Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware Protect 2009 Virus


  • Please log in to reply

#1
sjmar

sjmar

    New Member

  • Member
  • Pip
  • 1 posts
A few days ago my computer became infected with the "Spyware Protect 2009" virus. I ran Malwarebytes and Avira several times, and was able to remove a number of infections, but my computer still seems to be running significantly slower than usual. I've posted my most recent MBAM, Rooter, and OTLI logs below; could you please help me diagnose the source of the problem? Thank you very much for your time and help.

MBAM log:

Malwarebytes' Anti-Malware 1.36
Database version: 2060
Windows 5.1.2600 Service Pack 3

4/29/2009 5:45:21 PM
mbam-log-2009-04-29 (17-45-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 164148
Time elapsed: 1 hour(s), 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Rooter Log:

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:57223 Mo/Free:565 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Wed 04/29/2009|18:25

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Avira\AntiVir Desktop\sched.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\WINDOWS\system32\HPConfig.exe
---------- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\WINDOWS\system32\PSIService.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\carpserv.exe
---------- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
---------- C:\Program Files\QuickTime\QTTask.exe
---------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
---------- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
---------- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
---------- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
---------- C:\Program Files\Logitech\QuickCam\Quickcam.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\Skype\Phone\Skype.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
---------- C:\Program Files\Skype\Plugin Manager\skypePM.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Wed 04/29/2009|18:26

----------------------\\ Scan completed at 18:26


OTLI Log:

OTListIt logfile created on: 4/29/2009 6:28:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Bob.BOBPC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 133.04 Mb Available Physical Memory | 29.76% Memory free
1.03 Gb Paging File | 0.72 Gb Available in Paging File | 69.35% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 40.55 Gb Free Space | 72.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOBPC
Current User Name: Bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
PRC - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\carpserv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE ()
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Bob.BOBPC\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HPConfig [Auto | Running]) -- C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
SRV - (HPWirelessMgr [Auto | Running]) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ProtexisLicensing [Auto | Running]) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ALiIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\aliirda.sys (Acer Laboratories Inc.)
DRV - (allegro [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (atimpab [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atimpab.sys (ATI Technologies Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (caboagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (CALIAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\caliaud.sys (Conexant Systems Inc.)
DRV - (CALIHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\calihal.sys (Conexant Systems Inc.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (DKbFltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (DP83815 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DP83815.SYS (National Semiconductor Corp.)
DRV - (DSSUSB1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DSSUSB1.sys (OLYMPUS OPTICAL CO.,LTD.)
DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (dwusbdnt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dwusbdnt.sys (Digit@lway Co., Ltd.)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (HPCI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\hpci.sys (Hewlett-Packard)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWALI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (StreamDispatcher [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\strmdisp.sys (Conexant Systems, Inc.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {BE2100B3-1D80-48eb-ACCF-D26750644378}:0.4.21
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/29 18:29:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/29 18:28:49 | 00,000,000 | ---D | M]

[2009/01/28 19:38:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob.BOBPC\Application Data\mozilla\Extensions
[2009/01/28 19:38:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob.BOBPC\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/11 23:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob.BOBPC\Application Data\mozilla\Firefox\Profiles\74pf7gx3.default\extensions
[2009/02/26 20:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob.BOBPC\Application Data\mozilla\Firefox\Profiles\74pf7gx3.default\extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
[2009/01/28 19:37:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 22:58:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/28 22:58:10 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 22:58:10 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 04:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 04:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 04:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 04:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 04:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 04:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 04:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AutoTBar] C:\hp\bin\autotbar.exe File not found
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CARPService] carpserv.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s (Hewlett-Packard)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE ()
O4 - HKLM..\Run: [MMTray] File not found
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d ()
O4 - HKLM..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK ()
O4 - HKLM..\Run: [wersds.exe] C:\WINDOWS\System32\doriot.exe File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.clerk.org/activex/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...ector/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral....bs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com...kup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {5881537F-6EC4-11D4-A18C-00A0C9AF5124} http://www.clerk.org...ex/ImagePad.cab (ImagePad.ctlImagePad)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1173314916330 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://74.255.250.69/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalci...6.1.7_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{D26D8970-0864-4775-BDA7-12928FA34E33}\\NameServer = 205.152.144.23,205.152.132.23
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{015f0ae0-5875-11db-bebf-00038a000015}\Shell\AutoRun\command - "" = E:\CDStart.Exe -- File not found
O33 - MountPoints2\{015f0ae0-5875-11db-bebf-00038a000015}\Shell\Install\Command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/04/29 18:27:29 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\BOB~1.BOB\Desktop\OTListIt2.exe
[2009/04/29 18:25:55 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/29 18:25:37 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\BOB~1.BOB\Desktop\Rooter.exe
[2009/04/29 16:51:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/29 16:50:17 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\BOB~1.BOB\Desktop\NTREGOPT.lnk
[2009/04/29 16:50:17 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\BOB~1.BOB\Desktop\ERUNT.lnk
[2009/04/29 16:50:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/29 16:48:54 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\BOB~1.BOB\Desktop\erunt_setup.exe
[2009/04/29 16:41:24 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\BOB~1.BOB\Desktop\SysRestorePoint.exe
[2009/04/25 23:58:53 | 00,001,707 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Avira AntiVir Control Center.lnk
[2009/04/25 23:57:50 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/04/25 23:57:50 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/04/25 23:57:50 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/04/25 23:57:50 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/04/25 23:57:49 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/04/25 23:57:33 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/04/25 23:57:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/04/25 19:08:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/04/25 19:08:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob.BOBPC\Local Settings\Application Data\Downloaded Installations
[2009/04/25 18:27:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Uninstall
[2009/04/25 18:27:12 | 00,000,000 | ---D | C] -- C:\Program Files\PAV
[2009/04/24 16:02:40 | 00,000,000 | ---D | C] -- C:\DOCUME~1\BOB~1.BOB\My Documents\PROPERTY TAX MATTER
[2009/04/18 17:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/04/15 23:02:43 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 23:02:43 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 23:02:43 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 23:02:42 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 23:02:42 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 23:02:42 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 23:02:41 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 23:02:41 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 23:02:40 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 23:00:46 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 23:00:37 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/06 12:40:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob.BOBPC\Application Data\Malwarebytes
[2009/04/06 12:38:16 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/06 12:38:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 12:38:13 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 12:38:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/06 12:38:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/17 18:00:06 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/20 13:23:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/10/20 20:33:35 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/10/20 20:33:35 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\6250D3F986.sys
[2008/07/26 09:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/10/13 16:42:26 | 00,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007/08/28 22:52:11 | 00,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/11/14 12:20:04 | 00,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/06/01 16:12:44 | 00,000,050 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/06/01 16:12:44 | 00,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/04/19 09:36:28 | 00,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/04/06 14:51:05 | 00,000,027 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2004/04/05 15:43:56 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/04/05 15:14:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2004/01/22 12:00:28 | 00,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2004/01/07 23:20:48 | 00,000,060 | ---- | C] () -- C:\WINDOWS\msmail32.ini
[2004/01/07 21:24:45 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/07 21:17:30 | 00,000,090 | ---- | C] () -- C:\WINDOWS\msmail.ini
[2004/01/07 12:59:06 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/07 11:55:06 | 00,000,260 | ---- | C] () -- C:\WINDOWS\DTO2KXSV.INI
[2004/01/07 11:54:44 | 00,018,781 | ---- | C] () -- C:\WINDOWS\dt2krm32.ini
[2003/03/27 15:28:44 | 00,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/02 03:14:08 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/01/02 03:10:02 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/02 03:09:36 | 00,000,053 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/09/09 11:15:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/09 10:49:46 | 00,001,234 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/09 03:34:18 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2000/02/03 14:16:34 | 00,307,200 | ---- | C] () -- C:\WINDOWS\System32\I3TIF32.DLL
[2000/02/03 14:16:04 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\I3SPEC32.DLL
[2000/02/03 14:15:22 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\CRDE96V3.DLL
[2000/01/27 20:15:22 | 00,919,552 | ---- | C] () -- C:\WINDOWS\System32\ILFILT32.DLL
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/30 19:15:58 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\I3DXF32.DLL
[1998/08/16 10:52:28 | 00,000,002 | ---- | C] () -- C:\WINDOWS\dtsync.ini
[1998/04/27 11:05:58 | 00,013,538 | ---- | C] () -- C:\WINDOWS\daytimer.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/29 18:27:30 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\BOB~1.BOB\Desktop\OTListIt2.exe
[2009/04/29 18:25:38 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\BOB~1.BOB\Desktop\Rooter.exe
[2009/04/29 17:58:08 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/29 17:57:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/29 17:56:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/29 17:56:41 | 46,876,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/29 17:53:48 | 04,837,832 | -H-- | M] () -- C:\Documents and Settings\Bob.BOBPC\Local Settings\Application Data\IconCache.db
[2009/04/29 16:50:17 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\BOB~1.BOB\Desktop\NTREGOPT.lnk
[2009/04/29 16:50:17 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\BOB~1.BOB\Desktop\ERUNT.lnk
[2009/04/29 16:48:54 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\BOB~1.BOB\Desktop\erunt_setup.exe
[2009/04/29 16:41:27 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\BOB~1.BOB\Desktop\SysRestorePoint.exe
[2009/04/29 15:33:43 | 00,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2009/04/29 15:33:13 | 00,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2009/04/29 14:01:30 | 00,002,473 | ---- | M] () -- C:\DOCUME~1\BOB~1.BOB\Desktop\Microsoft Word (2).lnk
[2009/04/27 08:57:03 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/04/27 08:57:02 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/04/25 23:58:54 | 00,001,707 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Avira AntiVir Control Center.lnk
[2009/04/23 11:04:02 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\Bob.BOBPC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 11:25:15 | 00,002,257 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Skype.lnk
[2009/04/18 20:47:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/16 20:41:42 | 00,445,886 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 20:41:42 | 00,385,256 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 20:41:42 | 00,054,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 03:11:55 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 12:38:16 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/30 21:55:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/03/30 21:55:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP