Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect and slow comp [Closed]


  • This topic is locked This topic is locked

#1
CMiz2184

CMiz2184

    Member

  • Member
  • PipPip
  • 12 posts
Hello,
I have had the good redirect problem for about a month. It wasnt too bad at first, but it keeps getting worse. My computer is also taking longer to boot up, and is slower to load programs. I have copied the otl log below...Thanks for your help.

OTL logfile created on: 1/10/2012 9:42:08 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mizurak\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 83.00 Mb Available Physical Memory | 8.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.68 Gb Total Space | 78.19 Gb Free Space | 73.98% Space Free | Partition Type: NTFS
Drive D: | 3.63 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIZURAK | User Name: Mizurak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 15:03:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/08 21:00:16 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/08 21:00:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/31 09:44:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mizurak\My Documents\Downloads\OTL.exe
PRC - [2010/08/02 15:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/30 14:13:06 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/03/17 15:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010/03/17 15:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2010/03/17 15:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/12 10:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/29 06:50:40 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/04/06 14:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2001/07/25 09:00:00 | 000,184,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\Money Express.exe
PRC - [2001/07/25 09:00:00 | 000,049,206 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\urlmap.exe


========== Modules (SafeList) ==========

MOD - [2011/03/31 09:44:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mizurak\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2012/01/08 21:00:16 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/08 21:00:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/09/12 00:58:40 | 000,258,048 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe -- (Franson GpsGate 2.0)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2012/01/08 21:00:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/08 21:00:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/01/13 07:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 08:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 11:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/07 10:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/11/23 12:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/11/19 13:33:20 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/02/19 13:22:52 | 000,127,744 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ArcHlp.sys -- (archlp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/04/26 16:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/04/03 21:00:56 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/14 08:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 08:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 08:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 20:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 20:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 20:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {527545F4-4A2D-443B-8E8A-7BBF04EF1D00}:1.9.1


FF - HKLM\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 15:03:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 20:39:54 | 000,000,000 | ---D | M]

[2008/09/18 16:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Extensions
[2011/12/17 17:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions
[2011/12/08 18:46:33 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/09/30 17:40:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/17 20:59:52 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/21 11:43:19 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/12/17 17:02:40 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\[email protected]
[2010/05/14 10:45:20 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\aim-search.xml
[2007/10/25 12:29:02 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\aolsearch.xml
[2008/10/29 04:13:46 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\conduit.xml
[2008/01/12 13:06:21 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\siteadvisor.xml
[2011/11/11 16:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2012/01/10 15:03:20 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/28 13:23:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2011/01/28 13:23:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/10/19 15:46:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2006/04/11 08:28:57 | 001,711,104 | ---- | M] (Oklahoma Climatological Survey) -- C:\Program Files\Mozilla Firefox\plugins\NPWXM32.DLL
[2008/06/03 00:35:57 | 000,002,275 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\aolsearch.xml
[2011/10/14 11:45:22 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2007/12/12 22:32:57 | 000,000,897 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\livecom.png
[2007/12/12 22:32:57 | 000,001,015 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\livecom.src
[2011/11/11 16:00:43 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/10 21:23:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mizurak\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mizurak\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/06/19 17:13:38 | 000,000,134 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 21:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mizurak\Desktop\tdsskiller
[2012/01/10 21:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mizurak\Desktop\GooredFix Backups
[2012/01/10 21:29:54 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mizurak\Desktop\GooredFix.exe
[2012/01/10 21:23:24 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/10 21:22:40 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mizurak\Desktop\OTM.exe
[2012/01/10 20:55:29 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\jbf.exe
[2012/01/09 23:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2012/01/09 22:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/01/09 22:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/01/09 21:05:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/01/09 20:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/01/09 20:14:21 | 000,356,352 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\eho.exe
[2012/01/09 20:14:16 | 000,356,352 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\mgm.exe
[2012/01/09 17:01:40 | 000,000,000 | ---D | C] -- C:\640eefe345385bf0f2e3aba23a
[2012/01/09 16:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/01/06 17:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/06 16:50:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mizurak\Start Menu\Programs\Administrative Tools
[2012/01/06 10:18:38 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mizurak\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/06 10:09:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mizurak\Recent
[2011/12/21 19:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\Cdcrtserv

========== Files - Modified Within 30 Days ==========

[2012/01/10 21:49:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/10 21:49:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/10 21:31:21 | 001,953,091 | ---- | M] () -- C:\Documents and Settings\Mizurak\Desktop\tdsskiller.zip
[2012/01/10 21:29:54 | 000,462,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/10 21:29:54 | 000,080,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/10 21:29:49 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mizurak\Desktop\GooredFix.exe
[2012/01/10 21:28:49 | 007,192,576 | ---- | M] () -- C:\Documents and Settings\Mizurak\My Documents\Chris.mny
[2012/01/10 21:25:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/10 21:25:00 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/10 21:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 21:23:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/10 21:22:29 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mizurak\Desktop\OTM.exe
[2012/01/10 20:55:30 | 000,001,050 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3yr65w7rs8
[2012/01/10 20:55:30 | 000,001,050 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3yr65w7rs8
[2012/01/09 22:30:11 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/01/09 22:30:08 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/01/09 21:05:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/01/09 20:46:12 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/09 20:14:22 | 000,001,022 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\8an57v1bf5
[2012/01/09 20:14:22 | 000,001,022 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8an57v1bf5
[2012/01/09 20:14:21 | 000,356,352 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\eho.exe
[2012/01/09 20:14:16 | 000,356,352 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\mgm.exe
[2012/01/09 17:26:17 | 000,325,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/08 21:00:19 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/01/08 21:00:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/01/06 11:47:46 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Mizurak\Desktop\Shortcut to firefox.exe.lnk
[2012/01/06 11:46:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mizurak\My Documents\MBR.dat
[2012/01/06 10:19:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 10:18:38 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mizurak\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/04 18:22:22 | 000,001,338 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3rf20f2um0
[2012/01/04 12:08:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/02 22:32:03 | 000,001,322 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\g74vb3v01u
[2011/12/17 18:03:56 | 000,000,772 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/12/15 21:54:01 | 000,001,088 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\65b4q172y0fpr8m52k2ok
[2011/12/12 21:27:33 | 001,076,110 | ---- | M] () -- C:\Documents and Settings\Mizurak\Desktop\freqfish.jpg
[2011/12/12 21:27:05 | 001,183,297 | ---- | M] () -- C:\Documents and Settings\Mizurak\Desktop\freqfish.ai

========== Files Created - No Company Name ==========

[2012/01/10 21:31:00 | 001,953,091 | ---- | C] () -- C:\Documents and Settings\Mizurak\Desktop\tdsskiller.zip
[2012/01/10 20:55:30 | 000,001,050 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3yr65w7rs8
[2012/01/10 20:55:30 | 000,001,050 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3yr65w7rs8
[2012/01/09 22:30:08 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/01/09 20:55:39 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/01/09 20:14:22 | 000,001,022 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\8an57v1bf5
[2012/01/09 20:14:22 | 000,001,022 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8an57v1bf5
[2012/01/09 17:48:22 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/06 17:11:49 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2012/01/06 17:11:49 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk
[2012/01/06 17:11:49 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/01/06 17:11:49 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/01/06 17:11:49 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/01/06 17:11:27 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Musicmatch Jukebox.lnk
[2012/01/06 17:11:27 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Virtual Earth.lnk
[2012/01/06 17:11:27 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk
[2012/01/06 17:11:27 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Offshore Navigator.lnk
[2012/01/06 17:11:27 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/06 17:11:27 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/06 17:11:27 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/06 17:11:26 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2002.lnk
[2012/01/06 17:11:26 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/06 17:11:26 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/06 17:11:26 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk
[2012/01/06 17:11:26 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2012/01/06 17:11:26 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2012/01/06 17:11:25 | 000,002,142 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Illustrator CS.lnk
[2012/01/06 17:11:25 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2012/01/06 17:11:25 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/06 17:11:24 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2012/01/06 17:11:24 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/01/06 17:11:24 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/01/06 17:11:24 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2012/01/06 17:11:24 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.lnk
[2012/01/06 17:11:24 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/01/06 17:11:24 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/06 17:11:24 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/06 17:11:24 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/06 17:11:24 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/06 17:11:23 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/01/06 17:11:23 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9 Editor.lnk
[2012/01/06 17:11:23 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Franson GpsGate 2.6.lnk
[2012/01/06 17:11:23 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9.lnk
[2012/01/06 17:11:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/06 17:11:23 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2012/01/06 17:11:23 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2012/01/06 17:11:23 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/01/06 17:11:23 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Offshore Navigator.lnk
[2012/01/06 17:11:23 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/06 17:11:23 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LoranGPS.lnk
[2012/01/06 11:47:46 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Mizurak\Desktop\Shortcut to firefox.exe.lnk
[2012/01/06 11:28:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mizurak\My Documents\MBR.dat
[2012/01/06 10:19:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/04 18:22:22 | 000,001,338 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3rf20f2um0
[2012/01/02 22:32:03 | 000,001,322 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\g74vb3v01u
[2011/12/15 21:54:01 | 000,001,088 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\65b4q172y0fpr8m52k2ok
[2011/12/06 20:25:21 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/06 20:36:18 | 000,012,434 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\bw52mhcyw1t2ljbudg4qdjf
[2011/07/06 20:36:18 | 000,012,434 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bw52mhcyw1t2ljbudg4qdjf
[2011/05/12 19:30:50 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\1i1iov1aj0j32i5
[2011/05/12 19:30:50 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1i1iov1aj0j32i5
[2011/04/29 20:06:22 | 000,013,478 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/29 20:06:22 | 000,013,478 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/07 16:56:25 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wsusihire.dat
[2011/04/07 16:56:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jfexujolije.bin
[2011/03/31 21:51:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/31 21:51:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/31 21:51:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/31 21:51:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/31 21:51:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/02 19:40:08 | 000,127,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\ArcHlp.sys
[2010/10/07 19:23:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/07/24 18:01:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/18 22:32:34 | 000,002,328 | ---- | C] () -- C:\WINDOWS\Contour.INI
[2008/09/12 00:58:50 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\GpsGateComClient.dll
[2008/09/12 00:56:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\GateApiXP.dll
[2008/06/09 20:02:21 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/11/10 18:40:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/19 16:47:54 | 000,000,791 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/02/01 17:15:54 | 000,372,736 | R--- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2007/02/01 17:15:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/01/29 19:46:29 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/29 19:46:29 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/12/01 15:47:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/11/05 21:22:52 | 000,291,601 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2006/10/08 14:06:10 | 000,032,200 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/10/08 14:06:10 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/10/08 14:06:09 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/10/08 14:06:09 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/10/08 14:03:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR320.ini
[2006/10/08 14:03:26 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/10/07 20:31:30 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/16 20:56:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/12 20:30:01 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A4CDBF4FD7.sys
[2006/09/12 20:30:00 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/07 21:01:30 | 000,003,635 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/07 19:37:53 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\fusioncache.dat
[2006/09/01 21:47:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 21:33:14 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/01 21:30:03 | 000,004,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/01 21:28:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/01 21:26:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/01 21:22:08 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/01 20:53:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/01 20:53:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/01 20:52:01 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/03 21:00:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\FransonRegistryRestoration.exe
[2005/09/21 13:05:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\GpsToolsXP.dll
[2005/09/21 13:05:30 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\GpsViewXP.dll
[2005/09/21 13:05:30 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\MapLibXP.dll
[2005/09/21 13:05:28 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\GpsShapeXP.dll
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,325,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,462,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,080,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 10:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2007/10/23 21:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/12/06 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/01/09 21:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/09/28 19:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2006/09/12 20:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2006/09/22 19:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/01/30 11:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/09 22:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/09/28 19:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2012/01/10 21:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/31 21:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/04 20:41:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{13953265-A71E-4F4B-BB43-3E5917DC296C}
[2011/03/28 18:48:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{54382947-1603-4034-9E59-B73270A1EB55}
[2006/09/16 21:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\acccore
[2007/11/03 18:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\Canon
[2011/01/28 13:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\Catalina Marketing Corp
[2007/10/23 21:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\DassaultSystemes
[2011/07/06 18:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\ElevatedDiagnostics
[2010/06/28 21:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\Facebook
[2010/05/19 19:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\GARMIN
[2007/01/29 00:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\InterVideo
[2006/10/08 14:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\Leadertech
[2010/11/04 19:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\PCToolsFirewallPlus
[2006/09/22 19:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\PlayFirst
[2007/05/02 15:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\SecondLife
[2010/09/29 15:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\Teleca

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >
  • 0

Advertisements


#2
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello CMiz2184 and welcome to G2G. :)

Sorry about the delay, do you still need help?
  • 0

#3
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello,
Yes i do still need help....thanks
  • 0

#4
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi CMiz2184,

Please run another scan with OTL and post the new report for my review. Also please do the instructions below:


1. Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note: Do not install Avast anti virus when offered.


2. Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.
  • 0

#5
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 1/18/2012 8:18:37 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mizurak\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 284.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.68 Gb Total Space | 77.97 Gb Free Space | 73.77% Space Free | Partition Type: NTFS
Drive D: | 3.63 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIZURAK | User Name: Mizurak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/08 21:00:16 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/08 21:00:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/31 09:44:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mizurak\My Documents\Downloads\OTL.exe
PRC - [2010/08/02 15:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/30 14:13:06 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/03/17 15:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010/03/17 15:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2010/03/17 15:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/12 10:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/29 06:50:40 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/04/06 14:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2001/07/25 09:00:00 | 000,184,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\Money Express.exe
PRC - [2001/07/25 09:00:00 | 000,049,206 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\urlmap.exe


========== Modules (SafeList) ==========

MOD - [2011/03/31 09:44:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mizurak\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2012/01/08 21:00:16 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/08 21:00:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/09/12 00:58:40 | 000,258,048 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe -- (Franson GpsGate 2.0)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2012/01/08 21:00:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/08 21:00:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/01/13 07:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 08:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 11:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/07 10:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/11/23 12:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/11/19 13:33:20 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/02/19 13:22:52 | 000,127,744 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ArcHlp.sys -- (archlp)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2007/02/25 11:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/04/26 16:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/04/03 21:00:56 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/14 08:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 08:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 08:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 20:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 20:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 20:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {527545F4-4A2D-443B-8E8A-7BBF04EF1D00}:1.9.1


FF - HKLM\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 15:03:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 20:39:54 | 000,000,000 | ---D | M]

[2008/09/18 16:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Extensions
[2011/12/17 17:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions
[2011/12/08 18:46:33 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/09/30 17:40:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/17 20:59:52 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/21 11:43:19 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/12/17 17:02:40 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\[email protected]
[2010/05/14 10:45:20 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\aim-search.xml
[2007/10/25 12:29:02 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\aolsearch.xml
[2008/10/29 04:13:46 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\conduit.xml
[2008/01/12 13:06:21 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\siteadvisor.xml
[2011/11/11 16:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2012/01/10 15:03:20 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/28 13:23:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2011/01/28 13:23:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/10/19 15:46:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2006/04/11 08:28:57 | 001,711,104 | ---- | M] (Oklahoma Climatological Survey) -- C:\Program Files\Mozilla Firefox\plugins\NPWXM32.DLL
[2008/06/03 00:35:57 | 000,002,275 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\aolsearch.xml
[2011/10/14 11:45:22 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2007/12/12 22:32:57 | 000,000,897 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\livecom.png
[2007/12/12 22:32:57 | 000,001,015 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\livecom.src
[2011/11/11 16:00:43 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mizurak\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mizurak\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/06/19 17:13:38 | 000,000,134 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 21:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mizurak\Desktop\tdsskiller
[2012/01/10 21:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mizurak\Desktop\GooredFix Backups
[2012/01/10 21:29:54 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mizurak\Desktop\GooredFix.exe
[2012/01/10 21:23:24 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/10 21:22:40 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mizurak\Desktop\OTM.exe
[2012/01/09 23:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2012/01/09 22:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/01/09 22:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/01/09 21:05:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/01/09 20:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/01/09 17:01:40 | 000,000,000 | ---D | C] -- C:\640eefe345385bf0f2e3aba23a
[2012/01/09 16:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/01/08 21:08:15 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/01/08 21:07:50 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/01/08 21:06:20 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2012/01/08 21:06:14 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/01/06 17:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/06 16:50:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mizurak\Start Menu\Programs\Administrative Tools
[2012/01/06 10:18:38 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mizurak\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/06 10:09:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mizurak\Recent
[2011/12/21 19:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\Cdcrtserv

========== Files - Modified Within 30 Days ==========

[2012/01/18 08:15:21 | 000,462,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/18 08:15:21 | 000,080,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/18 08:13:53 | 007,192,576 | ---- | M] () -- C:\Documents and Settings\Mizurak\My Documents\Chris.mny
[2012/01/18 08:11:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/18 08:10:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/18 08:10:15 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 08:10:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 21:49:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/10 21:31:21 | 001,953,091 | ---- | M] () -- C:\Documents and Settings\Mizurak\Desktop\tdsskiller.zip
[2012/01/10 21:29:49 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mizurak\Desktop\GooredFix.exe
[2012/01/10 21:22:29 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mizurak\Desktop\OTM.exe
[2012/01/10 20:55:30 | 000,001,050 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3yr65w7rs8
[2012/01/10 20:55:30 | 000,001,050 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3yr65w7rs8
[2012/01/10 20:55:29 | 000,381,440 | ---- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\jbf.exe
[2012/01/09 22:30:11 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/01/09 22:30:08 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/01/09 21:05:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/01/09 20:46:12 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/09 20:14:22 | 000,001,022 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\8an57v1bf5
[2012/01/09 20:14:22 | 000,001,022 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8an57v1bf5
[2012/01/09 20:14:21 | 000,356,352 | ---- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\eho.exe
[2012/01/09 20:14:16 | 000,356,352 | ---- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\mgm.exe
[2012/01/09 17:26:17 | 000,325,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/08 21:00:19 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/01/08 21:00:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/01/06 11:47:46 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Mizurak\Desktop\Shortcut to firefox.exe.lnk
[2012/01/06 11:46:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mizurak\My Documents\MBR.dat
[2012/01/06 10:19:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 10:18:38 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mizurak\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/04 18:22:22 | 000,001,338 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3rf20f2um0
[2012/01/04 12:08:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/02 22:32:03 | 000,001,322 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\g74vb3v01u

========== Files Created - No Company Name ==========

[2012/01/10 21:31:00 | 001,953,091 | ---- | C] () -- C:\Documents and Settings\Mizurak\Desktop\tdsskiller.zip
[2012/01/10 20:55:30 | 000,001,050 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3yr65w7rs8
[2012/01/10 20:55:30 | 000,001,050 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3yr65w7rs8
[2012/01/10 20:55:29 | 000,381,440 | ---- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\jbf.exe
[2012/01/09 22:30:08 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/01/09 20:55:39 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/01/09 20:14:22 | 000,001,022 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\8an57v1bf5
[2012/01/09 20:14:22 | 000,001,022 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8an57v1bf5
[2012/01/09 20:14:21 | 000,356,352 | ---- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\eho.exe
[2012/01/09 20:14:16 | 000,356,352 | ---- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\mgm.exe
[2012/01/09 17:48:22 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/06 17:11:49 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2012/01/06 17:11:49 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk
[2012/01/06 17:11:49 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/01/06 17:11:49 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/01/06 17:11:49 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/01/06 17:11:27 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Musicmatch Jukebox.lnk
[2012/01/06 17:11:27 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Virtual Earth.lnk
[2012/01/06 17:11:27 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk
[2012/01/06 17:11:27 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Offshore Navigator.lnk
[2012/01/06 17:11:27 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/06 17:11:27 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/06 17:11:27 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/06 17:11:26 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2002.lnk
[2012/01/06 17:11:26 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/06 17:11:26 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/06 17:11:26 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk
[2012/01/06 17:11:26 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2012/01/06 17:11:26 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2012/01/06 17:11:25 | 000,002,142 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Illustrator CS.lnk
[2012/01/06 17:11:25 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2012/01/06 17:11:25 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/06 17:11:24 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2012/01/06 17:11:24 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/01/06 17:11:24 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/01/06 17:11:24 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2012/01/06 17:11:24 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.lnk
[2012/01/06 17:11:24 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/01/06 17:11:24 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/06 17:11:24 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/06 17:11:24 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/06 17:11:24 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/06 17:11:23 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/01/06 17:11:23 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9 Editor.lnk
[2012/01/06 17:11:23 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Franson GpsGate 2.6.lnk
[2012/01/06 17:11:23 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9.lnk
[2012/01/06 17:11:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/06 17:11:23 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2012/01/06 17:11:23 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2012/01/06 17:11:23 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/01/06 17:11:23 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Offshore Navigator.lnk
[2012/01/06 17:11:23 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/06 17:11:23 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LoranGPS.lnk
[2012/01/06 11:47:46 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Mizurak\Desktop\Shortcut to firefox.exe.lnk
[2012/01/06 11:28:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mizurak\My Documents\MBR.dat
[2012/01/06 10:19:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/04 18:22:22 | 000,001,338 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3rf20f2um0
[2012/01/02 22:32:03 | 000,001,322 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\g74vb3v01u
[2011/12/15 21:54:01 | 000,001,088 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\65b4q172y0fpr8m52k2ok
[2011/12/06 20:25:21 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/06 20:36:18 | 000,012,434 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\bw52mhcyw1t2ljbudg4qdjf
[2011/07/06 20:36:18 | 000,012,434 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bw52mhcyw1t2ljbudg4qdjf
[2011/05/12 19:30:50 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\1i1iov1aj0j32i5
[2011/05/12 19:30:50 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1i1iov1aj0j32i5
[2011/04/29 20:06:22 | 000,013,478 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/29 20:06:22 | 000,013,478 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/07 16:56:25 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wsusihire.dat
[2011/04/07 16:56:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jfexujolije.bin
[2011/03/31 21:51:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/31 21:51:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/31 21:51:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/31 21:51:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/31 21:51:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/02 19:40:08 | 000,127,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\ArcHlp.sys
[2010/10/07 19:23:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/07/24 18:01:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/18 22:32:34 | 000,002,328 | ---- | C] () -- C:\WINDOWS\Contour.INI
[2008/09/12 00:58:50 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\GpsGateComClient.dll
[2008/09/12 00:56:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\GateApiXP.dll
[2008/06/09 20:02:21 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/11/10 18:40:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/19 16:47:54 | 000,000,791 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/02/01 17:15:54 | 000,372,736 | R--- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2007/02/01 17:15:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/01/29 19:46:29 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/29 19:46:29 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/12/01 15:47:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/11/05 21:22:52 | 000,291,601 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2006/10/08 14:06:10 | 000,032,200 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/10/08 14:06:10 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/10/08 14:06:09 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/10/08 14:06:09 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/10/08 14:03:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR320.ini
[2006/10/08 14:03:26 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/10/07 20:31:30 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/16 20:56:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/12 20:30:01 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A4CDBF4FD7.sys
[2006/09/12 20:30:00 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/07 21:01:30 | 000,003,635 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/07 19:37:53 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\fusioncache.dat
[2006/09/01 21:47:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 21:33:14 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/01 21:30:03 | 000,004,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/01 21:28:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/01 21:26:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/01 21:22:08 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/01 20:53:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/01 20:53:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/01 20:52:01 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/03 21:00:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\FransonRegistryRestoration.exe
[2005/09/21 13:05:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\GpsToolsXP.dll
[2005/09/21 13:05:30 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\GpsViewXP.dll
[2005/09/21 13:05:30 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\MapLibXP.dll
[2005/09/21 13:05:28 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\GpsShapeXP.dll
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,325,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,462,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,080,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 10:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/03 22:59:54 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >
  • 0

#6
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-18 08:18:45
-----------------------------
08:18:45.883 OS Version: Windows 5.1.2600 Service Pack 3
08:18:45.883 Number of processors: 2 586 0xE08
08:18:45.883 ComputerName: MIZURAK UserName: Mizurak
08:18:47.008 Initialize success
08:19:34.618 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:19:34.618 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC74P Size: 113035MB BusType: 3
08:19:34.633 Disk 0 MBR read successfully
08:19:34.633 Disk 0 MBR scan
08:19:34.633 Disk 0 unknown MBR code
08:19:34.649 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
08:19:34.664 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108219 MB offset 96390
08:19:34.711 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 221745195
08:19:34.727 Disk 0 scanning sectors +231480585
08:19:34.774 Disk 0 scanning C:\WINDOWS\system32\drivers
08:19:52.696 Service scanning
08:19:54.102 Service Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys **LOCKED** 5
08:19:54.836 Modules scanning
08:20:01.586 Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys **SUSPICIOUS**
08:20:16.930 Module: C:\WINDOWS\system32\dla\tfsndres.sys **SUSPICIOUS**
08:20:19.930 Disk 0 trace - called modules:
08:20:19.946 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86a01ff0]<<
08:20:19.946 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d70ab8]
08:20:19.961 3 CLASSPNP.SYS[f763dfd7] -> nt!IofCallDriver -> [0x86a40f08]
08:20:19.961 \Driver\00001220[0x86a34950] -> IRP_MJ_CREATE -> 0x86a01ff0
08:20:19.961 Scan finished successfully
08:33:46.774 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mizurak\Desktop\MBR.dat"
08:33:46.868 The log file has been saved successfully to "C:\Documents and Settings\Mizurak\Desktop\aswMBR.txt"
  • 0

#7
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Did you previously run Combofix on your own? Can you post the log please.

Also please post the log of Listparts when ready, thank you.
  • 0

#8
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I have run combofix in the past, but not exactly sure when. Here is the log from listparts...thanks for your help..
ListParts by Farbar
Ran by Mizurak on 18-01-2012 at 10:36:02
Windows XP (X86)
Running From: C:\Documents and Settings\Mizurak\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 77%
Total physical RAM: 1014.37 MB
Available physical RAM: 230.07 MB
Total Pagefile: 2441.17 MB
Available Pagefile: 1294.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.48 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:105.68 GB) (Free:77.73 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (BSBR67V4_0) (CDROM) (Total:3.63 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 110 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 106 GB 47 MB
Partition 3 Unknown 4754 MB 106 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 106 GB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No
There is no volume associated with this partition.


****** End Of Log ******
  • 0

#9
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please delete any copy of Combofix that you have and download a new copy.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#10
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 12-01-19.02 - Mizurak 01/19/2012 21:08:28.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.554 [GMT -5:00]
Running from: c:\documents and settings\Mizurak\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\3yr65w7rs8
c:\documents and settings\All Users\Application Data\8an57v1bf5
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB20481$
c:\windows\$NtUninstallKB20481$\2417870572
c:\windows\$NtUninstallKB20481$\3248001433\@
c:\windows\$NtUninstallKB20481$\3248001433\bckfg.tmp
c:\windows\$NtUninstallKB20481$\3248001433\cfg.ini
c:\windows\$NtUninstallKB20481$\3248001433\Desktop.ini
c:\windows\$NtUninstallKB20481$\3248001433\keywords
c:\windows\$NtUninstallKB20481$\3248001433\kwrd.dll
c:\windows\$NtUninstallKB20481$\3248001433\L\pdmzmplg
c:\windows\$NtUninstallKB20481$\3248001433\lsflt7.ver
c:\windows\$NtUninstallKB20481$\3248001433\U\[email protected]
c:\windows\$NtUninstallKB20481$\3248001433\U\[email protected]
c:\windows\$NtUninstallKB20481$\3248001433\U\[email protected]
c:\windows\$NtUninstallKB20481$\3248001433\U\[email protected]
c:\windows\$NtUninstallKB20481$\3248001433\U\[email protected]
c:\windows\$NtUninstallKB20481$\3248001433\U\[email protected]
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\system32\dllcache\cdrom.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 02:22 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-01-20 02:22 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2012-01-11 02:23 . 2012-01-11 02:23 -------- d-----w- C:\_OTM
2012-01-10 20:03 . 2012-01-10 20:03 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-10 20:03 . 2012-01-10 20:03 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-10 20:03 . 2012-01-10 20:03 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-10 20:03 . 2012-01-10 20:03 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-10 03:30 . 2012-01-10 03:30 -------- d-----w- c:\program files\HitmanPro
2012-01-10 02:05 . 2012-01-10 02:05 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-01-10 01:55 . 2012-01-10 03:30 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-10 01:55 . 2012-01-10 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-01-09 22:01 . 2012-01-09 22:01 -------- d-----w- C:\640eefe345385bf0f2e3aba23a
2012-01-09 21:34 . 2012-01-09 21:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-09 02:08 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-09 02:07 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-01-09 02:06 . 2011-04-29 19:07 852480 ------w- c:\windows\system32\dllcache\vgx.dll
2012-01-09 02:06 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-12-22 00:18 . 2012-01-06 15:56 -------- d-----w- c:\documents and settings\Mizurak\Local Settings\Application Data\Cdcrtserv
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 01:46 . 2011-12-07 01:25 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-01-09 02:00 . 2010-11-05 01:03 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-09 02:00 . 2010-11-05 01:03 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-13 00:41 . 2011-12-13 00:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2009-06-05 15:05 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2005-08-16 09:18 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 20:35 . 2005-08-16 09:18 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2005-08-16 09:18 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 16:07 . 2005-08-16 09:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02 . 2005-08-16 09:18 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-08-16 09:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-10 20:03 . 2011-05-03 01:39 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-09 02:54 . 2008-02-05 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-06_22.22.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 03:51 . 2011-04-19 03:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2011-05-14 01:17 . 2011-05-14 01:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-01-20 02:26 . 2012-01-20 02:26 16384 c:\windows\temp\Perflib_Perfdata_24c.dat
+ 2012-01-20 02:26 . 2012-01-20 02:26 16384 c:\windows\temp\Perflib_Perfdata_19c.dat
- 2005-08-16 09:18 . 2008-04-14 00:12 37888 c:\windows\system32\url.dll
+ 2005-08-16 09:18 . 2011-11-01 20:35 37888 c:\windows\system32\url.dll
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2012-01-09 21:54 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\W32X86\mdiui.dll
+ 2012-01-09 21:54 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\W32X86\3\mdiui.dll
+ 2005-08-16 09:18 . 2012-01-20 02:32 80928 c:\windows\system32\perfc009.dat
- 2005-08-16 09:18 . 2012-01-06 22:26 80928 c:\windows\system32\perfc009.dat
+ 2005-08-16 09:18 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
+ 2011-11-01 20:35 . 2011-11-01 20:35 37888 c:\windows\system32\dllcache\url.dll
+ 2009-02-20 08:10 . 2011-11-01 20:35 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:10 . 2011-02-17 13:51 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2012-01-09 22:03 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Web.RegularExpressions.dll
+ 2012-01-09 22:03 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Drawing.Design.dll
+ 2012-01-09 22:14 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Configuration.Install.dll
+ 2012-01-09 22:08 . 2008-07-25 15:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-01-09 22:06 . 2008-07-25 15:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.Vsa.dll
+ 2012-01-09 22:08 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-09 22:12 . 2008-07-25 15:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.Build.Utilities.dll
+ 2012-01-09 22:11 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.Build.Framework.dll
+ 2012-01-09 22:07 . 2008-07-25 15:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\ISymWrapper.dll
+ 2012-01-09 22:05 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\IEHost.dll
+ 2012-01-09 22:04 . 2008-07-25 15:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\CustomMarshalers.dll
+ 2012-01-09 22:03 . 2008-07-25 15:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\cscompmgd.dll
+ 2012-01-09 22:04 . 2008-07-25 15:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Accessibility.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-07-08 19:00 . 2011-07-08 19:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-07-07 17:04 . 2011-07-07 17:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-07-07 17:04 . 2011-07-07 17:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-07-07 17:03 . 2011-07-07 17:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-07-07 18:09 . 2011-07-07 18:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-07-07 18:09 . 2011-07-07 18:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2005-08-16 09:38 . 2009-06-24 02:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2005-08-16 09:38 . 2011-07-05 20:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2005-08-16 09:38 . 2009-06-24 02:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2005-08-16 09:38 . 2011-07-05 20:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2005-08-16 09:38 . 2011-07-06 14:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2005-08-16 09:38 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2005-08-16 09:38 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2005-08-16 09:38 . 2011-07-06 14:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-02 02:26 . 2012-01-09 21:55 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-02 02:26 . 2012-01-09 21:55 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-09-02 02:26 . 2012-01-09 21:55 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-09-02 02:26 . 2012-01-09 21:55 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-09-02 02:26 . 2012-01-09 21:55 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-04-14 13:53 . 2011-04-14 13:53 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-01-09 22:01 . 2012-01-09 22:01 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-01-09 03:41 . 2012-01-09 03:41 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_04db37ea\System.Drawing.Design.dll
+ 2012-01-09 03:41 . 2012-01-09 03:41 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2916cc44\CustomMarshalers.dll
+ 2012-01-09 21:39 . 2012-01-09 21:39 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_1954ed87\System.Drawing.Design.dll
+ 2012-01-09 21:38 . 2012-01-09 21:38 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_29c569a7\CustomMarshalers.dll
+ 2012-01-09 03:41 . 2012-01-09 03:41 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-07 19:41 . 2010-10-07 19:41 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-09 22:05 . 2008-07-25 15:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft_VsaVb.dll
+ 2012-01-09 22:14 . 2008-07-25 15:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.VisualC.Dll
+ 2012-01-09 22:05 . 2008-07-25 15:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\IIEHost.dll
+ 2012-01-09 22:04 . 2008-07-25 15:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\IEExecRemote.dll
+ 2005-08-16 09:38 . 2011-07-12 23:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2005-08-16 09:38 . 2009-06-29 15:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2006-09-02 02:26 . 2012-01-09 21:55 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-04-19 03:51 . 2011-04-19 03:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
+ 2011-05-14 06:17 . 2011-05-14 06:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 06:12 . 2011-05-14 06:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 06:11 . 2011-05-14 06:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2005-08-16 09:18 . 2011-04-26 11:07 293376 c:\windows\system32\winsrv.dll
- 2005-08-16 09:18 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2005-08-16 09:18 . 2011-11-01 20:35 633344 c:\windows\system32\urlmon.dll
+ 2012-01-09 21:54 . 2007-04-09 17:24 758664 c:\windows\system32\spool\drivers\W32X86\mdigraph.dll
+ 2012-01-09 21:54 . 2007-04-09 17:24 758664 c:\windows\system32\spool\drivers\W32X86\3\mdigraph.dll
+ 2005-08-16 09:18 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
+ 2005-08-16 09:18 . 2012-01-20 02:32 462688 c:\windows\system32\perfh009.dat
- 2005-08-16 09:18 . 2012-01-06 22:26 462688 c:\windows\system32\perfh009.dat
+ 2005-08-16 09:18 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
- 2005-08-16 09:18 . 2011-02-17 13:51 532480 c:\windows\system32\mstime.dll
+ 2005-08-16 09:18 . 2011-11-01 20:35 532480 c:\windows\system32\mstime.dll
+ 2005-08-16 09:18 . 2011-11-01 20:35 449536 c:\windows\system32\mshtmled.dll
- 2005-08-16 09:18 . 2011-02-17 13:51 251904 c:\windows\system32\iepeers.dll
+ 2005-08-16 09:18 . 2011-11-01 20:35 251904 c:\windows\system32\iepeers.dll
- 2005-08-16 09:27 . 2011-04-16 14:40 325112 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 09:27 . 2012-01-09 22:26 325112 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 09:37 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2005-08-16 09:37 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2005-08-16 09:18 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2005-08-16 09:18 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2005-08-16 09:18 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2005-08-16 09:18 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
- 2008-04-21 06:44 . 2011-02-17 13:51 667136 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-21 06:44 . 2011-11-01 20:35 667136 c:\windows\system32\dllcache\wininet.dll
+ 2008-06-26 08:15 . 2011-11-01 20:35 633344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2010-11-05 05:05 . 2011-11-01 20:35 532480 c:\windows\system32\dllcache\mstime.dll
- 2010-11-05 05:05 . 2011-02-17 13:51 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-09-09 14:16 . 2011-11-01 20:35 449536 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-11-13 19:53 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-02-26 05:43 . 2011-11-01 20:35 251904 c:\windows\system32\dllcache\iepeers.dll
- 2010-02-26 05:43 . 2011-02-17 13:51 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2011-09-28 07:06 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
+ 2005-08-16 09:18 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
- 2005-08-16 09:18 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-01-09 22:03 . 2008-07-25 15:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Web.Services.dll
+ 2012-01-09 22:03 . 2008-07-25 15:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Web.Mobile.dll
+ 2012-01-09 22:08 . 2008-07-25 15:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Transactions.dll
+ 2012-01-09 22:06 . 2008-07-25 15:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.ServiceProcess.dll
+ 2012-01-09 22:09 . 2008-07-25 15:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-09 22:10 . 2008-07-25 15:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Runtime.Remoting.dll
+ 2012-01-09 22:11 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Messaging.dll
+ 2012-01-09 22:12 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Management.dll
+ 2012-01-09 22:09 . 2008-07-25 15:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.EnterpriseServices.Wrapper.dll
+ 2012-01-09 22:09 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.EnterpriseServices.dll
+ 2012-01-09 22:10 . 2008-07-25 15:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Drawing.dll
+ 2012-01-09 22:03 . 2008-07-25 15:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.DirectoryServices.Protocols.dll
+ 2012-01-09 22:07 . 2008-07-25 15:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.DirectoryServices.dll
+ 2012-01-09 22:16 . 2008-07-25 15:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Deployment.dll
+ 2012-01-09 22:15 . 2008-07-25 15:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Data.SqlXml.dll
+ 2012-01-09 22:15 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Data.OracleClient.dll
+ 2012-01-09 22:15 . 2008-07-25 15:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.configuration.dll
+ 2012-01-09 22:14 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\sysglobl.dll
+ 2012-01-09 22:06 . 2008-07-25 15:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.VisualBasic.dll
+ 2012-01-09 22:07 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-09 22:07 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-09 22:07 . 2008-07-25 15:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.JScript.dll
+ 2012-01-09 22:11 . 2008-07-25 15:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.Build.Tasks.dll
+ 2012-01-09 22:09 . 2008-07-25 15:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\Microsoft.Build.Engine.dll
+ 2012-01-09 22:03 . 2008-07-25 15:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\AspNetMMCExt.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-07-07 17:04 . 2011-07-07 17:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-07-07 17:01 . 2011-07-07 17:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-07-07 18:09 . 2011-07-07 18:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2005-08-16 09:38 . 2011-07-05 20:44 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2005-08-16 09:38 . 2009-06-24 01:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2005-08-16 09:38 . 2011-07-06 14:57 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2005-08-16 09:38 . 2009-06-24 02:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2012-01-09 22:01 . 2012-01-09 22:01 223744 c:\windows\Installer\d2b56.msi
+ 2012-01-09 21:44 . 2012-01-09 21:44 467456 c:\windows\Installer\d2acd.msi
+ 2012-01-09 01:46 . 2012-01-09 01:46 223232 c:\windows\Installer\b099d90.msi
+ 2006-09-02 02:26 . 2012-01-09 21:55 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-02 02:26 . 2012-01-09 21:55 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-09-02 02:26 . 2012-01-09 21:55 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-09-02 02:26 . 2012-01-09 21:55 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-09-02 02:26 . 2011-04-18 01:39 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-09-02 02:26 . 2012-01-09 21:55 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2012-01-11 02:22 . 2012-01-11 02:22 344064 c:\windows\ERDNT\1-10-2012\Users\00000002\UsrClass.dat
+ 2012-01-11 02:22 . 2005-10-20 17:02 163328 c:\windows\ERDNT\1-10-2012\ERDNT.EXE
+ 2008-11-13 19:53 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2012-01-09 03:42 . 2012-01-09 03:42 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_54589c1a\System.Drawing.dll
+ 2012-01-09 03:42 . 2012-01-09 03:42 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2e83e33a\System.Drawing.Design.dll
+ 2012-01-09 03:42 . 2012-01-09 03:42 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_059dd020\CustomMarshalers.dll
+ 2012-01-09 21:39 . 2012-01-09 21:39 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_eada51c8\System.Drawing.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 3780936 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 3766088 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2005-08-16 09:18 . 2011-11-01 20:35 1510400 c:\windows\system32\shdocvw.dll
- 2005-08-16 09:18 . 2011-02-17 13:51 1510400 c:\windows\system32\shdocvw.dll
+ 2005-08-16 09:18 . 2011-11-03 15:51 3087360 c:\windows\system32\mshtml.dll
+ 2008-10-14 20:52 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:15 . 2011-11-01 20:35 1510400 c:\windows\system32\dllcache\shdocvw.dll
- 2008-06-26 08:15 . 2011-02-17 13:51 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
- 2008-10-14 20:51 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-14 20:51 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-14 20:51 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-14 20:51 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-14 20:51 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-14 20:51 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-14 20:51 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-14 20:51 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-21 06:44 . 2011-11-03 15:51 3087360 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-10 04:33 . 2011-11-01 20:35 1025024 c:\windows\system32\dllcache\browseui.dll
- 2010-03-10 04:33 . 2011-02-17 13:51 1025024 c:\windows\system32\dllcache\browseui.dll
- 2005-08-16 09:18 . 2011-02-17 13:51 1025024 c:\windows\system32\browseui.dll
+ 2005-08-16 09:18 . 2011-11-01 20:35 1025024 c:\windows\system32\browseui.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-01-09 22:16 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.XML.dll
+ 2012-01-09 22:03 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Windows.Forms.dll
+ 2012-01-09 22:03 . 2010-09-22 13:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Web.dll
+ 2012-01-09 22:16 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.dll
+ 2012-01-09 22:03 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Design.dll
+ 2012-01-09 22:15 . 2008-07-25 15:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\System.Data.dll
+ 2012-01-09 22:13 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC27812\mscorlib.dll
+ 2011-07-08 18:59 . 2011-07-08 18:59 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2011-07-08 18:59 . 2011-07-08 18:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-07-07 17:02 . 2011-07-07 17:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-07-07 17:02 . 2011-07-07 17:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2011-07-08 18:59 . 2011-07-08 18:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2005-08-16 09:38 . 2011-07-12 23:04 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2005-08-16 09:38 . 2009-06-29 15:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2005-08-16 09:38 . 2011-07-05 20:45 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2005-08-16 09:38 . 2009-06-24 02:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2005-08-16 09:38 . 2011-07-05 20:46 2408448 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2005-08-16 09:38 . 2011-07-12 23:05 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2005-08-16 09:38 . 2009-06-29 15:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\d2b5d.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\d2b4f.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\d2b3c.msp
+ 2011-10-30 04:10 . 2011-10-30 04:10 6824960 c:\windows\Installer\d2b29.msp
+ 2011-10-31 17:37 . 2011-10-31 17:37 4146688 c:\windows\Installer\d2b16.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\d2b02.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\d2afa.msp
+ 2011-11-17 15:55 . 2011-11-17 15:55 5522944 c:\windows\Installer\d2ae7.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\d2ad4.msp
+ 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\d2ac0.msp
+ 2007-04-19 18:09 . 2007-04-19 18:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
- 2008-10-14 20:51 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-14 20:51 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-14 20:51 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 20:51 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 20:51 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-14 20:51 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 20:51 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-14 20:51 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-01-09 03:42 . 2012-01-09 03:42 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b8be418a\System.dll
+ 2012-01-09 03:41 . 2012-01-09 03:41 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_72a9beb1\System.dll
+ 2012-01-09 03:42 . 2012-01-09 03:42 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_de649c13\System.Xml.dll
+ 2012-01-09 03:43 . 2012-01-09 03:43 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ae06d770\System.Xml.dll
+ 2012-01-09 03:43 . 2012-01-09 03:43 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ef2f9094\System.Windows.Forms.dll
+ 2012-01-09 03:42 . 2012-01-09 03:42 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b16d2af4\System.Windows.Forms.dll
+ 2012-01-09 03:43 . 2012-01-09 03:43 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_1ead574c\System.Drawing.dll
+ 2012-01-09 03:43 . 2012-01-09 03:43 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_aceede00\System.Design.dll
+ 2012-01-09 03:42 . 2012-01-09 03:42 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_626ef5e0\System.Design.dll
+ 2012-01-09 03:43 . 2012-01-09 03:43 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a310dcb7\mscorlib.dll
+ 2012-01-09 03:42 . 2012-01-09 03:42 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_94fd599f\mscorlib.dll
+ 2012-01-09 21:39 . 2012-01-09 21:39 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_b5e7c3ee\System.dll
+ 2012-01-09 21:39 . 2012-01-09 21:39 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_7200c821\System.Xml.dll
+ 2012-01-09 21:39 . 2012-01-09 21:39 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_ee34757c\System.Windows.Forms.dll
+ 2012-01-09 21:39 . 2012-01-09 21:39 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_a7aaa0ce\System.Design.dll
+ 2012-01-09 21:38 . 2012-01-09 21:38 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_ddd1d66a\mscorlib.dll
+ 2012-01-09 03:41 . 2012-01-09 03:41 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-10-07 19:41 . 2010-10-07 19:41 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-10-07 19:41 . 2010-10-07 19:41 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-09 03:41 . 2012-01-09 03:41 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-09 21:38 . 2012-01-09 21:38 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-29 01:45 . 2009-10-29 01:45 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2006-09-11 01:25 . 2011-12-07 16:44 52988224 c:\windows\system32\MRT.exe
+ 2011-07-13 03:49 . 2011-07-13 03:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp
+ 2011-07-12 01:43 . 2011-07-12 01:43 11641344 c:\windows\Installer\d2b5f.msp
+ 2011-07-12 20:50 . 2011-07-12 20:50 17555968 c:\windows\Installer\b72360e.msp
+ 2012-01-11 02:22 . 2012-01-11 02:22 10207232 c:\windows\ERDNT\1-10-2012\Users\00000001\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"Dell QuickSet"="c:\progra~1\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-29 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-1 24576]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [11/2/2010 7:40 PM 127744]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [4/3/2006 9:00 PM 14949]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/4/2010 7:51 PM 233136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/4/2010 8:03 PM 136360]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [11/4/2010 7:51 PM 88040]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [11/4/2010 7:50 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [11/4/2010 7:50 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [11/4/2010 7:50 PM 115216]
S2 gupdate1c985946d07dba9;Google Update Service (gupdate1c985946d07dba9);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 7:14 PM 133104]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [9/12/2008 12:58 AM 258048]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/1/2006 9:36 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 7:14 PM 133104]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/28/2010 7:52 PM 24576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]
.
2012-01-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 21:14]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 21:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4828)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\dla\tfswshx.dll
c:\windows\system32\tfswapi.dll
c:\windows\system32\dla\tfswcres.dll
c:\program files\Microsoft Money\System\mnyviewer.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Microsoft Money\System\urlmapps.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\TechSmith\Snagit 9\TSCHelp.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files\TechSmith\Snagit 9\snagiteditor.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\program files\Mozilla Firefox\plugin-container.exe
.
**************************************************************************
.
Completion time: 2012-01-19 21:41:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 02:41
ComboFix2.txt 2012-01-06 22:32
ComboFix3.txt 2011-04-01 03:09
.
Pre-Run: 83,244,220,416 bytes free
Post-Run: 83,778,453,504 bytes free
.
- - End Of File - - 6FC8442BE4B03B17E845A8E09C228540
  • 0

Advertisements


#11
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi CMiz2184,

Some more clean-up to do. Please let me know if there's any improvement.


1. We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


2. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
    FF - prefs.js..extensions.enabledItems: {527545F4-4A2D-443B-8E8A-7BBF04EF1D00}:1.9.1
    [2012/01/10 20:55:30 | 000,001,050 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3yr65w7rs8
    [2012/01/10 20:55:30 | 000,001,050 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3yr65w7rs8
    [2012/01/10 20:55:29 | 000,381,440 | ---- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\jbf.exe
    [2012/01/09 20:14:22 | 000,001,022 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\8an57v1bf5
    [2012/01/09 20:14:22 | 000,001,022 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8an57v1bf5
    [2012/01/09 20:14:21 | 000,356,352 | ---- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\eho.exe
    [2012/01/09 20:14:16 | 000,356,352 | ---- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\mgm.exe
    [2012/01/04 18:22:22 | 000,001,338 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3rf20f2um0
    [2012/01/02 22:32:03 | 000,001,322 | -HS- | M] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\g74vb3v01u
    [2012/01/04 18:22:22 | 000,001,338 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\3rf20f2um0
    [2012/01/02 22:32:03 | 000,001,322 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\g74vb3v01u
    [2011/12/15 21:54:01 | 000,001,088 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\65b4q172y0fpr8m52k2ok
    [2011/07/06 20:36:18 | 000,012,434 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\bw52mhcyw1t2ljbudg4qdjf
    [2011/07/06 20:36:18 | 000,012,434 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bw52mhcyw1t2ljbudg4qdjf
    [2011/05/12 19:30:50 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\1i1iov1aj0j32i5
    [2011/05/12 19:30:50 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1i1iov1aj0j32i5
    [2011/04/29 20:06:22 | 000,013,478 | -HS- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
    [2011/04/29 20:06:22 | 000,013,478 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
    [2011/04/07 16:56:25 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wsusihire.dat
    [2011/04/07 16:56:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jfexujolije.bin
    
    :Reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.


3. Run OTL.
  • Click the None button at the top (Between "Run fix" and "Clean up" button).
  • Copy and Paste the following code into the Custom Scan box.

    /md5start
    tfsndres.sys
    /md5stop
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.

  • 0

#12
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
All processes killed
========== OTL ==========
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
Prefs.js: {527545F4-4A2D-443B-8E8A-7BBF04EF1D00}:1.9.1 removed from extensions.enabledItems
C:\Documents and Settings\Mizurak\Local Settings\Application Data\3yr65w7rs8 moved successfully.
File C:\Documents and Settings\All Users\Application Data\3yr65w7rs8 not found.
File C:\Documents and Settings\Mizurak\Local Settings\Application Data\jbf.exe not found.
C:\Documents and Settings\Mizurak\Local Settings\Application Data\8an57v1bf5 moved successfully.
File C:\Documents and Settings\All Users\Application Data\8an57v1bf5 not found.
File C:\Documents and Settings\Mizurak\Local Settings\Application Data\eho.exe not found.
File C:\Documents and Settings\Mizurak\Local Settings\Application Data\mgm.exe not found.
C:\Documents and Settings\Mizurak\Local Settings\Application Data\3rf20f2um0 moved successfully.
C:\Documents and Settings\Mizurak\Local Settings\Application Data\g74vb3v01u moved successfully.
File C:\Documents and Settings\Mizurak\Local Settings\Application Data\3rf20f2um0 not found.
File C:\Documents and Settings\Mizurak\Local Settings\Application Data\g74vb3v01u not found.
C:\Documents and Settings\Mizurak\Local Settings\Application Data\65b4q172y0fpr8m52k2ok moved successfully.
C:\Documents and Settings\Mizurak\Local Settings\Application Data\bw52mhcyw1t2ljbudg4qdjf moved successfully.
C:\Documents and Settings\All Users\Application Data\bw52mhcyw1t2ljbudg4qdjf moved successfully.
C:\Documents and Settings\Mizurak\Local Settings\Application Data\1i1iov1aj0j32i5 moved successfully.
C:\Documents and Settings\All Users\Application Data\1i1iov1aj0j32i5 moved successfully.
C:\Documents and Settings\Mizurak\Local Settings\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4 moved successfully.
C:\Documents and Settings\All Users\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4 moved successfully.
C:\WINDOWS\Wsusihire.dat moved successfully.
C:\WINDOWS\Jfexujolije.bin moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\\AntiVirusOverride deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\\FirewallOverride deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Mizurak\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Mizurak\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 454 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 614 bytes

User: Mizurak
->Temp folder emptied: 425380 bytes
->Temporary Internet Files folder emptied: 55725028 bytes
->Java cache emptied: 3765217 bytes
->FireFox cache emptied: 54662653 bytes
->Flash cache emptied: 395258 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 409540 bytes
->Flash cache emptied: 8619 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4427701 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 54528096 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 166.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 01252012_165933

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_200.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#13
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 1/25/2012 5:08:32 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mizurak\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 198.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.68 Gb Total Space | 77.44 Gb Free Space | 73.27% Space Free | Partition Type: NTFS
Drive D: | 3.63 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIZURAK | User Name: Mizurak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: TFSNDRES.SYS >
[2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) MD5=8DB1E78FBF7C426D8EC3D8F1A33D6485 -- C:\i386\tfsndres.sys
[2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) MD5=8DB1E78FBF7C426D8EC3D8F1A33D6485 -- C:\Program Files\Sonic\DLA\install\tfsndres.sys
[2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) MD5=8DB1E78FBF7C426D8EC3D8F1A33D6485 -- C:\WINDOWS\system32\dla\tfsndres.sys

< End of report >
  • 0

#14
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

How's the computer running?

Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :Files
    C:\WINDOWS\system32\dla\tfsndres.sys|C:\Program Files\Sonic\DLA\install\tfsndres.sys /replace
    
    :Commands
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

  • 0

#15
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello,
The computer is running much faster now, and I am not getting anymore of the "google redirects. I am still getting a message from Avira virus scanner that I am infected with malware. I ran the last OTL, but I got the blue error screen when running the fix. The error was DRIVER_CORRUPTED_MMPOOL....When I rebooted the machine the OTL log showed up...


Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP