Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

think i've been hijacked OTL log here Please help!

Started by sharpp442 , Nov 24 2011 12:57 AM

  • Please log in to reply

#1
sharpp442
Posted 24 November 2011 - 12:57 AM

sharpp442

    New Member

  • Member
  • Pip
  • 1 posts
if you could please take a look and see if you see anything odd in my OTL log.I have ran microsoft Security Essentials ( full scan ) several times and nothing shows up.but about every hour i get the same virus over and over again even though i remove it each time.This is the virus ( Trojan:Win32/Vundo.gen!AU )
they keep showing up in my C:\windows\temp this is what they show up as ( ixu8C7.tmp )or(ixu206C.tmp),(ixu618F.tmp)

Thanks in advance


OTL logfile created on: 11/24/2011 1:12:23 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\walmart\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 59.48% Memory free
5.96 Gb Paging File | 4.69 Gb Available in Paging File | 78.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 90.28 Gb Free Space | 61.17% Space Free | Partition Type: NTFS

Computer Name: SHARPP442 | User Name: walmart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 23:41:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\walmart\Downloads\OTL.exe
PRC - [2011/11/11 14:38:54 | 003,761,998 | ---- | M] () -- C:\Windows\System32\winedit.exe
PRC - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/10/08 17:34:22 | 004,441,944 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/28 14:46:56 | 003,380,624 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,761,232 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\AutoSweep.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/07 17:32:24 | 002,861,376 | ---- | M] (Reviversoft, (www.reviversoft.com)) -- C:\Program Files\Reviversoft\Driver Reviver\DriverReviver.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/04/27 22:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/04/26 20:56:10 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 12:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/12/03 18:51:38 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 10:58:37 | 000,518,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\6033cf440f9bb78656b2a0f9de3818f5\TCrdMain.ni.exe
MOD - [2011/10/13 15:36:01 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 15:35:50 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 15:35:20 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 15:35:18 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/13 15:34:57 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/13 15:34:40 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 15:34:36 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 15:34:27 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/05/28 14:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011/05/28 14:46:58 | 000,846,736 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\Scan.dll
MOD - [2011/05/28 14:46:58 | 000,561,184 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\sqlite3.dll
MOD - [2011/05/28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 14:46:58 | 000,055,184 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\NtfsData.dll
MOD - [2011/05/28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011/05/28 14:46:56 | 000,596,368 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\DiskMap.dll
MOD - [2011/01/07 17:32:20 | 000,324,928 | ---- | M] () -- C:\Program Files\Reviversoft\Driver Reviver\asohtm.dll
MOD - [2010/07/07 17:25:42 | 000,168,448 | ---- | M] () -- C:\Program Files\Reviversoft\Driver Reviver\unrar.dll
MOD - [2007/04/23 12:38:08 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll
MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/11/09 20:27:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/11/08 20:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/11 14:38:54 | 003,761,998 | ---- | M] () [Auto | Running] -- C:\Windows\System32\winedit.exe -- (winedit.exe)
SRV - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/27 22:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/11/23 22:48:13 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{091101F6-6E43-4DED-B6A0-5A36809A6085}\MpKsl58108aed.sys -- (MpKsl58108aed)
DRV - [2011/10/08 17:04:26 | 000,018,768 | ---- | M] () [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/09/20 14:28:42 | 000,019,792 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/09/20 14:28:36 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/09/08 15:40:24 | 000,363,112 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/21 19:14:40 | 002,171,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/06/30 18:01:04 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2010/02/11 02:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/21 13:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/19 20:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2009/03/27 20:55:28 | 000,116,224 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ubohci.sys -- (ubohci)
DRV - [2009/03/27 20:50:36 | 000,046,592 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2009/03/27 20:50:06 | 000,017,408 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\UBSBM.sys -- (ubsbm)
DRV - [2009/02/19 08:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/05/07 10:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/27 22:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/02/08 03:53:58 | 000,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/12/20 14:31:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 22:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/30 11:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/02/14 13:50:00 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/09/27 18:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\walmart\Pictures
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\walmart\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\walmart\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/22 19:51:50 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\walmart\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\walmart\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\walmart\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Word Search Puzzle = C:\Users\walmart\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: Memory V = C:\Users\walmart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cchmpncjegglijfajfdkijbcbkdjdlcp\1_0\
CHR - Extension: Oooze = C:\Users\walmart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckaabiccglocbephmbddeoeemjecmjka\1_0\
CHR - Extension: Match 3 Jewel = C:\Users\walmart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghdegjlpobfkmhckfeefhinbiicbelbe\1.0_0\
CHR - Extension: Bubble Shooter = C:\Users\walmart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.0_0\
CHR - Extension: Bricks Breaking Hex = C:\Users\walmart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbjndbdmgacjmpggodhceemhgnildnl\1_0\
CHR - Extension: Bricks Breaking II = C:\Users\walmart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkilohnlkjflbagiepkddibpggalhcke\1_0\
CHR - Extension: Math Lines = C:\Users\walmart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndckelglpanpljjmifdfjebpoabidpe\1_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [crtcpl.dll] rundll32.exe "C:\Windows\TEMP\crtcpl.dll",watch File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA05929C-3463-4ACA-A548-C3CA07E56377}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{678efe7d-28a2-11e0-9cbd-001b3813c7b9}\Shell - "" = AutoRun
O33 - MountPoints2\{678efe7d-28a2-11e0-9cbd-001b3813c7b9}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 23:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/21 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Roaming\Reviversoft
[2011/11/21 14:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft
[2011/11/21 14:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Reviversoft
[2011/11/21 12:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2011/11/19 14:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/11/19 14:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/11/18 18:21:23 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Roaming\MusicNet
[2011/11/18 18:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/11/18 18:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2011/11/14 16:20:48 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Roaming\Garmin
[2011/11/14 14:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011/11/13 10:25:43 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{747CEC04-C6DB-46A1-82DF-398E48FEF697}
[2011/11/12 13:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/04 12:13:35 | 000,363,112 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2011/11/03 09:45:25 | 000,000,000 | ---D | C] -- C:\Windows\registration
[2011/11/03 09:45:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/25 19:33:34 | 000,000,000 | ---D | C] -- C:\Users\walmart\Desktop\Movies Not Watched Yet
[22 C:\Users\walmart\AppData\Roaming\*.tmp files -> C:\Users\walmart\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/24 01:15:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1028498401-1361830501-3178196066-1000UA.job
[2011/11/24 01:14:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/24 00:48:08 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 00:48:08 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 00:15:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1028498401-1361830501-3178196066-1000Core.job
[2011/11/23 23:42:17 | 000,000,526 | ---- | M] () -- C:\Users\walmart\Desktop\OTL.exe.lnk
[2011/11/23 22:55:01 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/23 22:55:01 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/23 22:48:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/23 22:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/23 22:35:07 | 000,000,569 | ---- | M] () -- C:\Users\walmart\Desktop\HijackThis.exe.lnk
[2011/11/23 21:13:01 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/11/22 13:00:18 | 000,021,803 | ---- | M] () -- C:\Windows\System32\GnuHashes.ini
[2011/11/21 23:22:14 | 000,274,707 | ---- | M] () -- C:\Users\walmart\AppData\Local\census.cache
[2011/11/21 23:22:13 | 000,209,561 | ---- | M] () -- C:\Users\walmart\AppData\Local\ars.cache
[2011/11/21 14:36:44 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Driver Reviver.lnk
[2011/11/21 14:36:44 | 000,001,066 | ---- | M] () -- C:\Users\walmart\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Reviver.lnk
[2011/11/21 12:14:32 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2011/11/21 10:40:10 | 000,166,912 | ---- | M] () -- C:\Users\walmart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/19 14:02:37 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/11/19 14:02:37 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/11/18 18:03:30 | 000,000,935 | ---- | M] () -- C:\Users\walmart\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2011/11/18 18:03:30 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2011/11/18 12:16:48 | 000,002,063 | ---- | M] () -- C:\Users\walmart\Desktop\Google Chrome.lnk
[2011/11/18 12:16:48 | 000,002,025 | ---- | M] () -- C:\Users\walmart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/11 14:38:54 | 003,761,998 | ---- | M] () -- C:\Windows\System32\winedit.exe
[2011/11/05 19:15:06 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow RegCleaner 2011.lnk
[22 C:\Users\walmart\AppData\Roaming\*.tmp files -> C:\Users\walmart\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/23 23:42:17 | 000,000,526 | ---- | C] () -- C:\Users\walmart\Desktop\OTL.exe.lnk
[2011/11/23 22:35:07 | 000,000,569 | ---- | C] () -- C:\Users\walmart\Desktop\HijackThis.exe.lnk
[2011/11/21 22:54:37 | 000,274,707 | ---- | C] () -- C:\Users\walmart\AppData\Local\census.cache
[2011/11/21 22:54:25 | 000,209,561 | ---- | C] () -- C:\Users\walmart\AppData\Local\ars.cache
[2011/11/21 14:36:44 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\Driver Reviver.lnk
[2011/11/21 14:36:44 | 000,001,066 | ---- | C] () -- C:\Users\walmart\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Reviver.lnk
[2011/11/21 12:14:32 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2011/11/20 23:29:33 | 003,761,998 | ---- | C] () -- C:\Windows\System32\winedit.exe
[2011/11/19 14:02:37 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/11/19 14:02:37 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/11/18 18:03:30 | 000,000,935 | ---- | C] () -- C:\Users\walmart\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2011/11/18 18:03:30 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2011/11/04 12:13:35 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/09/12 18:00:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/09/08 16:21:12 | 000,061,678 | ---- | C] () -- C:\Users\walmart\AppData\Roaming\PFP120JPR.{PB
[2011/09/08 16:21:12 | 000,012,358 | ---- | C] () -- C:\Users\walmart\AppData\Roaming\PFP120JCM.{PB
[2011/08/23 21:37:34 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2011/08/23 21:37:34 | 000,090,784 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2011/08/20 19:50:22 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/20 19:50:17 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/20 19:50:17 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/08/20 19:50:16 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/06/05 12:09:26 | 000,000,036 | ---- | C] () -- C:\Users\walmart\AppData\Local\housecall.guid.cache
[2011/05/13 12:46:29 | 000,000,000 | ---- | C] () -- C:\Users\walmart\AppData\Roaming\wklnhst.dat
[2011/05/09 08:47:28 | 000,021,803 | ---- | C] () -- C:\Windows\System32\GnuHashes.ini
[2011/05/05 10:32:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/19 13:35:26 | 000,000,680 | ---- | C] () -- C:\Users\walmart\AppData\Local\d3d9caps.dat
[2010/10/10 13:44:24 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2010/10/10 13:44:24 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/07/19 18:11:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/07/19 18:11:17 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/07/05 18:26:44 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/03/26 17:31:18 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2010/03/25 19:03:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/25 19:03:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/21 16:58:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/20 17:28:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/07 17:04:01 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/23 17:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/01/19 13:16:53 | 000,166,912 | ---- | C] () -- C:\Users\walmart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/05/16 20:40:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/16 20:40:55 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/16 20:40:55 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/16 20:40:55 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/16 20:40:55 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/16 20:40:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/16 19:46:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/16 19:30:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/05/16 19:15:16 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/16 19:15:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/16 19:15:16 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/16 19:15:16 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/05/16 19:13:14 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/05/16 19:13:14 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/16 19:13:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2007/04/24 23:57:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/04/24 23:32:44 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2006/12/05 15:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,326,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 16:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/06/12 17:52:09 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\aignes
[2011/04/28 15:21:39 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\AVG10
[2011/04/28 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\CBS Interactive
[2011/08/17 16:53:08 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\FixCleaner
[2011/11/14 16:20:48 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\Garmin
[2011/05/22 11:36:16 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\GetRightToGo
[2011/06/12 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\IObit
[2011/11/18 18:21:23 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\MusicNet
[2011/04/28 13:59:23 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\OpenCandy
[2008/01/19 21:15:59 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\PlayFirst
[2011/11/21 14:36:59 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\Reviversoft
[2011/08/20 17:12:34 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\Sammsoft
[2011/09/12 13:10:01 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\Shareaza
[2010/07/25 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\toshiba
[2011/08/20 17:22:51 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\TweakNow RegCleaner 2011
[2011/06/30 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\Ulead Systems
[2010/12/17 10:58:43 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\WildTangent
[2008/01/19 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\WinBatch
[2011/11/23 22:47:20 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\walmart\Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\walmart\Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP