Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Running super slow, intermittent internet, testendonline popups, shop

Started by Maxihup , Nov 10 2011 09:18 PM

  • This topic is locked This topic is locked

#31
Maxihup
Posted 18 November 2011 - 03:11 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Did not get anymore of those messages since I did not reboot.

Here is the OTL log:


OTL logfile created on: 11/18/2011 2:42:01 PM - Run 7
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\user1\Desktop\pincodexlsnew\Med+
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 60.37% Memory free
3.77 Gb Paging File | 3.04 Gb Available in Paging File | 80.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 70.91 Gb Free Space | 47.58% Space Free | Partition Type: NTFS

Computer Name: L1 | User Name: user1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/12 12:45:24 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2011/07/06 12:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\pincodexlsnew\Med+\OTL.exe
PRC - [2011/05/25 14:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/12/30 04:23:20 | 000,874,832 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/12/21 12:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
PRC - [2010/12/16 19:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/12/16 19:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/10/06 05:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/10/06 05:56:12 | 006,265,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/06/29 11:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/06/15 11:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/04/25 00:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2009/07/17 07:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009/03/19 02:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009/03/19 02:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/10/17 08:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/18 16:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/07/03 21:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/06/15 13:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 15:22:02 | 003,776,512 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/06 18:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe
PRC - [2006/05/23 19:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 14:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 12:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\pincodexlsnew\Med+\OTL.exe
MOD - [2008/04/14 03:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- -- (r_server)
SRV - File not found [Auto | Stopped] -- -- (NetworkLog)
SRV - [2010/12/21 12:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys -- (PrismXL)
SRV - [2010/12/16 19:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/12/16 19:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/10/06 05:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/29 11:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/06/15 11:34:30 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/25 00:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/07/17 07:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009/05/07 12:52:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/19 02:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009/03/19 02:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 02:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 02:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/08/18 16:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/06/15 13:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/25 06:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/04/14 03:42:10 | 000,185,856 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 18:35:10 | 000,014,376 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe -- (DB2NTSECSERVER_TAEVAL10) DB2 Security Server (TAEVAL10)
SRV - [2006/11/06 18:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_TAEVAL10) DB2 Management Service (TAEVAL10)
SRV - [2006/05/23 19:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/03 18:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/11/16 20:24:57 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\82388117.sys -- (82388117)
DRV - [2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\54562378.sys -- (54562378)
DRV - [2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\42497254.sys -- (42497254)
DRV - [2011/07/12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/12/14 10:34:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/12/14 10:34:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/12/07 14:54:52 | 000,177,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/07 14:54:52 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/07 14:54:52 | 000,057,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/08 20:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/07/21 15:47:00 | 000,341,584 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/07/18 20:58:34 | 000,822,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/08/20 10:19:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/08/20 10:19:15 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/07/07 18:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/19 19:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/25 05:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/09/24 22:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/19 21:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/08/19 19:15:06 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 19:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/04/09 17:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 17:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 17:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 12:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 12:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/15 16:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/03 12:32:52 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/30 09:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 08:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ()
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 21:08:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/14 08:37:09 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 21:08:22 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/14 08:37:09 | 000,000,000 | ---D | M]

[2009/06/01 16:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2011/11/07 22:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions
[2011/11/04 20:58:57 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\searchplugins\askcom.xml
[2011/08/01 09:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/01 09:04:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/17 21:08:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/01 09:03:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/10/17 21:08:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/18 08:21:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [2FA.exe] File not found
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [h3onG4aQHsKfLgX] File not found
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [U6sWJ7fELgZjCk8234A] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\New Boundary\Client\LocalClient.EXE (New Boundary Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\_uninst_54562378.lnk = File not found
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\_uninst_97853193.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://access.mycom...1,2010,617,2010 (F5 Networks SuperHost Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 21:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 13:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\iPhone1,2_whited00r5_N
[2011/11/18 13:07:52 | 006,370,816 | ---- | C] (iH8sn0w) -- C:\Documents and Settings\user1\Desktop\iREB-r4.exe
[2011/11/18 11:21:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/18 09:05:24 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user1\Desktop\TDSSKiller.exe
[2011/11/18 08:05:41 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\user1\Desktop\aswMBR.exe
[2011/11/18 08:04:58 | 004,300,206 | R--- | C] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/11/17 20:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Videos
[2011/11/17 08:24:24 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\54562378.sys
[2011/11/17 08:16:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/17 08:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\g4ppmGG5sQJdE8
[2011/11/17 08:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\rIIIBrzONyxAuv2
[2011/11/17 03:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\8CBA0
[2011/11/17 03:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\samH6sWJ7E9TqYe
[2011/11/17 03:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\IIVrzONyx0v2b3m
[2011/11/17 03:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\LYXwkUVelBx0c1b
[2011/11/17 03:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\q2ibF3pnGaJd
[2011/11/16 20:24:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/16 19:23:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\Recent
[2011/11/16 17:09:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/16 17:06:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\IECompatCache
[2011/11/16 16:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\New Folder
[2011/11/16 09:14:01 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\82388117.sys
[2011/11/16 08:42:12 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\42497254.sys
[2011/11/15 10:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/15 09:50:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/14 15:38:06 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/11/14 15:26:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/10 14:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/10 14:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/11/10 14:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/11/10 14:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/10 13:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Mary Poppins Comes Back
[2011/11/10 13:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/10 13:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/10 13:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\1-Mary Poppins
[2011/11/10 13:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Not Quite a Mermaid
[2011/11/08 21:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Skype
[2011/11/08 21:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/08 21:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/08 21:29:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/08 21:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/08 09:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/11/04 20:21:17 | 000,301,696 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\UCI32A59.dll
[2011/11/04 19:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\TruePianos Settings
[2011/11/04 19:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Native Instruments
[2011/11/04 19:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Cakewalk
[2011/11/04 19:53:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/11/04 19:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2011/11/04 19:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/11/04 19:51:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2011/11/04 19:50:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2011/11/04 19:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011/11/04 19:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011/11/04 19:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Native Instruments
[2011/11/04 19:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Identities
[2011/11/04 19:21:36 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2011/11/04 19:21:35 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2011/11/04 19:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2011/11/04 19:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2011/11/04 16:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\ImgBurn
[2011/11/04 16:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/11/04 16:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/11/02 21:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Voxatron
[2011/10/22 18:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Logitech® Webcam Software
[2011/10/22 18:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2011/10/22 12:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/10/22 12:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/10/22 12:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/10/22 12:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/10/21 21:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Building_Tomorrows_Church_Orthodox_Parenting2
[2011/10/21 19:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\TechSmith
[2011/10/21 19:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Camtasia Studio
[2011/10/21 19:42:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/10/21 19:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7
[2011/10/21 19:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2011/10/21 19:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/10/21 19:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2011/10/21 19:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Bluetooth Software
[2011/10/21 19:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Bluetooth Exchange Folder
[2011/10/21 19:09:54 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/10/21 19:09:51 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/10/21 19:09:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/10/21 19:09:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/10/21 19:09:50 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011/10/21 19:09:49 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/10/21 19:09:47 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/10/21 19:09:46 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/10/21 19:09:44 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/10/21 19:09:39 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/10/21 19:09:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/10/21 19:09:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/10/21 19:09:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/10/21 19:09:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2011/10/21 19:09:30 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2011/10/21 19:09:30 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/10/21 19:09:30 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/10/21 19:09:30 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/10/21 19:09:30 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/10/21 19:09:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/10/21 19:09:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/10/21 19:09:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/10/21 19:09:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax

========== Files - Modified Within 30 Days ==========

[2011/11/18 14:44:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/18 14:40:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
[2011/11/18 14:33:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/18 13:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/18 13:09:59 | 269,659,142 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\iPhone1,2_whited00r5_N.zip
[2011/11/18 11:24:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/18 11:23:59 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/18 11:23:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/18 10:40:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
[2011/11/18 08:21:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/18 08:05:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user1\Desktop\aswMBR.exe
[2011/11/18 08:05:08 | 004,300,206 | R--- | M] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/11/18 08:04:52 | 001,545,858 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\tdsskiller.zip
[2011/11/17 21:58:14 | 002,178,054 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\KapVirscan1117.bmp
[2011/11/17 10:03:33 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\user1\Start Menu\Programs\Startup\_uninst_97853193.lnk
[2011/11/17 08:25:31 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\user1\Start Menu\Programs\Startup\_uninst_54562378.lnk
[2011/11/17 07:37:30 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/16 20:24:57 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\82388117.sys
[2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\54562378.sys
[2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\42497254.sys
[2011/11/16 12:21:12 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user1\Desktop\TDSSKiller.exe
[2011/11/15 12:21:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/11/14 18:22:57 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/11/14 16:22:15 | 000,467,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/14 16:22:15 | 000,087,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/14 15:27:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/12 20:59:30 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 11:58:12 | 000,009,446 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/11/09 10:41:49 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2011/11/08 13:32:26 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/11/08 12:50:35 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2007.lnk
[2011/11/08 09:25:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\ic.ini
[2011/11/07 09:42:30 | 000,068,928 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/04 20:25:54 | 000,337,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/04 20:22:07 | 000,652,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/04 16:50:10 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/10/25 11:51:07 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

========== Files Created - No Company Name ==========

[2011/11/18 13:07:37 | 269,659,142 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\iPhone1,2_whited00r5_N.zip
[2011/11/18 08:04:45 | 001,545,858 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\tdsskiller.zip
[2011/11/17 21:58:14 | 002,178,054 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\KapVirscan1117.bmp
[2011/11/17 10:03:32 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Startup\_uninst_97853193.lnk
[2011/11/17 08:25:31 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Startup\_uninst_54562378.lnk
[2011/11/14 15:27:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/14 15:26:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/08 09:25:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ic.ini
[2011/11/04 16:50:10 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/10/25 08:16:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/09/20 11:19:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/15 16:08:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/15 16:08:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/15 16:08:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/15 16:08:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/15 16:08:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/24 13:26:40 | 000,238,936 | ---- | C] () -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/03/25 10:24:44 | 000,186,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 20:45:27 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 13:55:52 | 000,314,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/14 10:34:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/12/14 10:34:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/12/01 13:21:43 | 000,010,579 | ---- | C] () -- C:\WINDOWS\cfgwtp.ini
[2010/07/16 14:30:12 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/14 11:49:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\winscp.rnd
[2010/07/09 13:55:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/15 13:52:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/18 12:44:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\ERK.INI
[2010/03/29 08:12:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\springsettings.cfg
[2010/01/22 14:19:21 | 000,000,571 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/01/22 14:15:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2010/01/22 14:15:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2010/01/22 14:15:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2010/01/22 14:15:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2010/01/22 14:15:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/01/22 14:15:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/01/22 14:15:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/01/22 14:15:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/01/22 14:15:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/01/22 14:15:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/01/22 14:15:22 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/12/31 15:07:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/31 15:07:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/10 18:47:59 | 000,068,928 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/27 13:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/06/27 13:47:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/27 13:47:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/27 13:47:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/06/27 13:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/27 00:06:22 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/27 00:06:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/27 00:06:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/24 10:03:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/06/01 16:23:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/28 11:21:58 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2009/05/15 17:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2009/05/15 17:17:19 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/05/07 13:16:20 | 000,009,446 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/05/07 01:46:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/07 01:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/07 01:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/07 01:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/07 01:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/05/07 01:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/04/23 06:56:40 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/23 06:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/04/23 06:56:38 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/03/19 02:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009/03/19 02:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2009/01/05 07:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/05 07:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/05 07:27:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/05 07:27:07 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/05 07:25:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/30 06:45:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/30 06:45:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/30 06:45:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/30 06:45:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/30 06:45:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/20 07:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/17 21:03:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 20:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/17 16:55:48 | 000,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/17 16:54:36 | 000,337,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 09:36:53 | 000,060,928 | ---- | C] () -- C:\WINDOWS\unleap.exe
[2008/10/17 09:29:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 09:25:30 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/17 09:22:46 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/10/17 09:22:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/10/17 09:22:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2008/10/17 09:22:46 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/10/17 09:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/10/17 09:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/10/17 09:22:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/10/17 09:22:46 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/10/17 09:22:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/10/17 09:22:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/10/17 08:32:36 | 000,199,680 | ---- | C] () -- C:\WINDOWS\System32\gptext.dll
[2008/10/17 08:31:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/10/17 08:31:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 16:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 03:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 03:42:10 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\upnphost.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 05:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 06:00:00 | 000,467,832 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 06:00:00 | 000,087,716 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/23 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >
  • 0

Advertisements

#32
maliprog
Posted 19 November 2011 - 01:01 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Maxihup,

Let's remove leftovers. Restart your system after this and test it.

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [2FA.exe] File not found
    O4 - HKLM..\Run: [h3onG4aQHsKfLgX] File not found
    O4 - HKLM..\Run: [U6sWJ7fELgZjCk8234A] File not found
    O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\_uninst_54562378.lnk = File not found
    O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\_uninst_97853193.lnk = File not found
    [2011/11/17 08:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\g4ppmGG5sQJdE8
    [2011/11/17 08:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\rIIIBrzONyxAuv2
    [2011/11/17 03:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\8CBA0
    [2011/11/17 03:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\samH6sWJ7E9TqYe
    [2011/11/17 03:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\IIVrzONyx0v2b3m
    [2011/11/17 03:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\LYXwkUVelBx0c1b
    [2011/11/17 03:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\q2ibF3pnGaJd

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#33
Maxihup
Posted 19 November 2011 - 01:06 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\2FA.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\h3onG4aQHsKfLgX deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\U6sWJ7fELgZjCk8234A deleted successfully.
C:\Documents and Settings\user1\Start Menu\Programs\Startup\_uninst_54562378.lnk moved successfully.
C:\Documents and Settings\user1\Start Menu\Programs\Startup\_uninst_97853193.lnk moved successfully.
C:\Documents and Settings\user1\Application Data\g4ppmGG5sQJdE8 folder moved successfully.
C:\Documents and Settings\user1\Application Data\rIIIBrzONyxAuv2 folder moved successfully.
C:\Program Files\8CBA0 folder moved successfully.
C:\Documents and Settings\user1\Application Data\samH6sWJ7E9TqYe folder moved successfully.
C:\Documents and Settings\user1\Application Data\IIVrzONyx0v2b3m folder moved successfully.
C:\Documents and Settings\user1\Application Data\LYXwkUVelBx0c1b folder moved successfully.
C:\Documents and Settings\user1\Application Data\q2ibF3pnGaJd folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.0 log created on 11192011_125338
  • 0

#34
Maxihup
Posted 19 November 2011 - 01:07 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Still getting an installer popping up when I hit delete...
  • 0

#35
maliprog
Posted 19 November 2011 - 01:43 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please print screen that installer for me. To do this

  • Press Alt and Print Screen button on your keyboard
  • Open Paint program
  • From the menu choose Edit then Paste
  • Now save the picture and attach it here for me.

  • 0

#36
Maxihup
Posted 19 November 2011 - 02:19 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
First this one
http://imgur.com/rDn8t

Then this

http://imgur.com/g4Zr4



Could this be a key binding or something?
  • 0

#37
maliprog
Posted 20 November 2011 - 02:25 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This is not malware related error so that is good. Let's fix this with this step.

Lets see what you have in your startup

Please click on Start and then to Run
Type in msconfig and press Enter
Now click on Startups
Then uncheck everything and press Apply button.
Restart your system now
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

If system boots correctly we have a startup problem
Try going back into msconfig and check one item and reboot
Keep doing that till you have found the problem or all are finally checked.
For your situation pay attention to entries that have Roxio CD Creator in its name. Try to disable them first.
Post back with the results
  • 0

#38
Maxihup
Posted 21 November 2011 - 11:12 AM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
We might be fixed here!

I used MSI cleanup utility to remove the lingering installer. My system is seeming like it is running normally again. Any follow up scans I should do?
  • 0

#39
maliprog
Posted 21 November 2011 - 11:24 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Maxihup,

I forget about that little utility :). Good job! We're done here.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#40
Maxihup
Posted 22 November 2011 - 04:30 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Spoke too soon. Got an alert for this today:

BKDR_CYCBOT.SMJO from C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\


Says it was deleted and cleaned but I am not sure it is all gone.
  • 0

Advertisements

#41
maliprog
Posted 23 November 2011 - 01:55 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We'll take care of it now. This should remove it.

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#42
Maxihup
Posted 23 November 2011 - 09:22 AM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Should that have switched my home page? Upon restart it changed to about.blank

Log here:

========== OTL ==========
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 11232011_090643
  • 0

#43
maliprog
Posted 23 November 2011 - 11:31 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Do you know how to switch it back? If you don't please tell me what browser you use and I'll help you with that.
  • 0

#44
Maxihup
Posted 23 November 2011 - 01:00 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I did switch it back.

Getting virus warnings for JAVA_BLACOLE.JW and JAVA_BLACOLE.VI
  • 0

#45
Maxihup
Posted 23 November 2011 - 01:02 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Posted Image
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP