I've got a year and some left on my Norton subscription, so I'm committed to them for awhile. I've been OK with it until it let this problem in... It never slowed it down too much, but when it's up I will go with something else, like Kopersky(sp?).
I am aware of the Hibernation function and do use it, at times.
No errors or issues running these. Here are the logs:
GMER 1.0.15.15641 -
http://www.gmer.netRootkit scan 2012-03-01 20:37:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.16
Running: gmer.exe; Driver: C:\DOCUME~1\Gary\LOCALS~1\Temp\kxtdrpow.sys
---- System - GMER 1.0.15 ----
SSDT 86F908A0 ZwConnectPort
SSDT 873360B8 ZwLoadDriver
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7378340, 0xFD9DF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x2342C0, 0xF8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\internet explorer\iexplore.exe[2652] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2652] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2652] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2652] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2652] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2652] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2652] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2652] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2652] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 0206003A
.text C:\Program Files\internet explorer\iexplore.exe[2732] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 020600F7
.text C:\Program Files\internet explorer\iexplore.exe[2732] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 020603D2
.text C:\Program Files\internet explorer\iexplore.exe[2732] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 020601B0
.text C:\Program Files\internet explorer\iexplore.exe[2732] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0206031C
.text C:\Program Files\internet explorer\iexplore.exe[2732] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 02060488
.text C:\Program Files\internet explorer\iexplore.exe[2732] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 02060266
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] ole32.dll!CreateBindCtx + B5F 774FF15F 7 Bytes JMP 020605F8
.text C:\Program Files\internet explorer\iexplore.exe[2732] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2732] ole32.dll!CoImpersonateClient + 51 77515200 7 Bytes JMP 0206053E
.text C:\Program Files\internet explorer\iexplore.exe[2732] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\internet explorer\iexplore.exe[2732] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device EB499D20
AttachedDevice FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 3/1/2012 8:37:43 PM - Run 3
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Gary\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.98 Mb Total Physical Memory | 401.40 Mb Available Physical Memory | 39.24% Memory free
2.14 Gb Paging File | 1.76 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): C:\pagefile.sys 1268 1636 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 60.94 Gb Free Space | 81.85% Space Free | Partition Type: NTFS
Computer Name: RACERX | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/02/16 21:29:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
PRC - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.5.0.145\ccsvchst.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/26 11:47:42 | 000,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (NTIDrvr)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (FA312)
SRV - File not found [Auto | Stopped] -- -- (AVCamUSB20)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe -- (NAV)
SRV - [2008/01/29 15:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2005/01/26 11:47:42 | 000,065,604 | ---- | M] (Boingo Wireless, Inc.) [Auto | Running] -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe -- (EarthLinkMonitor)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
========== Driver Services (SafeList) ========== DRV - [2012/02/03 20:42:16 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 20:42:16 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/01 18:14:49 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/15 17:33:22 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120229.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/30 20:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/23 20:23:47 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1305000.091\SYMEFA.SYS -- (SymEFA)
DRV - [2011/11/23 20:23:20 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - [2011/11/23 20:23:20 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys -- (SymIM)
DRV - [2011/11/23 19:50:26 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1305000.091\SRTSP.SYS -- (SRTSP)
DRV - [2011/11/23 19:50:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1305000.091\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/16 21:37:59 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1305000.091\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/11/16 21:17:48 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1305000.091\Ironx86.SYS -- (SymIRON)
DRV - [2011/11/04 17:59:35 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1305000.091\ccSetx86.sys -- (ccSet_NAV)
DRV - [2011/09/29 00:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120301.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/29 00:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120301.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/25 20:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1305000.091\SYMDS.SYS -- (SymDS)
DRV - [2004/11/01 14:16:34 | 000,017,536 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BW2NDIS5.SYS -- (BW2NDIS5)
DRV - [2004/08/03 21:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 21:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2003/05/14 13:42:58 | 000,013,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys -- (WmHidLo)
DRV - [2003/05/14 13:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys -- (WmFilter)
DRV - [2003/05/14 13:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys -- (WmBEnum)
DRV - [2003/05/14 13:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys -- (WmVirHid)
DRV - [2003/05/14 13:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys -- (WmXlCore)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/18 03:06:28 | 000,842,128 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\winachcf.sys -- (Winachcf)
DRV - [2001/08/17 12:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\..\URLSearchHook: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012/02/01 17:49:31 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/02/29 19:28:24 | 000,440,678 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1
www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1
www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
www.100888290cs.comO1 - Hosts: 127.0.0.1
www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1
www.10sek.comO1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
www.1-2005-search.comO1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (IE_PopupBlocker Class) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {050A3800-6C03-48A5-A6D7-14CCF18A700D}
http://employees.old...om/v4rdpchk.cab (v4 silent install)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1120313456515 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862}
https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C}
http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.micros...b?1126533491875 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BDEE83-9F7E-40C0-A52D-81CE364EE7F8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BDEE83-9F7E-40C0-A52D-81CE364EE7F8}: NameServer = 207.69.188.185,207.69.188.186
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2012/02/29 21:50:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gary\Recent
[2012/02/29 19:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/28 22:25:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/02/26 20:11:39 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gary\Desktop\tdsskiller.exe
[2012/02/26 20:11:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/26 19:47:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/23 17:58:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/23 17:56:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/23 17:56:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/23 17:56:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/23 17:56:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/23 17:56:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/23 17:55:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/23 17:55:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/02/23 09:21:25 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Gary\Desktop\aswMBR.exe
[2012/02/23 08:28:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/19 14:57:18 | 000,032,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixZeroAccess.sys
[2012/02/16 21:29:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2012/02/16 19:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/02/15 17:41:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/15 17:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\My Documents\New Folder
[2012/02/13 22:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/02/13 22:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/02/13 22:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\NPE
[2012/02/13 22:06:23 | 002,804,808 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Gary\Desktop\NPE.exe
[2012/02/09 19:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\ioDesktop
[2012/02/04 11:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\Deployment
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/03/01 20:11:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1007087799-3521379142-2447425561-1007UA.job
[2012/03/01 19:44:56 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\gmer.zip
[2012/03/01 17:26:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/03/01 17:26:03 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/29 21:59:03 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2012/02/29 19:28:24 | 000,440,678 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2012/02/29 18:30:07 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/02/28 22:25:46 | 000,799,962 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1305000.091\Cat.DB
[2012/02/28 21:57:50 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Norton Installation Files.lnk
[2012/02/27 17:28:12 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1305000.091\VT20111023.024
[2012/02/26 21:34:51 | 000,000,376 | -HS- | M] () -- C:\WINDOWS\0178013drv.spi
[2012/02/26 20:43:54 | 122,325,856 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\setup_11.0.0.1245.x01_2012_02_27_05_03.exe
[2012/02/26 19:54:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20120229-192824.backup
[2012/02/26 19:47:30 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gary\Desktop\tdsskiller.exe
[2012/02/23 09:23:15 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\MBR.dat
[2012/02/23 09:21:33 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Gary\Desktop\aswMBR.exe
[2012/02/19 14:57:18 | 000,032,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixZeroAccess.sys
[2012/02/19 14:34:15 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2012/02/19 11:11:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1007087799-3521379142-2447425561-1007Core.job
[2012/02/16 21:29:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2012/02/16 20:27:26 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2012/02/15 22:27:54 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 22:25:37 | 000,443,334 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/02/15 22:25:37 | 000,072,496 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/02/14 21:52:55 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Microsoft Word (2).lnk
[2012/02/13 22:32:58 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/13 22:06:23 | 002,804,808 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Gary\Desktop\NPE.exe
[2012/02/12 08:48:55 | 000,000,388 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\EarthLink Web Mail.url
[2012/02/09 19:26:47 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ioDesktop.lnk
[2012/02/07 22:40:02 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\SpywareBlaster.lnk
[2012/02/02 20:27:57 | 000,446,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20120210-181522.backup
[2012/02/02 20:08:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/02 17:20:52 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2012/02/01 18:14:49 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/02/01 18:14:49 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/02/01 18:14:49 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/02/01 18:14:49 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/03/01 19:44:51 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\gmer.zip
[2012/02/26 21:34:45 | 000,000,376 | -HS- | C] () -- C:\WINDOWS\0178013drv.spi
[2012/02/26 20:51:02 | 122,325,856 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\setup_11.0.0.1245.x01_2012_02_27_05_03.exe
[2012/02/23 17:58:58 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/02/23 17:58:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/23 17:56:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/23 17:56:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/23 17:56:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/23 17:56:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/23 17:56:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/23 09:23:15 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\MBR.dat
[2012/02/20 07:59:15 | 1072,746,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/15 20:20:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 20:20:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/13 22:31:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/04 11:06:56 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1007087799-3521379142-2447425561-1007UA.job
[2012/02/04 11:06:56 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1007087799-3521379142-2447425561-1007Core.job
[2012/01/07 07:36:29 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2011/10/23 20:35:59 | 000,308,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/11 20:21:51 | 000,000,152 | ---- | C] () -- C:\WINDOWS\System32\RSLSP.ini
[2010/10/14 16:42:07 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/09/23 22:05:29 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat
[2007/10/15 21:20:13 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/10/26 19:06:41 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2005/05/23 19:38:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Webspace.INI
[2005/05/23 18:42:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/05/22 10:01:47 | 000,003,137 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/05/09 16:20:03 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/10 19:24:35 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2004/11/10 19:24:35 | 000,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2004/11/10 18:29:13 | 000,000,395 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/11/06 08:01:52 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/10/27 17:29:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/26 19:33:47 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/10/26 17:14:11 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\PFP120JPR.{PB
[2004/10/26 17:14:11 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\PFP120JCM.{PB
[2004/10/26 17:09:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/10/26 17:06:30 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2004/10/26 16:45:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/13 00:38:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/13 00:34:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/10/13 00:30:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/10/13 00:30:56 | 000,000,384 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/13 00:26:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/13 00:13:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/10/13 00:11:14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/13 00:11:10 | 000,443,334 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/10/13 00:11:10 | 000,072,496 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/10/12 23:55:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/26 16:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/03 08:05:08 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 07:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 07:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 07:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 07:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 04:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ONETW.DRV
[2002/08/29 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ========== [2011/02/20 08:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Encore
[2010/01/13 22:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Euchre
[2011/10/11 20:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/23 19:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2012/03/01 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/10/13 00:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/11/02 20:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Aim
[2009/12/11 13:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/12 18:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\com.radioio.ioDesktop.CB8A51FDBDF8B5F2BC25A3DD7F59CC4ED6D8CF65.1
[2008/12/28 12:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Earthlink
[2008/02/14 20:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\EarthLink Toolbar
[2011/03/01 21:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ElevatedDiagnostics
[2011/02/20 07:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GetRightToGo
[2012/02/14 22:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Hoyle Card Games
[2010/03/07 12:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Hoyle FaceCreator
[2011/02/07 20:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ieSpell
[2004/10/28 18:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\JoiExpress
[2004/10/31 08:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2011/10/11 20:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2010/09/23 07:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Tific
[2012/01/07 09:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Uniblue
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >