Windows Update not working and Search Engine hijacked [Solved]
Started by
Babine
, Apr 04 2010 05:55 PM
This topic is locked
#76
Posted 13 April 2010 - 09:23 PM
Babine
- Topic Starter
-
- Member
-
- 58 posts
Member
#77
Posted 13 April 2010 - 09:34 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
I am curious... what has changed?
#78
Posted 13 April 2010 - 10:06 PM
Babine
- Topic Starter
-
- Member
-
- 58 posts
Member
I'm not too sure...it's not really a big deal. It's just the fact that it's there. Like I can close it just fine and everything, but it's just there.
#79
Posted 13 April 2010 - 10:24 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hmm... have you tried the actions mentioned in my post?
#80
Posted 13 April 2010 - 10:31 PM
Babine
- Topic Starter
-
- Member
-
- 58 posts
Member
I tried changing my homepage, but no luck. Ill try option number 2 now.
#81
Posted 13 April 2010 - 10:37 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Okie dokie 
#82
Posted 13 April 2010 - 11:00 PM
Babine
- Topic Starter
-
- Member
-
- 58 posts
Member
So far so good with the no script.
#84
Posted 14 April 2010 - 12:00 AM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Further to my last post.
Please run the script below. After that, disable No Scripts and see if you are still getting the pop ups.
Now
Please run OTL.exe
Please run the script below. After that, disable No Scripts and see if you are still getting the pop ups.
Now
Please run OTL.exe
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL FF - prefs.js..extensions.enabledItems: {d8c77b75-d01d-cd98-1b00-c1fb57b20e1e}:4.6.6.6 [2010/04/06 15:38:47 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{d8c77b75-d01d-cd98-1b00-c1fb57b20e1e} - Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- It will produce a log for you on reboot, please post that log in your next reply.
- Close all windows and open OTL again.
- Click Run Scan and let the program run uninterrupted
- It will produce a log for you. Post the log here.
- OTL fix log
- OTL scan log - OTL.txt
- tell me if there has been any change
#85
Posted 14 April 2010 - 12:16 AM
Babine
- Topic Starter
-
- Member
-
- 58 posts
Member
As like yesterday, I will post the following log tomorrow.
Thanks:)
Thanks:)
#86
Posted 14 April 2010 - 12:59 AM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Okie dokie
#87
Posted 14 April 2010 - 10:45 PM
Babine
- Topic Starter
-
- Member
-
- 58 posts
Member
Hello Emeraldnzl,
So I've been on Firefox for a good chunk of time, and it appears the ad appears even when No Script is on...
So I've been on Firefox for a good chunk of time, and it appears the ad appears even when No Script is on...
#88
Posted 14 April 2010 - 10:53 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hi Babine,
Did you run that script at post number 84?
Did you run that script at post number 84?
#89
Posted 15 April 2010 - 08:20 PM
Babine
- Topic Starter
-
- Member
-
- 58 posts
Member
========== OTL ==========
Prefs.js: {d8c77b75-d01d-cd98-1b00-c1fb57b20e1e}:4.6.6.6 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{d8c77b75-d01d-cd98-1b00-c1fb57b20e1e}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{d8c77b75-d01d-cd98-1b00-c1fb57b20e1e}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{d8c77b75-d01d-cd98-1b00-c1fb57b20e1e} folder moved successfully.
OTL by OldTimer - Version 3.2.1.0 log created on 04152010_191939
Prefs.js: {d8c77b75-d01d-cd98-1b00-c1fb57b20e1e}:4.6.6.6 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{d8c77b75-d01d-cd98-1b00-c1fb57b20e1e}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{d8c77b75-d01d-cd98-1b00-c1fb57b20e1e}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{d8c77b75-d01d-cd98-1b00-c1fb57b20e1e} folder moved successfully.
OTL by OldTimer - Version 3.2.1.0 log created on 04152010_191939
#90
Posted 15 April 2010 - 08:33 PM
Babine
- Topic Starter
-
- Member
-
- 58 posts
Member
OTL logfile created on: 4/15/2010 7:21:12 PM - Run 8
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Henry\Desktop\New Folder (3)
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 271.76 Gb Free Space | 91.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HENRYLAU
Current User Name: Henry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/04/07 16:19:35 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henry\Desktop\New Folder (3)\OTL.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/09 03:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/26 21:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- C:\Documents and Settings\Henry\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/04/07 16:19:35 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henry\Desktop\New Folder (3)\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2009/03/06 05:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 16:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 12:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008/04/14 05:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2007/08/23 00:18:08 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stop_Pending] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
========== Driver Services (SafeList) ==========
DRV - [2010/04/01 22:59:39 | 000,050,376 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/03/09 03:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 03:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 03:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 03:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 03:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 03:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/03/25 08:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 08:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 08:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 08:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 08:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 08:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 08:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/02/03 05:12:19 | 000,014,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/14 02:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 07:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/08/23 20:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2001/08/17 14:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.eset.com/online-scanner#
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.sympatico.ca/"
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 14:13:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 14:13:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009/10/11 20:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Extensions
[2009/10/11 20:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Extensions\[email protected]
[2010/04/14 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions
[2009/09/02 07:44:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/13 21:33:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/03 19:44:27 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/04/13 17:23:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/03 19:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\[email protected]
[2010/04/03 19:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\SkipScreen@SkipScreen
[2009/11/12 18:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Sunbird\Profiles\srg3s7iq.default\extensions
[2010/04/15 19:19:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/04/12 20:00:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [WeatherEye] C:\Documents and Settings\Henry\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.90 64.59.144.91
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 04:50:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/04/13 22:16:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/13 07:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\ApplicationHistory
[2010/04/12 19:58:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/12 19:47:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/12 19:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/12 00:05:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Henry\IETldCache
[2010/04/11 23:50:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/11 23:49:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/11 23:47:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/11 23:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/11 23:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\Identities
[2010/04/11 23:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Application Data\Windows Desktop Search
[2010/04/11 23:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/04/11 23:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/11 23:44:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/04/11 23:44:40 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/04/11 23:44:40 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/04/11 23:44:40 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/11 23:44:40 | 001,241,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/04/11 23:44:40 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/11 23:44:40 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/04/11 23:44:40 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/04/11 23:44:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/11 23:44:40 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/04/11 23:44:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/11 23:43:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/04/11 23:43:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/04/11 23:43:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/04/11 23:41:41 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/04/11 23:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/11 23:40:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/04/11 21:28:38 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\rdpcdd.sys
[2010/04/11 19:56:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/11 11:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\gmer
[2010/04/11 00:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\FileLister
[2010/04/10 16:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\frkbpvnxn
[2010/04/10 09:29:39 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/10 09:28:25 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Henry\Desktop\OTM.exe
[2010/04/08 19:10:20 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010/04/08 19:10:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/08 19:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\GooredFix Backups
[2010/04/08 18:59:54 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Henry\Desktop\GooredFix.exe
[2010/04/07 16:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\New Folder (3)
[2010/04/05 11:15:46 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tsk27.svs
[2010/04/04 17:53:50 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Henry\Desktop\TDSSKiller.exe
[2010/04/04 11:10:59 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/04 11:10:58 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/04 11:10:57 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/04 11:10:56 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/04 11:10:55 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/04 11:10:55 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/04 11:10:54 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/04 11:10:46 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/04 11:10:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/04 11:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/04 11:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/04 11:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/03 23:31:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/04/03 23:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\My Documents\ForceField Shared Files
[2010/04/03 23:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Application Data\CheckPoint
[2010/04/03 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/04/03 23:00:49 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/04/03 23:00:48 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/04/03 23:00:48 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/04/03 23:00:44 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/04/03 23:00:44 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/04/03 23:00:44 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/04/03 23:00:44 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/04/03 23:00:44 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/04/03 23:00:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/04/03 23:00:43 | 000,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/04/03 23:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/04/03 23:00:16 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/04/03 23:00:16 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/04/03 23:00:16 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/04/03 23:00:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/04/03 22:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\Anti-Virus
[2010/04/03 22:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\My Documents\Simply Super Software
[2010/04/03 22:55:46 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/04/03 22:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\Graboid_Inc
[2010/04/03 22:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Application Data\MozillaControl
[2010/04/03 22:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\Graboid
[2010/04/03 22:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/04/03 21:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2010/04/03 20:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/04/03 17:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/04/03 17:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/02 18:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\iklphushm
[2010/04/02 15:21:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/02 15:17:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/02 15:17:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/02 15:17:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/02 15:17:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/02 15:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/02 15:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/02 15:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/02 15:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/04/02 15:06:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/02 15:06:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/02 15:06:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/02 15:06:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/02 15:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\qsexfthui
[2010/04/02 14:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/02 13:36:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/02 13:36:38 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/02 13:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/01 23:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\ESET
[2010/04/01 22:59:39 | 000,050,376 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/01 22:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/04/01 21:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/04/01 21:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/04/01 20:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/01 18:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/01 18:47:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/01 18:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\Soft Product
[2010/03/31 21:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/31 20:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/31 19:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/31 18:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/30 17:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/30 17:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 17:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 17:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/30 17:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/18 17:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\New Folder (2)
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/08/28 14:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[1 C:\Documents and Settings\Henry\My Documents\*.tmp files -> C:\Documents and Settings\Henry\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/04/15 19:22:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/15 17:45:18 | 002,977,433 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\Documentations.pptx
[2010/04/15 07:58:48 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Henry\ntuser.dat
[2010/04/15 07:15:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 07:15:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/15 00:12:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Henry\ntuser.ini
[2010/04/14 18:14:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 09:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 09:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/13 18:32:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/13 18:15:52 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/13 18:15:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/13 18:15:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/12 20:00:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/12 19:45:41 | 003,913,740 | R--- | M] () -- C:\Documents and Settings\Henry\Desktop\ComboFix.exe
[2010/04/12 18:00:55 | 000,612,474 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/12 18:00:55 | 000,513,742 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/12 18:00:55 | 000,097,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/12 00:32:19 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\Windows Media Player.lnk
[2010/04/12 00:32:11 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/11 23:45:38 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/04/11 23:41:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/11 23:41:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/11 22:58:29 | 014,727,212 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\Solar Power.pptx
[2010/04/11 22:57:41 | 037,482,496 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\Solar Power 97 - 03.ppt
[2010/04/11 21:27:45 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\fix.bat
[2010/04/11 20:51:43 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C6V4.doc
[2010/04/11 19:05:56 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcdd.sys
[2010/04/11 19:05:56 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\rdpcdd.sys
[2010/04/11 11:02:25 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\gmer.zip
[2010/04/11 00:37:23 | 000,020,359 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\FileLister.zip
[2010/04/10 09:28:23 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henry\Desktop\OTM.exe
[2010/04/09 14:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/08 19:17:22 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\SystemLook.exe
[2010/04/08 18:59:52 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Henry\Desktop\GooredFix.exe
[2010/04/06 23:57:12 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\Eco Journal.doc
[2010/04/06 23:16:32 | 000,140,343 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\Hot stuff.JPG
[2010/04/06 19:43:17 | 000,012,937 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C6V3.docx
[2010/04/06 15:39:35 | 000,489,296 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\HelpAsst_mebroot_fix.exe
[2010/04/05 23:51:44 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\Physics Lab.doc
[2010/04/05 20:53:03 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\French Project.doc
[2010/04/05 18:23:36 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\The Book of Negroes.doc
[2010/04/05 16:26:41 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C6V2.doc
[2010/04/05 11:15:46 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tsk27.svs
[2010/04/04 23:06:13 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C6V1.doc
[2010/04/04 22:01:17 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\11th Hour Movie CritiqueHenry Lau.doc
[2010/04/04 20:49:05 | 000,013,676 | -HS- | M] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\VHx0W
[2010/04/04 20:49:05 | 000,013,676 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\VHx0W
[2010/04/04 19:58:05 | 000,056,916 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/03 23:02:21 | 004,839,310 | -H-- | M] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\IconCache.db
[2010/04/03 23:01:25 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/03 23:00:49 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/03 22:01:29 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/02 16:40:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 15:06:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/02 15:06:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/02 15:06:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/02 15:06:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/02 15:06:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/02 13:12:29 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/02 12:54:11 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rundll32.exe
[2010/04/02 11:27:09 | 000,015,344 | -HS- | M] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\LK2mfPE2j
[2010/04/02 11:27:09 | 000,015,344 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/04/01 22:59:39 | 000,050,376 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/03/31 23:07:29 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\Chapter 5 QuestionsHenry Lau.doc
[2010/03/30 17:37:54 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/29 16:53:01 | 007,494,865 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\ApprenticeWorkbook.pdf
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 15:31:51 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\Geometry workbook answers.doc
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Henry\Desktop\TDSSKiller.exe
[2010/03/21 22:50:37 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\A Green Paradise.doc
[2010/03/21 21:25:09 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\March 21.doc
[2010/03/21 20:19:14 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C5V4.doc
[2010/03/20 23:14:43 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C5V3.doc
[2010/03/20 20:33:35 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C5V2.doc
[2010/03/18 22:31:21 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C5V1.doc
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/17 20:29:38 | 002,057,216 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\CNapprenticeship.doc
[1 C:\Documents and Settings\Henry\My Documents\*.tmp files -> C:\Documents and Settings\Henry\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/04/15 17:45:17 | 002,977,433 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\Documentations.pptx
[2010/04/11 23:45:38 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/04/11 23:41:30 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\Windows Media Player.lnk
[2010/04/11 22:58:28 | 014,727,212 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\Solar Power.pptx
[2010/04/11 22:06:31 | 037,482,496 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\Solar Power 97 - 03.ppt
[2010/04/11 21:27:45 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\fix.bat
[2010/04/11 19:54:26 | 003,913,740 | R--- | C] () -- C:\Documents and Settings\Henry\Desktop\ComboFix.exe
[2010/04/11 11:02:25 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\gmer.zip
[2010/04/11 00:37:26 | 000,020,359 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\FileLister.zip
[2010/04/11 00:23:15 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C6V4.doc
[2010/04/08 19:17:24 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\SystemLook.exe
[2010/04/06 23:57:12 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\Eco Journal.doc
[2010/04/06 19:14:59 | 000,012,937 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C6V3.docx
[2010/04/06 18:32:44 | 000,140,343 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\Hot stuff.JPG
[2010/04/05 23:51:44 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\Physics Lab.doc
[2010/04/05 20:53:03 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\French Project.doc
[2010/04/05 11:42:42 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C6V2.doc
[2010/04/04 22:10:24 | 000,489,296 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\HelpAsst_mebroot_fix.exe
[2010/04/04 22:09:07 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C6V1.doc
[2010/04/04 20:47:10 | 000,013,676 | -HS- | C] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\VHx0W
[2010/04/04 20:47:10 | 000,013,676 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VHx0W
[2010/04/03 23:00:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/03 23:00:43 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/03 22:55:46 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/04/03 22:55:46 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/04/03 22:01:29 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/02 22:37:00 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\11th Hour Movie CritiqueHenry Lau.doc
[2010/04/02 16:40:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 15:21:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/02 15:21:16 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/02 15:17:05 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/02 15:17:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/02 15:17:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/02 15:17:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/02 11:23:46 | 000,015,344 | -HS- | C] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\LK2mfPE2j
[2010/04/02 11:23:46 | 000,015,344 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/03/31 21:03:41 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\Chapter 5 QuestionsHenry Lau.doc
[2010/03/30 17:40:31 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 17:37:54 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/29 16:53:01 | 007,494,865 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\ApprenticeWorkbook.pdf
[2010/03/28 18:18:59 | 003,482,145 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\New Radicals - Someday We'll Know.mp3
[2010/03/28 15:31:50 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\Geometry workbook answers.doc
[2010/03/21 22:50:37 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\A Green Paradise.doc
[2010/03/21 21:25:08 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\March 21.doc
[2010/03/21 20:17:13 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C5V4.doc
[2010/03/20 23:14:43 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C5V3.doc
[2010/03/20 16:36:49 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C5V2.doc
[2010/03/18 22:31:20 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C5V1.doc
[2010/03/17 20:29:37 | 002,057,216 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\CNapprenticeship.doc
[2010/02/21 22:53:25 | 000,000,327 | ---- | C] () -- C:\Documents and Settings\Henry\mbr.log
[2010/02/21 22:10:25 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/01 14:12:31 | 000,012,686 | -HS- | C] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\u1ly73
[2009/12/15 17:13:21 | 000,012,098 | ---- | C] () -- C:\Documents and Settings\Henry\hs_err_pid3928.log
[2009/12/11 02:37:56 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\crash_report.dll
[2009/09/22 10:57:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/22 22:33:01 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\Henry\ntuser.dat
[2009/08/22 20:45:40 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\FASTWiz.log
[2009/08/22 18:49:27 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/21 21:13:00 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Henry\ntuser.dat.LOG
[2009/08/21 21:13:00 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Henry\ntuser.ini
[2009/08/21 21:12:49 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/08/21 21:12:49 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2009/08/19 18:23:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/03 05:13:31 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009/02/03 05:09:03 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/01/21 11:53:37 | 000,001,466 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Henry\Desktop\New Folder (3)
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 271.76 Gb Free Space | 91.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HENRYLAU
Current User Name: Henry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/04/07 16:19:35 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henry\Desktop\New Folder (3)\OTL.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/09 03:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/26 21:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- C:\Documents and Settings\Henry\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/04/07 16:19:35 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henry\Desktop\New Folder (3)\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2009/03/06 05:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 16:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 12:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008/04/14 05:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2007/08/23 00:18:08 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stop_Pending] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
========== Driver Services (SafeList) ==========
DRV - [2010/04/01 22:59:39 | 000,050,376 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/03/09 03:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 03:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 03:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 03:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 03:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 03:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/03/25 08:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 08:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 08:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 08:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 08:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 08:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 08:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/02/03 05:12:19 | 000,014,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/14 02:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 07:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/08/23 20:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2001/08/17 14:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.eset.com/online-scanner#
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.sympatico.ca/"
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 14:13:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 14:13:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009/10/11 20:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Extensions
[2009/10/11 20:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Extensions\[email protected]
[2010/04/14 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions
[2009/09/02 07:44:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/13 21:33:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/03 19:44:27 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/04/13 17:23:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/03 19:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\[email protected]
[2010/04/03 19:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Firefox\Profiles\4ovd82lm.default\extensions\SkipScreen@SkipScreen
[2009/11/12 18:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla\Sunbird\Profiles\srg3s7iq.default\extensions
[2010/04/15 19:19:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/04/12 20:00:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [WeatherEye] C:\Documents and Settings\Henry\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.90 64.59.144.91
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 04:50:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/04/13 22:16:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/13 07:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\ApplicationHistory
[2010/04/12 19:58:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/12 19:47:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/12 19:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/12 00:05:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Henry\IETldCache
[2010/04/11 23:50:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/11 23:49:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/11 23:47:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/11 23:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/11 23:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\Identities
[2010/04/11 23:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Application Data\Windows Desktop Search
[2010/04/11 23:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/04/11 23:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/11 23:44:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/04/11 23:44:40 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/04/11 23:44:40 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/04/11 23:44:40 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/11 23:44:40 | 001,241,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/04/11 23:44:40 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/11 23:44:40 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/04/11 23:44:40 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/04/11 23:44:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/11 23:44:40 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/04/11 23:44:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/11 23:43:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/04/11 23:43:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/04/11 23:43:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/04/11 23:41:41 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/04/11 23:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/11 23:40:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/04/11 21:28:38 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\rdpcdd.sys
[2010/04/11 19:56:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/11 11:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\gmer
[2010/04/11 00:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\FileLister
[2010/04/10 16:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\frkbpvnxn
[2010/04/10 09:29:39 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/10 09:28:25 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Henry\Desktop\OTM.exe
[2010/04/08 19:10:20 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010/04/08 19:10:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/08 19:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\GooredFix Backups
[2010/04/08 18:59:54 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Henry\Desktop\GooredFix.exe
[2010/04/07 16:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\New Folder (3)
[2010/04/05 11:15:46 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tsk27.svs
[2010/04/04 17:53:50 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Henry\Desktop\TDSSKiller.exe
[2010/04/04 11:10:59 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/04 11:10:58 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/04 11:10:57 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/04 11:10:56 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/04 11:10:55 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/04 11:10:55 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/04 11:10:54 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/04 11:10:46 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/04 11:10:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/04 11:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/04 11:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/04 11:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/03 23:31:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/04/03 23:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\My Documents\ForceField Shared Files
[2010/04/03 23:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Application Data\CheckPoint
[2010/04/03 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/04/03 23:00:49 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/04/03 23:00:48 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/04/03 23:00:48 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/04/03 23:00:44 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/04/03 23:00:44 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/04/03 23:00:44 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/04/03 23:00:44 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/04/03 23:00:44 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/04/03 23:00:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/04/03 23:00:43 | 000,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/04/03 23:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/04/03 23:00:16 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/04/03 23:00:16 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/04/03 23:00:16 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/04/03 23:00:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/04/03 22:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\Anti-Virus
[2010/04/03 22:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\My Documents\Simply Super Software
[2010/04/03 22:55:46 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/04/03 22:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\Graboid_Inc
[2010/04/03 22:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Application Data\MozillaControl
[2010/04/03 22:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\Graboid
[2010/04/03 22:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/04/03 21:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2010/04/03 20:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/04/03 17:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/04/03 17:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/02 18:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\iklphushm
[2010/04/02 15:21:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/02 15:17:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/02 15:17:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/02 15:17:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/02 15:17:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/02 15:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/02 15:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/02 15:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/02 15:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/04/02 15:06:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/02 15:06:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/02 15:06:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/02 15:06:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/02 15:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\qsexfthui
[2010/04/02 14:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/02 13:36:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/02 13:36:38 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/02 13:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/01 23:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\ESET
[2010/04/01 22:59:39 | 000,050,376 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/01 22:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/04/01 21:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/04/01 21:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/04/01 20:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/01 18:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/01 18:47:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/01 18:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\Soft Product
[2010/03/31 21:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/31 20:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/31 19:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/31 18:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/30 17:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/30 17:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 17:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 17:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/30 17:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/18 17:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henry\Desktop\New Folder (2)
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/08/28 14:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[1 C:\Documents and Settings\Henry\My Documents\*.tmp files -> C:\Documents and Settings\Henry\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/04/15 19:22:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/15 17:45:18 | 002,977,433 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\Documentations.pptx
[2010/04/15 07:58:48 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Henry\ntuser.dat
[2010/04/15 07:15:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 07:15:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/15 00:12:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Henry\ntuser.ini
[2010/04/14 18:14:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 09:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 09:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/13 18:32:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/13 18:15:52 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/13 18:15:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/13 18:15:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/12 20:00:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/12 19:45:41 | 003,913,740 | R--- | M] () -- C:\Documents and Settings\Henry\Desktop\ComboFix.exe
[2010/04/12 18:00:55 | 000,612,474 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/12 18:00:55 | 000,513,742 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/12 18:00:55 | 000,097,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/12 00:32:19 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\Windows Media Player.lnk
[2010/04/12 00:32:11 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/11 23:45:38 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/04/11 23:41:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/11 23:41:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/11 22:58:29 | 014,727,212 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\Solar Power.pptx
[2010/04/11 22:57:41 | 037,482,496 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\Solar Power 97 - 03.ppt
[2010/04/11 21:27:45 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\fix.bat
[2010/04/11 20:51:43 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C6V4.doc
[2010/04/11 19:05:56 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcdd.sys
[2010/04/11 19:05:56 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\rdpcdd.sys
[2010/04/11 11:02:25 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\gmer.zip
[2010/04/11 00:37:23 | 000,020,359 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\FileLister.zip
[2010/04/10 09:28:23 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henry\Desktop\OTM.exe
[2010/04/09 14:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/08 19:17:22 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\SystemLook.exe
[2010/04/08 18:59:52 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Henry\Desktop\GooredFix.exe
[2010/04/06 23:57:12 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\Eco Journal.doc
[2010/04/06 23:16:32 | 000,140,343 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\Hot stuff.JPG
[2010/04/06 19:43:17 | 000,012,937 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C6V3.docx
[2010/04/06 15:39:35 | 000,489,296 | ---- | M] () -- C:\Documents and Settings\Henry\Desktop\HelpAsst_mebroot_fix.exe
[2010/04/05 23:51:44 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\Physics Lab.doc
[2010/04/05 20:53:03 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\French Project.doc
[2010/04/05 18:23:36 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\The Book of Negroes.doc
[2010/04/05 16:26:41 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C6V2.doc
[2010/04/05 11:15:46 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tsk27.svs
[2010/04/04 23:06:13 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C6V1.doc
[2010/04/04 22:01:17 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\11th Hour Movie CritiqueHenry Lau.doc
[2010/04/04 20:49:05 | 000,013,676 | -HS- | M] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\VHx0W
[2010/04/04 20:49:05 | 000,013,676 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\VHx0W
[2010/04/04 19:58:05 | 000,056,916 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/03 23:02:21 | 004,839,310 | -H-- | M] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\IconCache.db
[2010/04/03 23:01:25 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/03 23:00:49 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/03 22:01:29 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/02 16:40:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 15:06:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/02 15:06:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/02 15:06:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/02 15:06:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/02 15:06:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/02 13:12:29 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/02 12:54:11 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rundll32.exe
[2010/04/02 11:27:09 | 000,015,344 | -HS- | M] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\LK2mfPE2j
[2010/04/02 11:27:09 | 000,015,344 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/04/01 22:59:39 | 000,050,376 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/03/31 23:07:29 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\Chapter 5 QuestionsHenry Lau.doc
[2010/03/30 17:37:54 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/29 16:53:01 | 007,494,865 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\ApprenticeWorkbook.pdf
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 15:31:51 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\Geometry workbook answers.doc
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Henry\Desktop\TDSSKiller.exe
[2010/03/21 22:50:37 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\A Green Paradise.doc
[2010/03/21 21:25:09 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\March 21.doc
[2010/03/21 20:19:14 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C5V4.doc
[2010/03/20 23:14:43 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C5V3.doc
[2010/03/20 20:33:35 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C5V2.doc
[2010/03/18 22:31:21 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\C5V1.doc
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/17 20:29:38 | 002,057,216 | ---- | M] () -- C:\Documents and Settings\Henry\My Documents\CNapprenticeship.doc
[1 C:\Documents and Settings\Henry\My Documents\*.tmp files -> C:\Documents and Settings\Henry\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/04/15 17:45:17 | 002,977,433 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\Documentations.pptx
[2010/04/11 23:45:38 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/04/11 23:41:30 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\Windows Media Player.lnk
[2010/04/11 22:58:28 | 014,727,212 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\Solar Power.pptx
[2010/04/11 22:06:31 | 037,482,496 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\Solar Power 97 - 03.ppt
[2010/04/11 21:27:45 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\fix.bat
[2010/04/11 19:54:26 | 003,913,740 | R--- | C] () -- C:\Documents and Settings\Henry\Desktop\ComboFix.exe
[2010/04/11 11:02:25 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\gmer.zip
[2010/04/11 00:37:26 | 000,020,359 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\FileLister.zip
[2010/04/11 00:23:15 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C6V4.doc
[2010/04/08 19:17:24 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\SystemLook.exe
[2010/04/06 23:57:12 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\Eco Journal.doc
[2010/04/06 19:14:59 | 000,012,937 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C6V3.docx
[2010/04/06 18:32:44 | 000,140,343 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\Hot stuff.JPG
[2010/04/05 23:51:44 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\Physics Lab.doc
[2010/04/05 20:53:03 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\French Project.doc
[2010/04/05 11:42:42 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C6V2.doc
[2010/04/04 22:10:24 | 000,489,296 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\HelpAsst_mebroot_fix.exe
[2010/04/04 22:09:07 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C6V1.doc
[2010/04/04 20:47:10 | 000,013,676 | -HS- | C] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\VHx0W
[2010/04/04 20:47:10 | 000,013,676 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VHx0W
[2010/04/03 23:00:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/03 23:00:43 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/03 22:55:46 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/04/03 22:55:46 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/04/03 22:01:29 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/02 22:37:00 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\11th Hour Movie CritiqueHenry Lau.doc
[2010/04/02 16:40:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 15:21:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/02 15:21:16 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/02 15:17:05 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/02 15:17:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/02 15:17:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/02 15:17:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/02 11:23:46 | 000,015,344 | -HS- | C] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\LK2mfPE2j
[2010/04/02 11:23:46 | 000,015,344 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/03/31 21:03:41 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\Chapter 5 QuestionsHenry Lau.doc
[2010/03/30 17:40:31 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 17:37:54 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/29 16:53:01 | 007,494,865 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\ApprenticeWorkbook.pdf
[2010/03/28 18:18:59 | 003,482,145 | ---- | C] () -- C:\Documents and Settings\Henry\Desktop\New Radicals - Someday We'll Know.mp3
[2010/03/28 15:31:50 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\Geometry workbook answers.doc
[2010/03/21 22:50:37 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\A Green Paradise.doc
[2010/03/21 21:25:08 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\March 21.doc
[2010/03/21 20:17:13 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C5V4.doc
[2010/03/20 23:14:43 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C5V3.doc
[2010/03/20 16:36:49 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C5V2.doc
[2010/03/18 22:31:20 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\C5V1.doc
[2010/03/17 20:29:37 | 002,057,216 | ---- | C] () -- C:\Documents and Settings\Henry\My Documents\CNapprenticeship.doc
[2010/02/21 22:53:25 | 000,000,327 | ---- | C] () -- C:\Documents and Settings\Henry\mbr.log
[2010/02/21 22:10:25 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/01 14:12:31 | 000,012,686 | -HS- | C] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\u1ly73
[2009/12/15 17:13:21 | 000,012,098 | ---- | C] () -- C:\Documents and Settings\Henry\hs_err_pid3928.log
[2009/12/11 02:37:56 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\crash_report.dll
[2009/09/22 10:57:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/22 22:33:01 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\Henry\ntuser.dat
[2009/08/22 20:45:40 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\FASTWiz.log
[2009/08/22 18:49:27 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Henry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/21 21:13:00 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Henry\ntuser.dat.LOG
[2009/08/21 21:13:00 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Henry\ntuser.ini
[2009/08/21 21:12:49 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/08/21 21:12:49 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2009/08/19 18:23:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/03 05:13:31 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009/02/03 05:09:03 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/01/21 11:53:37 | 000,001,466 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
