Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help me be sure my computer is clean

Started by wharriss , Jan 23 2013 01:32 PM

  • Please log in to reply

#61
RKinner
Posted 28 January 2013 - 04:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box: 


ipconfig  /flushdns

netsh  winsock  reset  catalog

netsh  int  ip  reset  reset.log
(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test IE. Run otl quickscan, let's see if that helped the O10
  • 0

Advertisements

#62
wharriss
Posted 28 January 2013 - 05:08 PM

wharriss

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Ron

The first two command prompts got successful actions shown
The last command had no response shown

The IE6 is still there with the homepage address but no web page loaded. I noticed the last OTL mentioned IE8, I know I had installed IE8 as part of bringing my windows SP1 fresh install up to date. I installed it after I installed SP3. I don't remember if I deleted any IE program that came with the windows installation or not.

OTL logfile created on: 1/28/2013 5:41:27 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 52.62% Memory free
3.29 Gb Paging File | 2.58 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.50 Gb Total Space | 89.72 Gb Free Space | 84.24% Space Free | Partition Type: NTFS
Drive D: | 5.29 Gb Total Space | 0.96 Gb Free Space | 18.14% Space Free | Partition Type: FAT32

Computer Name: YOUR-XHTR8HVC4P | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/23 12:09:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/01 14:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/23 22:34:34 | 000,016,384 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
PRC - [2003/08/09 11:27:16 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/06/14 01:53:34 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe
PRC - [2003/06/13 06:08:16 | 000,233,472 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/05/23 04:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/03/21 19:52:06 | 000,552,960 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
PRC - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 05:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2002/10/07 09:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe


========== Modules (No Company Name) ==========

MOD - [2003/08/23 22:34:34 | 000,143,360 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\bwfiles.dll
MOD - [2003/08/23 22:34:34 | 000,094,208 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\FrExt.dll
MOD - [2003/08/23 22:34:34 | 000,053,248 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\clntutil.dll
MOD - [2003/08/23 22:34:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\frext-137903.dll
MOD - [2003/08/23 22:34:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BWfiles-137903.dll
MOD - [2003/08/23 22:34:34 | 000,016,384 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
MOD - [2003/08/23 22:34:32 | 000,053,248 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\HPClientExt.dll
MOD - [2003/06/17 01:57:56 | 000,163,840 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll
MOD - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
MOD - [2003/02/21 05:50:12 | 000,040,960 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
MOD - [2003/02/21 05:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
MOD - [2003/02/21 05:49:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll
MOD - [2002/10/07 09:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/16 15:10:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys -- (Sunkfiltp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/04/13 22:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2003/08/11 12:22:54 | 000,040,228 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/21 23:18:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/03/31 23:29:42 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/03/20 00:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.finance.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20130104,6902,0,64,0"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: extension21804%40extension21804.com:0.87.24
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.netassistant.keyword.url: "http://syndaneta.net...94&searchterm="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/22 01:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/01/22 01:10:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/01/28 13:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\extensions
[2013/01/28 13:24:22 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\extensions\[email protected]
[2013/01/23 12:13:00 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\extensions\[email protected]
[2013/01/28 13:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\extensions\[email protected]\chrome
[2013/01/28 13:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\extensions\[email protected]\defaults
[2013/01/28 13:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\extensions\[email protected]\locale
[2013/01/28 13:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\extensions\[email protected]\skin
[2013/01/28 13:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\extensions\[email protected]\chrome\content\extensionCode
[2013/01/24 20:51:13 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/22 01:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/16 15:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/16 15:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/14 09:57:14 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2013/01/16 15:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.3.2.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/27 10:36:55 | 000,444,602 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15296 more lines...
O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll File not found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE (Novell, Inc., c/o Corel Corporation Limited)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\BackupNotify.exe ( )
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71E0B485-8793-4C90-B0BB-4E041D1C2FBB}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/23 07:53:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/27 23:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group
[2013/01/27 23:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013/01/27 23:05:41 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/01/27 23:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/27 10:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/01/27 10:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/01/27 07:38:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/26 23:53:31 | 000,000,000 | ---D | C] -- C:\Temp
[2013/01/26 18:20:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/26 12:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2013/01/26 12:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Companion Plugin
[2013/01/26 11:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\SpeedFan
[2013/01/26 11:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013/01/26 08:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/01/25 15:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\minidump unzipped
[2013/01/25 15:17:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/25 14:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Minidump
[2013/01/25 12:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\NirSoft BlueScreenView
[2013/01/25 12:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2013/01/24 20:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
[2013/01/24 20:24:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/24 01:13:13 | 002,712,200 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\procexp.exe
[2013/01/23 22:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/01/23 22:49:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/23 22:49:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/23 22:49:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/23 22:49:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/23 22:49:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/23 22:49:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/01/23 22:41:22 | 005,026,656 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/01/23 22:22:27 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/01/23 22:19:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Shortcut to 7-Zip
[2013/01/23 22:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\7-Zip
[2013/01/23 22:00:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2013/01/23 18:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2013/01/23 17:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/23 13:24:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2013/01/23 13:15:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2013/01/23 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/01/23 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/01/23 12:09:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/01/23 09:47:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2013/01/23 09:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2013/01/23 08:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2013/01/22 23:33:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2013/01/22 23:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2013/01/22 23:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2013/01/22 23:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/01/22 23:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/01/22 23:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/01/22 23:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/22 13:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/01/22 13:04:53 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2013/01/22 08:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2013/01/22 08:12:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2013/01/22 08:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\WordPerfect Office 11
[2013/01/22 08:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2013/01/22 07:07:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2013/01/22 03:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/01/22 03:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/01/22 02:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/01/22 02:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2013
[2013/01/22 01:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2013/01/22 01:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 01:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/22 01:38:26 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/22 01:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/22 01:25:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2013/01/22 01:25:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2013/01/22 01:20:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/01/22 01:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2013/01/22 01:12:51 | 000,000,000 | ---D | C] -- C:\I386
[2013/01/22 01:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2013/01/22 01:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2013/01/22 01:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2013/01/22 01:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/01/22 01:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/01/22 01:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/22 01:03:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2013/01/22 01:03:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup
[2013/01/22 01:03:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2013/01/22 01:03:17 | 000,000,000 | R--D | C] -- C:\Program Files
[2013/01/22 01:03:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Accessories
[2013/01/22 01:03:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2013/01/22 01:03:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2013/01/22 01:03:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2013/01/22 01:03:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2013/01/22 01:03:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2013/01/22 01:03:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2013/01/22 01:03:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/01/22 01:03:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2013/01/22 01:03:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2013/01/22 01:03:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2013/01/22 01:03:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2013/01/22 01:03:02 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2013/01/22 01:02:48 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2013/01/22 01:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2013
[2013/01/22 01:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Avg2013
[2013/01/22 01:01:19 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2013/01/22 01:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/01/22 01:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/01/22 01:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/01/22 01:00:29 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/01/22 00:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/01/22 00:57:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/01/22 00:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\MFAData
[2013/01/22 00:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/01/22 00:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2013
[2013/01/22 00:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2013/01/22 00:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/01/22 00:39:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/01/22 00:33:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2013/01/22 00:33:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/01/22 00:33:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2013/01/22 00:33:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2013/01/22 00:33:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/01/22 00:33:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2013/01/22 00:33:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2013/01/22 00:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2013/01/22 00:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2013/01/22 00:29:29 | 003,374,640 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourP.exe
[2013/01/22 00:29:08 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2013/01/22 00:29:08 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2013/01/22 00:26:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/01/22 00:26:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2013/01/22 00:26:12 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2013/01/22 00:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2013/01/22 00:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2013/01/21 23:41:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\UserData
[2013/01/21 23:37:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/01/21 23:36:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/21 23:35:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2013/01/21 23:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/21 23:31:25 | 001,675,264 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplva6.dll
[2013/01/21 23:31:25 | 001,630,208 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvw7.dll
[2013/01/21 23:31:25 | 000,106,496 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\lmpgspl.ax
[2013/01/21 23:31:25 | 000,081,920 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplaw7.dll
[2013/01/21 23:31:25 | 000,081,920 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplaa6.dll
[2013/01/21 23:31:25 | 000,069,632 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplapx.dll
[2013/01/21 23:31:25 | 000,069,632 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplam6.dll
[2013/01/21 23:31:25 | 000,047,104 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\lmpgad.ax
[2013/01/21 23:31:24 | 001,581,056 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvm6.dll
[2013/01/21 23:31:24 | 001,150,976 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvpx.dll
[2013/01/21 23:31:24 | 000,094,208 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\lmpgvd.ax
[2013/01/21 23:30:54 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2013/01/21 23:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Encarta Online
[2013/01/21 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Multimedia Card Reader
[2013/01/21 23:29:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/28 17:36:25 | 000,001,394 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/01/28 17:35:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/28 17:35:16 | 1542,901,760 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/28 15:35:37 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/28 15:25:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 0e3eb492-cbf8-45c6-b942-0acf4ac16323.job
[2013/01/28 15:20:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/27 23:18:43 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/01/27 23:05:44 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/01/27 13:34:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2013/01/27 10:36:55 | 000,444,602 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/27 10:17:45 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2013/01/27 08:19:13 | 000,423,410 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/27 08:19:12 | 000,062,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/26 23:31:57 | 000,821,248 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FreeISOBurner.exe
[2013/01/26 11:44:31 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Notepad.lnk
[2013/01/26 11:13:38 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpeedFan.lnk
[2013/01/26 11:13:36 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2013/01/25 15:00:23 | 000,026,911 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Minidump.zip
[2013/01/25 12:51:34 | 000,140,608 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bluescreenview_setup.exe
[2013/01/24 20:19:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130127-103655.backup
[2013/01/24 20:07:26 | 005,026,656 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/01/24 13:45:12 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\VEW(1).exe
[2013/01/24 01:39:40 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ServicesRepair.exe
[2013/01/24 01:21:48 | 000,574,315 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/01/24 01:13:15 | 002,712,200 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\procexp.exe
[2013/01/24 00:15:51 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2013/01/23 23:07:48 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/23 22:54:11 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Mini012313-01.jpg
[2013/01/23 22:23:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/01/23 16:04:13 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\exeHelper.com
[2013/01/23 13:30:48 | 001,531,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\IMG_0387.JPG
[2013/01/23 13:24:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2013/01/23 13:15:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2013/01/23 12:30:10 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/23 12:09:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/01/23 12:08:06 | 002,053,105 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\IMG_0386.JPG
[2013/01/23 12:07:54 | 001,653,739 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\IMG_0385.JPG
[2013/01/23 09:47:36 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2013/01/23 02:00:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d5461f6d-cebd-4812-b517-c079b1b30ec8.job
[2013/01/22 23:25:16 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/22 13:04:53 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2013/01/22 08:40:36 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/22 08:13:50 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/01/22 08:13:07 | 000,001,079 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2013/01/22 08:13:07 | 000,000,258 | ---- | M] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2013/01/22 01:38:32 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/22 01:09:59 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/22 01:09:59 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/22 01:01:05 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/01/22 00:40:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/22 00:29:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/01/22 00:29:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2013/01/21 23:36:28 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2013/01/21 23:34:43 | 000,004,168 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_DM168A-ABA A320N_YC_Pavi_QMXK339_E34NAheBLU2_4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.13_T030813_WXH1_L409_M1472_J120_7AMD_8Athlon XP 2800+_92.08_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G10DE01F0.MRK
[2013/01/21 23:32:38 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/01/21 23:27:45 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/27 23:05:44 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/01/27 10:17:45 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2013/01/27 09:32:05 | 000,165,818 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4098188977-3005115923-3956672664-1003-0.dat
[2013/01/26 23:53:32 | 000,165,818 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/26 23:31:56 | 000,821,248 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FreeISOBurner.exe
[2013/01/26 13:44:45 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/01/26 11:13:38 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpeedFan.lnk
[2013/01/26 11:13:33 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2013/01/25 20:38:23 | 1542,901,760 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/25 15:04:53 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Mini012313-01.jpg
[2013/01/25 15:00:23 | 000,026,911 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Minidump.zip
[2013/01/25 12:51:39 | 000,140,608 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bluescreenview_setup.exe
[2013/01/24 13:45:10 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\VEW(1).exe
[2013/01/24 01:39:25 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ServicesRepair.exe
[2013/01/24 01:21:47 | 000,574,315 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/01/24 00:30:04 | 001,531,090 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\IMG_0387.JPG
[2013/01/24 00:15:51 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2013/01/23 23:10:54 | 002,053,105 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\IMG_0386.JPG
[2013/01/23 23:10:38 | 001,653,739 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\IMG_0385.JPG
[2013/01/23 23:06:55 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/23 22:49:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/23 22:49:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/23 22:49:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/23 22:49:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/23 22:49:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/23 16:04:12 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\exeHelper.com
[2013/01/23 12:30:09 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/23 12:30:06 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/22 23:25:38 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 0e3eb492-cbf8-45c6-b942-0acf4ac16323.job
[2013/01/22 23:25:37 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d5461f6d-cebd-4812-b517-c079b1b30ec8.job
[2013/01/22 23:25:16 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/22 09:54:00 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Notepad.lnk
[2013/01/22 08:13:07 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2013/01/22 01:38:32 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/22 01:32:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/01/22 01:32:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013/01/22 01:20:27 | 000,001,394 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/01/22 01:09:59 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/22 01:09:59 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/22 01:09:59 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/22 01:01:05 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/01/22 00:40:31 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Outlook Express.lnk
[2013/01/22 00:40:29 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2013/01/22 00:40:25 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media Player.lnk
[2013/01/22 00:33:36 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2013/01/22 00:33:36 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2013/01/22 00:33:36 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2013/01/22 00:33:36 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2013/01/22 00:33:36 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2013/01/22 00:33:36 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2013/01/22 00:33:36 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2013/01/22 00:33:36 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2013/01/22 00:33:36 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2013/01/22 00:33:36 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2013/01/22 00:33:36 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2013/01/22 00:33:35 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2013/01/22 00:33:35 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2013/01/22 00:33:35 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2013/01/22 00:33:35 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2013/01/22 00:33:35 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2013/01/22 00:33:35 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2013/01/22 00:33:35 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2013/01/22 00:33:35 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2013/01/22 00:33:35 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2013/01/22 00:33:35 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2013/01/22 00:33:35 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2013/01/22 00:33:35 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2013/01/22 00:33:35 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2013/01/22 00:33:35 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2013/01/22 00:33:35 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2013/01/22 00:33:35 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2013/01/22 00:33:35 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2013/01/22 00:33:35 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2013/01/22 00:33:34 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2013/01/22 00:33:34 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2013/01/22 00:33:34 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2013/01/22 00:33:34 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2013/01/22 00:33:34 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2013/01/22 00:33:34 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2013/01/22 00:33:34 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2013/01/22 00:33:34 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2013/01/22 00:33:34 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2013/01/22 00:33:34 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2013/01/22 00:33:34 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2013/01/22 00:33:34 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2013/01/22 00:33:34 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2013/01/22 00:33:34 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2013/01/22 00:33:34 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2013/01/22 00:33:34 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2013/01/22 00:33:34 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2013/01/22 00:33:34 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2013/01/22 00:33:34 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2013/01/22 00:33:34 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2013/01/22 00:33:34 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2013/01/22 00:33:34 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2013/01/22 00:33:34 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2013/01/22 00:33:34 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2013/01/22 00:33:34 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2013/01/22 00:33:34 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2013/01/22 00:33:34 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2013/01/22 00:33:34 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2013/01/22 00:33:34 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2013/01/22 00:33:34 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2013/01/22 00:33:34 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2013/01/22 00:33:34 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2013/01/22 00:33:34 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2013/01/22 00:33:34 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2013/01/22 00:33:34 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2013/01/22 00:33:33 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2013/01/22 00:33:33 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2013/01/22 00:33:33 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2013/01/22 00:33:33 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2013/01/22 00:33:33 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2013/01/22 00:33:33 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2013/01/22 00:33:33 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2013/01/22 00:33:33 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2013/01/22 00:33:33 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2013/01/22 00:33:33 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2013/01/22 00:33:33 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2013/01/22 00:33:33 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2013/01/22 00:33:33 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2013/01/22 00:33:33 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2013/01/22 00:33:33 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2013/01/22 00:33:33 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2013/01/22 00:29:57 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2013/01/22 00:29:57 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/01/22 00:29:57 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2013/01/22 00:29:57 | 000,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif
[2013/01/22 00:29:55 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013/01/22 00:29:55 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2013/01/22 00:29:50 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2013/01/22 00:29:41 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2013/01/22 00:29:39 | 001,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2013/01/22 00:29:39 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2013/01/22 00:29:38 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve
[2013/01/22 00:29:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm
[2013/01/22 00:29:37 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld
[2013/01/22 00:29:37 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu
[2013/01/22 00:29:37 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita
[2013/01/22 00:29:37 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra
[2013/01/22 00:29:37 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn
[2013/01/22 00:29:36 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu
[2013/01/22 00:29:36 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve
[2013/01/22 00:29:36 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld
[2013/01/22 00:29:36 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita
[2013/01/22 00:29:36 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra
[2013/01/22 00:29:36 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn
[2013/01/22 00:29:36 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu
[2013/01/22 00:29:36 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu
[2013/01/22 00:29:34 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom
[2013/01/22 00:29:34 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2013/01/22 00:29:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2013/01/22 00:29:26 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2013/01/22 00:29:25 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep
[2013/01/22 00:29:25 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep
[2013/01/22 00:29:22 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2013/01/22 00:29:21 | 000,046,133 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2013/01/22 00:29:11 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2013/01/22 00:29:10 | 000,033,464 | ---- | C] () -- C:\WINDOWS\System32\services.msc
[2013/01/22 00:29:08 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2013/01/22 00:29:08 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2013/01/22 00:29:07 | 000,003,167 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat
[2013/01/22 00:29:04 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2013/01/22 00:29:03 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs
[2013/01/22 00:29:03 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2013/01/22 00:29:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2013/01/22 00:28:56 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2013/01/22 00:28:56 | 000,058,273 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc
[2013/01/22 00:28:56 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2013/01/22 00:28:55 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep
[2013/01/22 00:28:52 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2013/01/22 00:28:52 | 000,006,788 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig
[2013/01/22 00:28:52 | 000,006,788 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.sig
[2013/01/22 00:28:52 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2013/01/22 00:28:52 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.dat
[2013/01/22 00:28:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2013/01/22 00:28:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.bin
[2013/01/22 00:28:46 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2013/01/22 00:28:43 | 000,032,968 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2013/01/22 00:28:43 | 000,026,209 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2013/01/22 00:28:42 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif
[2013/01/22 00:28:42 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2013/01/22 00:28:42 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2013/01/22 00:28:42 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2013/01/22 00:28:42 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2013/01/22 00:28:42 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2013/01/22 00:28:41 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2013/01/22 00:28:40 | 000,149,848 | ---- | C] () -- C:\WINDOWS\System32\noise.deu
[2013/01/22 00:28:40 | 000,049,196 | ---- | C] () -- C:\WINDOWS\System32\noise.fra
[2013/01/22 00:28:40 | 000,019,684 | ---- | C] () -- C:\WINDOWS\System32\noise.esn
[2013/01/22 00:28:40 | 000,019,618 | ---- | C] () -- C:\WINDOWS\System32\noise.ita
[2013/01/22 00:28:40 | 000,013,730 | ---- | C] () -- C:\WINDOWS\System32\noise.sve
[2013/01/22 00:28:40 | 000,013,256 | ---- | C] () -- C:\WINDOWS\System32\noise.nld
[2013/01/22 00:28:40 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2013/01/22 00:28:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2013/01/22 00:28:40 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.tha
[2013/01/22 00:28:39 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2013/01/22 00:28:36 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2013/01/22 00:28:27 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2013/01/22 00:28:24 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2013/01/22 00:28:24 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2013/01/22 00:28:24 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2013/01/22 00:28:23 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2013/01/22 00:28:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2013/01/22 00:28:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2013/01/22 00:28:16 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2013/01/22 00:28:15 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2013/01/22 00:28:14 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2013/01/22 00:28:14 | 000,042,166 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc
[2013/01/22 00:27:24 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2013/01/22 00:27:24 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2013/01/22 00:27:21 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2013/01/22 00:27:18 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2013/01/22 00:27:18 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2013/01/22 00:27:17 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2013/01/22 00:27:15 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro
[2013/01/22 00:27:13 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls
[2013/01/22 00:27:12 | 000,032,760 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc
[2013/01/22 00:27:11 | 000,152,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2013/01/22 00:27:11 | 000,135,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2013/01/22 00:27:10 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2013/01/22 00:27:10 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2013/01/22 00:27:09 | 000,056,678 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc
[2013/01/22 00:27:09 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2013/01/22 00:27:08 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi
[2013/01/22 00:27:08 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2013/01/22 00:27:08 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx
[2013/01/22 00:27:06 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2013/01/22 00:27:06 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2013/01/22 00:27:06 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2013/01/22 00:27:05 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd
[2013/01/22 00:26:27 | 000,033,673 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc
[2013/01/22 00:26:26 | 000,041,397 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc
[2013/01/22 00:26:26 | 000,033,079 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc
[2013/01/22 00:26:26 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2013/01/22 00:26:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2013/01/22 00:26:24 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2013/01/22 00:26:21 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2013/01/22 00:26:20 | 000,038,302 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc
[2013/01/22 00:26:15 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi
[2013/01/22 00:26:15 | 000,071,859 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm
[2013/01/22 00:26:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram
[2013/01/22 00:26:14 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2013/01/22 00:26:13 | 000,042,339 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc
[2013/01/22 00:26:13 | 000,041,762 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc
[2013/01/22 00:26:11 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom
[2013/01/22 00:26:11 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom
[2013/01/22 00:25:59 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2013/01/22 00:25:59 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2013/01/22 00:25:57 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2013/01/22 00:25:57 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx
[2013/01/22 00:25:57 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2013/01/22 00:25:57 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx
[2013/01/21 23:36:43 | 000,000,196 | RHS- | C] () -- C:\BOOT.BAK
[2013/01/21 23:36:35 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2013/01/21 23:36:28 | 000,001,865 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2013/01/21 23:34:43 | 000,004,168 | RHS- | C] () -- C:\WINDOWS\System32\drivers\HP_DM168A-ABA A320N_YC_Pavi_QMXK339_E34NAheBLU2_4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.13_T030813_WXH1_L409_M1472_J120_7AMD_8Athlon XP 2800+_92.08_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G10DE01F0.MRK
[2013/01/21 23:31:41 | 000,001,488 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Recovery.lnk
[2013/01/21 23:31:41 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealOne Player.lnk
[2013/01/21 23:31:41 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Help and Support.lnk
[2003/08/23 09:12:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/08/23 08:08:30 | 000,012,159 | ---- | C] () -- C:\Documents and Settings\Owner\ml1.srt
[2003/08/23 08:08:30 | 000,011,847 | ---- | C] () -- C:\Documents and Settings\Owner\ml2.srt

========== ZeroAccess Check ==========

[2003/08/23 08:16:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/31 06:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/22 01:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/01/22 00:57:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/01/28 14:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/01/22 01:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2013
[2003/08/28 22:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2013/01/23 18:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2003/08/23 22:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2013/01/22 01:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

#63
RKinner
Posted 28 January 2013 - 05:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The O10 is fixed.

For IE I think it's this line:

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.finance.com/

Close IE then go into regedit and navigate to the HKCU\SOFTWARE\Microsoft\Internet Explorer\Main then click on Main. In the right pane find Start Page and double click on it. Change it to something else like http://google.com OK and restart IE and see if that helps.
  • 0

#64
wharriss
Posted 28 January 2013 - 07:29 PM

wharriss

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I followed your instructions and it worked. IE6 seems to be working just fine.

After the registry edit it brought up Google search. I changed to my preferred home page and went to a couple other websites and all looked OK. I would like to upgrade to IE8 or IE7 because I read that IE 6 has a lot of security issues. Went to Microsoft download site, downloaded IE8 and tried to install, but again got that KB261844 Setup error "The version of Internet Explorer you have installed does not match the update you are trying to install.

I have been googling on how to upgrade from 6 to 7 or 8, but none of the advice I read worked. Can you help me with this? I don't often use IE, but I don't want an unsafe browser when I do have to use it.
  • 0

#65
RKinner
Posted 28 January 2013 - 08:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
See if this will work:


http://iefaq.info/at...3/ie8-rereg.zip

Save the file then right click on it and Extract All. Double click the file ie8-rereg.cmd.

This is from:


http://iefaq.info/in...=133&artlang=en

We are downloading one of the files in orange (ie8-rereg.zip) where it says:

attached files:
  • 0

#66
wharriss
Posted 28 January 2013 - 09:39 PM

wharriss

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
SHAZAM!!! Tech alumnus is amazing again. This procedure worked right away. Took the last hour to install IE8 and to get all it's updates and then all the windows updates it asked for. Don't know how you do it. My nephew is GA Tech graduate engineer working in Alaska for Oil business. Grandson is at NC State mechanical engineering, 3rd year, straight A's. Some got it, some don't. Engineers got it.
Do you know any retired Coke executives living on Orcas Island?

IE8 seems to be working really well and I believe you really need IE to do some things that do not support Firefox.

Many Thanks
  • 0

#67
RKinner
Posted 29 January 2013 - 12:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I'm a BEE from Ga Tech class of 1968. My youngest daughter went to NC State. Has degrees in Mass Communication and Chemistry but I'm not sure of the years. She works for Western Digital as a chemist. Uses an electron microscope to investigates why drives fail. (My son went to UNC Chapel Hill and oldest daughter to UNC Greensboro). He's a doctor and she's a CPA so I think I must have done something right. We used to live in Burlington NC where I worked for AT&T Technologies (once Western Electric). I haven't met anyone here who used to work at Coke. Not saying there isn't someone here. Just haven't met them. Pretty eclectic group so it's possible. I've met several retirees from the State Department. (One of them I swear was probably a CIA agent.) Robert Gates who used to be Secy of Defense has a summer place here. Richard Bach lives here. Gary Larson has a house and some land here. James Jannard—founder and major shareholder of Oakley Sunglasses lives here. (I think that's why we have both Fed Ex and UPS service here on the island. He keeps them busy.) We also know some retired forest rangers and a couple of retired teachers and a few still active organic farmers.

Since we have done all this work, let's see if we broke anything:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#68
wharriss
Posted 29 January 2013 - 08:53 AM

wharriss

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
My son in law, Joe Collins, is EE from NC State. Started his own business "Triangle Automation Group" in Winston Salem. Check out his website, You will enjoy it. His father is EE from SC. His name is Leston "Les"Collins. He lived in Burlington and worked for ATT from 1958-74, retiring as department chief.






Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/01/2013 9:40:27 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/01/2013 9:31:36 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The mrtRate service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/01/2013 9:43:09 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#69
RKinner
Posted 30 January 2013 - 12:31 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't think I knew Les Collins. I worked out of Winston-Salem from 68 to 73 and then went to Germany. Got moved to Burlington when I returned in 84.

We still have that Quicken driver trying to load. Go into regedit and navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrtRate then right click on mrtRate and Delete.

Otherwise it looks good. How is it running now?
  • 0

#70
wharriss
Posted 30 January 2013 - 06:31 AM

wharriss

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I followed directions and deleted mrtRate. Logs are posted below

I will be on the way to the airport for 2 weeks in Park City when you see this post.
I will check the forum and reply on Feb 15

The computer is running excellent. As fast and good as when it was new I think.
It has been a good learning experience working on this with you. I was lucky for you to take this topic. I would bet that I could have taken this machine to any computer repair here or in the Research Triangle and not found anybody who could or would have been able to clean it up like you did.



Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/01/2013 7:09:30 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/01/2013 6:53:55 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The mrtRate service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 29/01/2013 9:31:36 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The mrtRate service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/01/2013 11:10:48 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/01/2013 7:11:41 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements

#71
RKinner
Posted 30 January 2013 - 12:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Appears mrtRate is still with us. Get RegSeeker.
http://www.hoverdesk.net/freeware.htm
The download is where it says:
DOWNLOAD RegSeeker 1.55 (>20 languages included !)
It's a zip file so you have to save it then right click on it and Extract All then run regseeker.exe.

Select Find in Registry then have it look for mrtRate. You can then select all and then right click and Delete. It puts a copy of the stuff it deletes in the backups folder which it creates below the folder it is in. I think it uses the date and time plus mrtRate as the name.

RegSeeker also has a registry cleaner but I don't really trust registry cleaners so I'd rather you didn't use it.

Have a nice trip. We've been to Park City in the summer. Looked like it was laid out really nicely for skiing.
  • 0

#72
wharriss
Posted 15 February 2013 - 11:00 AM

wharriss

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hi Ron
Back from Park City last night. Great ski trip, no injuries.

I think RegSeeker is now version 2.1 for XP and the link is now http://www.hoverdesk.net/. Your link came up error 404, page not found.

I ran RegSeeker and deleted 9 instances of mrtRate in the registry.

I cleared all events in Event Viewer in both applications and system, rebooted, ran Event Viewer and posted logs below.

The thermal paste I ordered is at my local Walmart, ready for pickup. I have been monitoring the CPU temp and when I only have one browser open with light usage, temp averages about 42%. If CPU usage is high, I have seen temp up to 60%, but very seldom that high.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/02/2013 11:28:59 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/02/2013 11:30:42 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#73
RKinner
Posted 15 February 2013 - 11:22 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Thanks for the update on regseeker. It's not one I use very often. I will correct my canned text file to show the new version and link.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP