I have recently had the above virus piucked up from a site I regularly visit and this is what has been posted on their site "For those curious to know, someone gained access to our template system and managed to insert their code. We had to dig through and find all instances of their code and remove it from our templates in addition to performing some security work to prevent future access. Hopefully no issues from here on out"
I have removed items using Malware and a;so tdsskiller however since the infection I have been unable to access the internet from my laptop - it continualy says Acquiring network address.
Would anyone be able to assist to help me ensure that I have removed the virus completely and secondly help with my internet problem?
Many thanks in advance
OTL.Txt 71.24KB 99 downloads Extras.Txt 51.69KB 101 downloads
OTL logfile created on: 30/12/2011 18:40:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Gillian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.45 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 81.74% Memory free
5.29 Gb Paging File | 4.76 Gb Available in Paging File | 90.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 119.99 Gb Free Space | 51.53% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.49 Gb Free Space | 93.42% Space Free | Partition Type: FAT32
Computer Name: E6400 | User Name: Gillian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/30 18:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/12/11 15:52:52 | 000,445,552 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
PRC - [2009/02/23 11:08:10 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/16 15:41:44 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/13 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/02/02 21:47:42 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/02/02 21:45:58 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/12/11 15:52:56 | 000,346,224 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madExcept_.bpl
MOD - [2009/12/11 15:52:56 | 000,180,848 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madBasic_.bpl
MOD - [2009/12/11 15:52:56 | 000,048,240 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madDisAsm_.bpl
MOD - [2009/12/11 15:52:52 | 000,253,552 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\ausshellext.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/09 13:46:25 | 001,122,304 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/14 00:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/14 00:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/14 00:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/14 00:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)
========== Driver Services (SafeList) ==========
DRV - [2011/12/30 18:18:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/08 15:18:09 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/23 16:00:10 | 000,241,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2011/02/16 15:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/02 21:47:32 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/02/23 11:08:10 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/16 15:41:44 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/09/22 13:40:46 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/11 10:53:22 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/06 18:42:14 | 000,530,944 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/26 04:42:16 | 000,045,696 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?rls=ig
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:6.4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 20:59:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/28 08:41:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 17:41:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 20:59:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Gillian\Application Data\IDM\idmmzcc3
[2010/01/18 21:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Extensions
[2011/02/25 20:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\4nu0v8wb.default\extensions
[2011/03/25 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\4nu0v8wb.default\extensions\[email protected]
[2011/10/27 17:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 17:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\GILLIAN\APPLICATION DATA\IDM\IDMMZCC3
[2011/10/27 17:41:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/19 21:09:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/12/22 03:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/02/25 20:51:43 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009/12/22 03:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/12/22 03:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/12/22 03:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2011/05/14 17:51:55 | 000,434,416 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 14950 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} http://www.partsaren...ns/IMIESRCH.cab (SearchCD Control)
O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky...censefinder.cab (Kaspersky License Finder)
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} http://www.partsaren...ins/GFXVIEW.cab (GrafixViewControl)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1263935527859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://cards.hallmar...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BDDADA8-A4CB-4B1E-8758-F57923403A51}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/18 20:56:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell - "" = AutoRun
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\WINDOWS\System32\
[2011/12/30 18:39:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
[2011/12/30 18:18:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/30 17:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\broadcom_v5.100.57.8
[2011/12/26 19:15:42 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gillian\Desktop\tdsskiller.exe
[2011/12/23 21:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Local Settings\Application Data\PCHealth
[2011/12/23 17:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/23 16:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/12/23 14:47:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gillian\Local Settings\Application Data\885799d3
[2011/12/17 13:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\photo frame
[2011/12/07 16:55:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gillian\Recent
[2011/11/30 19:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\rays for printing
[2011/11/30 19:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\rays photos
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Gillian\Desktop\*.tmp files -> C:\Documents and Settings\Gillian\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
File not found -- C:\WINDOWS\System32\
[2011/12/30 18:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
[2011/12/30 18:18:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/30 18:18:10 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 18:13:44 | 000,508,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/30 18:13:44 | 000,109,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/30 18:09:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 18:09:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 18:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2011/12/30 18:09:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 18:55:28 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C41D49E3-3065-492C-8C9A-34C847A14A5B}.job
[2011/12/27 18:49:38 | 083,010,992 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\R260737.exe
[2011/12/26 20:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/26 20:09:04 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-IULS0.exe
[2011/12/26 20:09:04 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-IULS0.msg
[2011/12/26 20:09:04 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-IULS0.lst
[2011/12/26 19:57:50 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-R5FB6.exe
[2011/12/26 19:57:50 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-R5FB6.msg
[2011/12/26 19:57:50 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-R5FB6.lst
[2011/12/26 17:31:16 | 000,331,075 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\FSS.exe
[2011/12/26 17:30:50 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gillian\Desktop\tdsskiller.exe
[2011/12/26 14:28:13 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
[2011/12/21 00:17:52 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\Gillian\default.pls
[2011/12/20 23:38:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/18 00:17:43 | 000,157,184 | ---- | M] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 18:19:38 | 000,416,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 15:10:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/08 15:18:09 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Gillian\Desktop\*.tmp files -> C:\Documents and Settings\Gillian\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/30 18:05:01 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/12/27 19:09:33 | 083,010,992 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\R260737.exe
[2011/12/26 20:09:04 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-IULS0.exe
[2011/12/26 20:09:04 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-IULS0.msg
[2011/12/26 20:09:04 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-IULS0.lst
[2011/12/26 19:57:50 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-R5FB6.exe
[2011/12/26 19:57:50 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-R5FB6.msg
[2011/12/26 19:57:50 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-R5FB6.lst
[2011/12/26 19:20:54 | 000,331,075 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\FSS.exe
[2011/12/26 14:28:13 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
[2011/12/14 15:06:46 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/30 00:37:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 15:51:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\CmdPrint.INI
[2011/02/12 12:27:27 | 000,031,620 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\rx_audio.Cache
[2011/02/12 12:27:27 | 000,001,080 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\rx_image32.Cache
[2011/01/25 17:03:37 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2011/01/16 15:44:34 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2011/01/16 15:44:34 | 000,001,588 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2011/01/16 15:44:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/01/07 19:11:40 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/01/07 19:11:19 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/07 19:11:15 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/01/07 19:11:15 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/07 19:11:15 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/07 19:11:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/12 20:54:26 | 000,086,496 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/14 19:08:49 | 001,401,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/25 20:58:40 | 000,023,112 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/02/24 19:50:20 | 000,164,002 | ---- | C] () -- C:\WINDOWS\hpoins36.dat
[2010/02/24 19:50:20 | 000,000,652 | ---- | C] () -- C:\WINDOWS\hpomdl36.dat
[2010/02/11 21:28:08 | 000,037,897 | ---- | C] () -- C:\Documents and Settings\Gillian\Application Data\Comma Separated Values (Windows).ADR
[2010/01/29 19:45:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/01/29 19:45:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gillian\Application Data\$_hpcst$.hpc
[2010/01/23 15:58:11 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/01/22 20:33:22 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 20:33:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/19 20:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/18 22:29:41 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/01/18 22:29:40 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/01/18 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/18 21:06:19 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/01/18 21:06:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/01/18 20:58:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 20:53:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/18 20:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/18 20:48:53 | 000,416,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/14 14:05:42 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCIta.dll
[2008/10/14 14:05:08 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCFra.dll
[2008/10/14 14:04:36 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEsp.dll
[2008/10/14 14:04:02 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEng.dll
[2008/10/14 14:03:34 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCDeu.dll
[2008/10/14 13:55:20 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXIta.dll
[2008/10/14 13:54:52 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXFra.dll
[2008/10/14 13:54:22 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXEsp.dll
[2008/10/14 13:53:48 | 000,013,776 | ---- | C] () -- C:\WINDOWS\System32\IMGFXEng.dll
[2008/10/14 13:53:18 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXDeu.dll
[2008/08/01 09:16:24 | 000,063,984 | ---- | C] () -- C:\WINDOWS\DVDRGN.EXE
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/13 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 23:00:00 | 000,508,228 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 23:00:00 | 000,109,176 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/06/18 15:00:52 | 000,070,018 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2005/04/15 03:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 03:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2002/03/17 00:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL
========== LOP Check ==========
[2011/10/15 22:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/05/05 13:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/01/29 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/07 18:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/08/07 18:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/08/07 18:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2010/12/27 23:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2011/10/15 23:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/08/07 18:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2011/02/25 20:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/15 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/01/16 16:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/08/23 17:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/02/25 20:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/07 21:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/22 19:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/19 21:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Auslogics
[2011/05/28 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/02/25 20:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\CopyTransPhoto
[2011/06/23 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\DMCache
[2011/08/06 17:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\ElevatedDiagnostics
[2010/01/19 21:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Foxit
[2010/01/29 20:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\PC Suite
[2010/08/07 19:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\proDAD
[2011/02/25 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Ringtone
[2010/01/29 19:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Samsung
[2011/10/15 23:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Ulead Systems
[2011/09/04 18:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\uTorrent
[2010/09/18 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\vShare
[2010/02/11 20:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Windows Desktop Search
[2010/02/28 11:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Windows Search
[2010/02/25 20:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\WindSolutions
[2010/02/25 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Zoner
[2011/12/30 18:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2011/12/29 18:55:28 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C41D49E3-3065-492C-8C9A-34C847A14A5B}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C232DFB
< End of report >
Edited by Essexboy, 30 December 2011 - 03:11 PM.