinner

Posted 11 November 2011 - 10:08 AM

Malware Expert

Expert
24,625 posts

Copy the next line

C:\WINDOWS\SysWOW64\inetcomm.dll

Go to http://virustotal.com hit the Browse button and put the cursor down in the box next to where it says "File Name:" and hit Open. Then Send. When it finishes if it doesn't says 0/43 (or so the last number changes - we are just worried about the 0) then View Report and copy the report and paste it into a reply.

Copy this line:

reg query "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters" /s > \junk.txt

Now do:

Start, All Programs, Accessories, Command Prompt (You may have to right click and run as admin if the next step doesn't work))

In the command window, right click and Paste or Edit then Paste and the copied line should appear. Hit Enter. Now type

notepad \junk.txt

Copy the text from notepad (or attach the file C:\junk.txt) to your next reply.

Ron

#25
Ste

Posted 11 November 2011 - 12:01 PM

Member

Topic Starter
Member
240 posts

Don't know if I have done this correctly or not.
As a matter of interest I have realized that I have two versions of IE. 32bit & 64bit. It is the 32 bit version I have been using which has the problem but the 64bit version is fine.

Attached Files

inetcomm.dll result.txt 2.33KB 145 downloads
junk.txt 22.84KB 637 downloads

#26
RKinner

Posted 11 November 2011 - 12:55 PM

Malware Expert

Expert
24,625 posts

Your system is very strange. The registry entries I had you look at all point to ...\System32\ but the only active files you have with those names are in ...\SysWow64 which explains why OTL says it can't find them. What I can't understand is how it works at all as both the 32 and 64 bit entries point to the same wrong folder. I suppose since it does work they must have some way of saying if it is not where we told you then look in Syswow64.

Can you verify that you do not have a file called mswsock.dll in c:\windows\system32 ? OTL didn't find it when it looked but perhaps something is blocking it from seeing it.

Let's remove the two buttons for Babylon and the Babylon folder if it exists and do nothing else. That should work without causing any problems.

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found

:files
C:\Program Files (x86)\Babylon
     
:Commands
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Copy and Paste the log into a reply.

Ron

#27
Ste

Posted 11 November 2011 - 02:09 PM

Member

Topic Starter
Member
240 posts

Hi Ron, 'mswsock.dll' does exist where you said.

OTL.Txt 108.68KB 188 downloads

#28
RKinner

Posted 11 November 2011 - 02:21 PM

Malware Expert

Expert
24,625 posts

So apparently OTL also has trouble reading your OS. Guess that is a wild herring then.

Looks like you hit the wrong button and got a scan. Try it again with the copy and paste into the custom scan/fixes box but make sure you hit RUN FIX. I see something I didn't notice before so let's add it to the mix:

:processes
killallprocesses

:OTL
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SysWOW64\dvmurl.dll (DeviceVM Inc.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found

:files
C:\Program Files (x86)\Babylon
     
:Commands
[Reboot]

Then let's look for registry entries:

RegSeeker.
http://www.hoverdesk.net/freeware.htm
The download is where it says:
DOWNLOAD RegSeeker 1.55 (>20 languages included !)
It's a zip file so you have to save it then right click on it and Extract All then run regseeker.exe.

Select Find in Registry then have it look for Babylon. You can then select all and then right click and delete selected. It puts a copy of the stuff it removes in the backups folder which it creates below the folder it is in so if it doesn't work you can go back and replace it.

RegSeeker also has a registry cleaner but I don't really trust registry cleaners so I'd rather you didn't use it.

Ron

#29
Ste

Posted 11 November 2011 - 03:45 PM

Member

Topic Starter
Member
240 posts

Hi Ron, after 'fix' and Regseek (it found 24 references which I deleted) the Babylon search page has gone but I get an empty page now which says 'Navigation to webpage was cancelled'?

11112011_205333.log 2.25KB 204 downloads