1. iexplorer.exe keeps opening in the background even if I am not running the internet. I close it in Task Manager but it keeps opening up soon after. I have run Spybot Search & destroy but it does not fix the problem. I have also used several other "clean up" software but with no avail.
2. I also have a hijacked browser. When I do a search it redirects me to other sites. Again, I have run Spybot but it did not help. When I first got the virus it was redirecting me to Babylon search engine. Another issue that comes with this is that the Autosearch option in google is not working even though I have it turned on. I think this may be a result of the malware.
Here is my log
OTL logfile created on: 30/11/2011 12:42:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.76% Memory free
3.85 Gb Paging File | 3.09 Gb Available in Paging File | 80.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 60.56 Gb Free Space | 62.02% Space Free | Partition Type: NTFS
Drive E: | 200.43 Gb Total Space | 188.42 Gb Free Space | 94.01% Space Free | Partition Type: NTFS
Computer Name: TPCS200902 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/30 12:42:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/11/17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/11/09 13:27:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/04/23 11:51:28 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/06 19:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/10/06 19:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/10/06 19:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/04/14 04:42:44 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008/04/14 04:42:34 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 14:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2007/10/25 09:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 09:04:56 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 09:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/17 19:43:39 | 003,313,752 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_d768ebc.dll
MOD - [2011/11/12 17:34:39 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/09 13:27:36 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/01/18 19:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll
MOD - [2009/08/16 15:19:22 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009/06/08 00:27:11 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/02/14 04:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/03/29 00:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll
MOD - [2008/03/29 00:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\Essentials Codec Pack\Haali\mkunicode.dll
MOD - [2007/10/25 09:06:14 | 000,120,128 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML2_71.dll
MOD - [2007/10/25 09:06:06 | 000,156,992 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign2.dll
MOD - [2006/11/30 07:50:00 | 000,148,816 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/17 19:43:39 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/30 19:34:10 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/09/29 18:15:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/23 11:51:28 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/04/23 11:51:26 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/11/24 05:19:54 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/10/06 19:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/10/06 19:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/10/25 09:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/09 17:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [File_System | Disabled | Running] -- -- (MBAMProtector)
DRV - [2010/07/09 12:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2008/12/16 05:12:50 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/10/06 19:50:00 | 000,177,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/10/06 19:50:00 | 000,072,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/10/06 19:50:00 | 000,064,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/10/06 19:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/10/06 19:50:00 | 000,034,344 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/10/06 19:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/07/25 19:09:24 | 000,845,184 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/02/14 13:12:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.9.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..keyword.URL: "http://search.babylo...ver=1.4.35.10&"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/15 13:07:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/15 13:07:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files\WinZip Courier\FFExt [2011/07/14 11:30:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 13:27:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 09:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/06/10 14:10:38 | 000,000,000 | ---D | M]
[2010/06/03 13:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/02/09 18:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/28 17:42:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/06/03 13:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\[email protected]
[2011/11/24 18:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyczomwv.default\extensions
[2011/11/04 09:53:25 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyczomwv.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/01/28 17:42:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\SeaMonkey\Profiles\3t33fmnv.default\extensions
[2011/08/29 10:26:57 | 000,002,973 | -H-- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyczomwv.default\searchplugins\twitter-.xml
[2011/11/21 10:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 13:27:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 04:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/09/30 09:25:40 | 000,001,538 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/08 10:01:08 | 000,002,227 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/30 09:25:40 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/30 09:25:40 | 000,000,947 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/30 09:25:40 | 000,001,180 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/30 09:25:40 | 000,001,135 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/11/24 18:10:37 | 000,438,664 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15090 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3).ini ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A7450D3-BD12-4F2A-A392-D12F8289DDD2}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/22 11:54:23 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ce85fc10-7617-11de-9e98-002215dadddf}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/30 12:42:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/11/29 17:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Ncesoft
[2011/11/29 17:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ncesoft
[2011/11/29 17:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ncesoft
[2011/11/28 17:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aglaia Software
[2011/11/28 17:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\In House Digital Publishing
[2011/11/28 17:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\flipeffect
[2011/11/28 17:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Effect
[2011/11/28 17:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Flip Effect
[2011/11/28 17:13:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{9FD7F0A8-E2D0-451D-A869-D364D2CC3D06}
[2011/11/28 17:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\3D Issue Professional
[2011/11/28 17:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3D Issue Professional
[2011/11/28 16:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flipping Book PDF Publisher
[2011/11/28 16:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PDF Publisher
[2011/11/28 16:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Flipping Book PDF Publisher
[2011/11/28 14:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TrinityInnovations
[2011/11/27 11:46:39 | 000,000,000 | ---D | C] -- C:\aXmagFont
[2011/11/27 10:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WinZip
[2011/11/27 10:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/11/27 10:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/11/26 17:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2011/11/26 17:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/26 17:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/24 18:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/24 16:08:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/11/18 12:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/18 11:57:32 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/11/18 11:56:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/18 11:56:05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/18 11:53:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/14 13:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\SPP
[2011/11/08 11:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2011/11/08 11:00:12 | 000,114,176 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl
[2011/11/08 10:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011/11/08 10:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/11/08 10:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Systweak
[2011/11/08 10:01:07 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2011/11/05 12:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/11/05 11:39:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/11/04 12:41:22 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/11/04 12:37:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/11/04 12:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/11/03 20:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Akamai
[2011/11/03 15:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\driveridentifier
[2011/11/03 15:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Identifier
[2011/11/03 15:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Identifier
[2011/11/02 21:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/02 21:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/11/02 21:09:00 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2011/11/02 21:02:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IECompatCache
[2011/11/02 20:09:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/11/02 19:51:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\Recent(3)
[2011/11/02 16:59:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\Recent(2)
[2010/06/11 16:34:49 | 008,007,680 | ---- | C] ( ) -- C:\WINDOWS\System32\Microsoft.mshtml.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/30 12:48:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/30 12:42:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/11/30 12:35:17 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/11/30 12:07:01 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/30 12:00:01 | 000,000,484 | -H-- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2011/11/30 05:07:01 | 000,000,878 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/29 16:11:18 | 001,689,887 | ---- | M] () -- C:\Documents and Settings\User\Desktop\0fd42c8b08.pdf
[2011/11/27 11:48:23 | 000,000,191 | ---- | M] () -- C:\WINDOWS\aXmag.INI
[2011/11/27 09:39:20 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/27 09:36:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/24 18:10:37 | 000,438,664 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/24 18:03:14 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Spybot - Search & Destroy.lnk
[2011/11/24 16:09:58 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/24 11:09:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/24 11:03:34 | 000,004,625 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/24 10:58:57 | 000,438,664 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111124-181037.backup
[2011/11/24 10:52:22 | 000,438,069 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111124-105857.backup
[2011/11/21 13:07:13 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/21 13:07:13 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/07 17:58:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to firefox.exe.lnk
[2011/11/07 17:57:40 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to Photoshop.exe.lnk
[2011/11/05 16:56:45 | 000,438,069 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111124-105221.backup
[2011/11/04 12:41:18 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/11/03 14:27:31 | 000,438,069 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111105-175645.backup
[2011/11/02 21:09:11 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2011/11/02 20:49:14 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/11/02 20:46:36 | 000,000,644 | ---- | M] () -- C:\WINDOWS\pagebreeze.ini
[2011/11/02 15:38:43 | 000,445,252 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/02 15:38:42 | 000,072,810 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/29 16:11:18 | 001,689,887 | ---- | C] () -- C:\Documents and Settings\User\Desktop\0fd42c8b08.pdf
[2011/11/27 11:48:23 | 000,000,191 | ---- | C] () -- C:\WINDOWS\aXmag.INI
[2011/11/24 18:03:14 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Spybot - Search & Destroy.lnk
[2011/11/21 13:07:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/21 13:07:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/07 17:58:05 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to firefox.exe.lnk
[2011/11/07 17:57:40 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to Photoshop.exe.lnk
[2011/11/04 17:24:09 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/11/02 20:49:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/07/21 16:10:42 | 000,231,968 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/20 15:59:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/14 13:14:13 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\keyfile3.drm
[2010/12/14 18:21:26 | 000,000,325 | ---- | C] () -- C:\WINDOWS\NBMP.INI
[2010/12/14 18:19:40 | 000,000,100 | ---- | C] () -- C:\WINDOWS\NBWP.INI
[2010/12/14 18:10:25 | 000,001,159 | ---- | C] () -- C:\WINDOWS\NBCLIENT.INI
[2010/11/03 11:59:56 | 000,110,415 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/11/03 11:59:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/11/03 11:59:22 | 000,006,947 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/07/17 14:56:01 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/06/11 16:34:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CSVRes.dll
[2010/06/11 16:32:33 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll
[2010/06/11 16:32:25 | 000,544,842 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload4.dll
[2010/06/11 16:32:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\HTTPUploadDownload.dll
[2010/06/11 16:27:55 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2010/06/11 16:27:51 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LWLLHttpsUpload2.dll
[2010/01/31 12:18:08 | 000,000,644 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2010/01/31 12:18:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2010/01/28 17:48:36 | 000,000,082 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2009/12/13 15:00:50 | 000,000,768 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/11/22 00:16:19 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/09/04 14:45:50 | 000,001,901 | -H-- | C] () -- C:\WINDOWS\panose.bin
[2009/09/04 14:44:32 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/08/16 15:20:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/08/16 15:18:21 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/08/16 15:18:21 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/09 12:52:31 | 000,000,070 | ---- | C] () -- C:\WINDOWS\polite.ini
[2009/06/25 14:10:30 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/23 12:04:54 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP23.INI
[2009/04/23 11:52:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/22 12:07:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/04/22 12:06:16 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/04/22 12:01:29 | 000,000,280 | -H-- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/04/22 11:56:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/22 11:51:24 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/22 06:43:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/22 06:42:18 | 002,402,144 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 04:55:28 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 06:57:08 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 06:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,445,252 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,072,810 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011/11/28 17:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aglaia Software
[2009/11/20 11:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/11/28 17:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\flipeffect
[2011/08/15 13:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/10/29 11:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/12/06 13:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/17 15:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/08/15 13:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/04/23 11:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/27 10:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/14 11:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2009/04/23 11:50:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2011/11/28 17:13:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9FD7F0A8-E2D0-451D-A869-D364D2CC3D06}
[2009/09/29 13:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2009/09/29 18:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.ExMan
[2011/05/16 09:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DDMSettings
[2011/11/03 15:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\driveridentifier
[2010/06/11 16:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\High Impact eMail 5
[2010/06/11 16:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LiveMetrics
[2011/11/28 16:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PDF Publisher
[2009/08/16 15:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\pdf995
[2010/07/17 15:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2011/11/09 11:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Systweak
[2009/06/08 14:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thomson Learning
[2010/02/09 18:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird
[2011/11/28 17:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TrinityInnovations
[2009/04/23 11:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2011/11/30 12:00:01 | 000,000,484 | -H-- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
========== Purity Check ==========
< End of report >