win32/fakerean

View previous topic View next topic Go down

win32/fakerean

Post by Jim Harrison on 29th May 2011, 7:01 pm

OTL logfile created on: 5/29/2011 11:45:41 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.04% Memory free
1.22 Gb Paging File | 0.61 Gb Available in Paging File | 50.39% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 54.94 Gb Free Space | 73.79% Space Free | Partition Type: NTFS

Computer Name: LO16 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 11:45:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\My Documents\Downloads\OTL.com
PRC - [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/29 11:45:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\My Documents\Downloads\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LiveUpdate)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (avgfws)
SRV - File not found [Disabled | Stopped] -- -- (AVG Security Toolbar Service)
SRV - File not found [Disabled | Stopped] -- -- (avast! Web Scanner)
SRV - File not found [Disabled | Stopped] -- -- (avast! Mail Scanner)
SRV - File not found [Disabled | Stopped] -- -- (avast! Antivirus)
SRV - File not found [Disabled | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
SRV - [2011/05/26 21:37:17 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2011/05/26 20:53:27 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/04/27 19:11:55 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/08/22 01:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/05/11 18:32:22 | 000,142,112 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:16:48 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D39A9FD-7752-491C-923F-CD051D0DEA59}\MpKsl5cb85fb2.sys -- (MpKsl5cb85fb2)
DRV - [2011/05/29 08:25:07 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D39A9FD-7752-491C-923F-CD051D0DEA59}\MpKslb20f77b7.sys -- (MpKslb20f77b7)
DRV - [2011/05/28 21:09:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D39A9FD-7752-491C-923F-CD051D0DEA59}\MpKslb9c8129c.sys -- (MpKslb9c8129c)
DRV - [2011/05/26 21:37:58 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\sabprocenum.sys -- (SABProcEnum)
DRV - [2011/05/26 21:37:06 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/18 12:13:04 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\PCASp50.sys -- (PCASp50)
DRV - [2009/12/18 12:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/02/25 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/09 15:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090318.001\SymIDSco.sys -- (SYMIDSCO)
DRV - [2009/02/05 13:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/02/05 13:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 13:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 13:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 13:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/02/05 13:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/01/08 23:36:06 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/05/17 15:51:13 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvuvc.hs -- (LVUVC) QuickCam Communicate Deluxe(UVC)
DRV - [2008/01/31 18:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 18:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 18:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/08/08 17:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4de00d8d&v=7.004.022.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/23 19:18:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 13:02:27 | 000,000,000 | ---D | M]

[2010/03/17 01:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2009/06/21 17:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/27 13:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\rffoih5k.default\extensions
[2010/04/27 21:16:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\rffoih5k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/23 18:38:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\rffoih5k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2011/05/25 21:03:37 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\rffoih5k.default\searchplugins\askcom.xml
[2008/12/12 11:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\rffoih5k.default\searchplugins\MySpace.xml
[2011/05/23 19:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/23 18:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/21 21:29:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/20 23:58:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/23 19:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/05/23 19:18:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/22 13:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution(2)\extensions
[2011/05/23 18:38:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution(2)\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) --
[2008/12/01 10:20:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/27 13:36:51 | 000,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.8 HP000D9D26243B
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [BrandClearStubs] C:\WINDOWS\System32\iedkcs32.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b691eb73-aa0c-11df-bde7-c3d96fbc17af}\Shell - "" = AutoRun
O33 - MountPoints2\{b691eb73-aa0c-11df-bde7-c3d96fbc17af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b691eb73-aa0c-11df-bde7-c3d96fbc17af}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 09:36:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/29 09:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/05/29 08:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/29 00:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/28 21:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\AVG Security Toolbar
[2011/05/28 20:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/28 14:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\FixItCenter
[2011/05/28 14:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2011/05/28 14:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011/05/28 14:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/05/28 14:01:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/05/28 13:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/05/27 17:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\DriverCure
[2011/05/27 17:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\ParetoLogic
[2011/05/27 17:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\ParetoLogic
[2011/05/27 17:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/05/27 17:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/05/27 17:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/05/27 12:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2011/05/27 10:48:53 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Thawbrkr.dll
[2011/05/27 10:48:53 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/05/27 10:48:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/05/27 10:48:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2011/05/27 10:48:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2011/05/27 10:48:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/05/27 10:48:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2011/05/27 10:48:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/05/27 10:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/05/26 17:16:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/05/26 12:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\AVG10
[2011/05/26 12:44:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/26 12:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/26 12:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/26 12:39:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/26 12:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/25 20:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/05/25 19:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Sammsoft
[2011/05/25 11:49:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2011/05/23 19:09:33 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/04/30 11:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\U3
[2011/04/30 11:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[366 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[344 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/29 11:50:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1327C4F4-34E1-4B43-9C5A-F477A2056B0A}.job
[2011/05/29 10:19:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/05/29 09:32:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/29 09:32:36 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/05/29 09:32:35 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/05/29 09:21:47 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/29 09:15:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/29 09:15:25 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/29 08:12:43 | 000,003,398 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2011/05/29 07:25:25 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/05/29 07:24:42 | 116,439,227 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/29 00:39:21 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/29 00:05:46 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor_sch_1278673A-89C2-11E0-BF8D-001320D39B0B.job
[2011/05/28 23:23:06 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Microsoft Security Essentials (2).lnk
[2011/05/28 21:55:49 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Shortcut to firefox.lnk
[2011/05/28 20:38:18 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/28 18:00:03 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/05/28 14:02:18 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2011/05/28 05:02:12 | 000,193,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/27 17:50:44 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/05/27 17:50:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/05/27 13:36:51 | 000,000,764 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/05/27 10:58:00 | 000,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/27 08:21:45 | 000,653,807 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/05/26 21:39:05 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdsp.dll
[2011/05/26 21:39:04 | 000,045,056 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\WNASPI32.DLL
[2011/05/26 21:39:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVADVE.DLL
[2011/05/26 21:39:02 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVADVD.dll
[2011/05/26 21:38:58 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfapi.dll
[2011/05/26 21:38:58 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\wdl.trm
[2011/05/26 21:38:52 | 000,937,984 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.sve
[2011/05/26 21:38:52 | 000,225,280 | ---- | M] (VideoSoft) -- C:\WINDOWS\System32\VSFLEX3.OCX
[2011/05/26 21:38:52 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011/05/26 21:38:49 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\UncPH.dll
[2011/05/26 21:38:48 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tquery.dll.mui
[2011/05/26 21:38:48 | 000,008,192 | ---- | M] (DSP GROUP, INC.) -- C:\WINDOWS\System32\tssoft32.acm
[2011/05/26 21:38:47 | 000,147,456 | ---- | M] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/05/26 21:38:47 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srchadmin.dll.mui
[2011/05/26 21:38:47 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Stkit432.dll
[2011/05/26 21:38:46 | 000,442,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.dll
[2011/05/26 21:38:46 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.rll
[2011/05/26 21:38:16 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\sl_anet.acm
[2011/05/26 21:37:58 | 000,004,096 | ---- | M] (SuperAdBlocker.com) -- C:\WINDOWS\System32\sabprocenum.sys
[2011/05/26 21:37:57 | 000,053,248 | ---- | M] (World Wide Woodshed) -- C:\WINDOWS\System32\rhythmgd.ocx
[2011/05/26 21:37:55 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\RDOCURS.DLL
[2011/05/26 21:37:55 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/05/26 21:37:54 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\PRONtObj.dll
[2011/05/26 21:37:54 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2011/05/26 21:37:54 | 000,122,880 | ---- | M] (Crescent Division of Progress Software Corporation) -- C:\WINDOWS\System32\Qpro32.dll
[2011/05/26 21:37:54 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/05/26 21:37:53 | 000,077,824 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\PRApplet.cpl
[2011/05/26 21:37:41 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nlsdl.dll
[2011/05/26 21:37:41 | 000,020,480 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo32.dll
[2011/05/26 21:37:40 | 001,355,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvbvm50.dll
[2011/05/26 21:37:40 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2011/05/26 21:37:40 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2011/05/26 21:37:40 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2011/05/26 21:37:40 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTKPRP.DLL
[2011/05/26 21:37:39 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mssph.dll.mui
[2011/05/26 21:37:38 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSREPL35.DLL
[2011/05/26 21:37:38 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRDO20.DLL
[2011/05/26 21:37:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2011/05/26 21:37:33 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFPLAT.dll
[2011/05/26 21:37:33 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2011/05/26 21:37:33 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2011/05/26 21:37:32 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71DEU.DLL
[2011/05/26 21:37:32 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2011/05/26 21:37:32 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71FRA.DLL
[2011/05/26 21:37:32 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ESP.DLL
[2011/05/26 21:37:32 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2011/05/26 21:37:32 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2011/05/26 21:37:32 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2011/05/26 21:37:31 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2011/05/26 21:37:31 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2011/05/26 21:37:31 | 000,086,016 | ---- | M] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2011/05/26 21:37:31 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC42ENU.DLL
[2011/05/26 21:37:30 | 000,651,264 | ---- | M] () -- C:\WINDOWS\System32\libeay32.dll
[2011/05/26 21:37:28 | 000,163,840 | ---- | M] (America Online) -- C:\WINDOWS\System32\jgdw400.dll
[2011/05/26 21:37:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/26 21:37:28 | 000,065,536 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgsh400.dll
[2011/05/26 21:37:27 | 002,310,144 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2011/05/26 21:37:27 | 000,049,152 | ---- | M] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll
[2011/05/26 21:37:26 | 000,524,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2011/05/26 21:37:26 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2011/05/26 21:37:25 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2011/05/26 21:37:25 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2011/05/26 21:37:25 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2011/05/26 21:37:25 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2011/05/26 21:37:25 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2011/05/26 21:37:25 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2011/05/26 21:37:25 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2011/05/26 21:37:25 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2011/05/26 21:37:25 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2011/05/26 21:37:25 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2011/05/26 21:37:25 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2011/05/26 21:37:25 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2011/05/26 21:37:25 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2011/05/26 21:37:25 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2011/05/26 21:37:25 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2011/05/26 21:37:25 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2011/05/26 21:37:25 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2011/05/26 21:37:25 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2011/05/26 21:37:25 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2011/05/26 21:37:25 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2011/05/26 21:37:25 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2011/05/26 21:37:25 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2011/05/26 21:37:25 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2011/05/26 21:37:25 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2011/05/26 21:37:25 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2011/05/26 21:37:24 | 000,446,464 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2011/05/26 21:37:24 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2011/05/26 21:37:24 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2011/05/26 21:37:24 | 000,040,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2011/05/26 21:37:23 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2011/05/26 21:37:22 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
[2011/05/26 21:37:21 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
[2011/05/26 21:37:21 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
[2011/05/26 21:37:21 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
[2011/05/26 21:37:21 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
[2011/05/26 21:37:21 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
[2011/05/26 21:37:21 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
[2011/05/26 21:37:21 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
[2011/05/26 21:37:21 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
[2011/05/26 21:37:21 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
[2011/05/26 21:37:20 | 000,114,688 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2011/05/26 21:37:20 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
[2011/05/26 21:37:20 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
[2011/05/26 21:37:20 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
[2011/05/26 21:37:20 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
[2011/05/26 21:37:20 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
[2011/05/26 21:37:20 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
[2011/05/26 21:37:20 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2011/05/26 21:37:20 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2011/05/26 21:37:20 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2011/05/26 21:37:20 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2011/05/26 21:37:19 | 000,049,152 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2011/05/26 21:37:19 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2011/05/26 21:37:19 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
[2011/05/26 21:37:19 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
[2011/05/26 21:37:19 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2011/05/26 21:37:19 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2011/05/26 21:37:19 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2011/05/26 21:37:19 | 000,040,960 | ---- | M] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2011/05/26 21:37:18 | 000,061,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4396.dll
[2011/05/26 21:37:17 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2011/05/26 21:37:17 | 000,204,800 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2011/05/26 21:37:17 | 000,094,208 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2011/05/26 21:37:17 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2011/05/26 21:37:17 | 000,061,440 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2011/05/26 21:37:17 | 000,057,344 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2011/05/26 21:37:17 | 000,028,672 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzjfw01.dll
[2011/05/26 21:37:16 | 000,393,216 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzcon12.dll
[2011/05/26 21:37:16 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\System32\hpzcoi12.dll
[2011/05/26 21:37:15 | 000,581,632 | R--- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl.dll
[2011/05/26 21:37:15 | 000,278,528 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hpgwiamd.dll
[2011/05/26 21:37:15 | 000,274,432 | R--- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll
[2011/05/26 21:37:15 | 000,229,376 | R--- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst08.dll
[2011/05/26 21:37:10 | 000,036,864 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e100bmsg.dll
[2011/05/26 21:37:09 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drmupgds.exe
[2011/05/26 21:37:06 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\System32\drivers\NwUsbCdFil.sys
[2011/05/26 21:37:03 | 000,094,208 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNIN50.dll
[2011/05/26 21:37:01 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshom.ocx
[2011/05/26 21:37:01 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2011/05/26 21:37:00 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2011/05/26 21:36:52 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/05/26 21:36:51 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/05/26 21:36:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2011/05/26 21:36:33 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2011/05/26 21:36:29 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll
[2011/05/26 21:36:28 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2011/05/26 21:36:27 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011/05/26 21:36:27 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/26 21:36:25 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2011/05/26 21:36:25 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2011/05/26 21:36:23 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2011/05/26 21:36:21 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/05/26 21:36:19 | 000,536,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2011/05/26 21:36:19 | 000,331,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/05/26 21:36:19 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2011/05/26 21:36:19 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2011/05/26 21:36:19 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2011/05/26 21:36:19 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2011/05/26 21:36:19 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2011/05/26 21:36:19 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2011/05/26 21:36:19 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2011/05/26 21:36:19 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2011/05/26 21:36:18 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2011/05/26 21:36:17 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/05/26 21:36:17 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/05/26 21:36:12 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2011/05/26 21:36:10 | 001,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2011/05/26 21:36:10 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/05/26 21:36:08 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2011/05/26 21:36:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2011/05/26 21:36:05 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2011/05/26 21:36:05 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/05/26 21:36:04 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2011/05/26 21:36:03 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2011/05/26 21:36:00 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2011/05/26 21:35:59 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2011/05/26 21:35:56 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2011/05/26 21:35:51 | 000,720,896 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/05/26 21:35:42 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dbnmpntw.dll
[2011/05/26 21:35:41 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsrpcn.dll
[2011/05/26 21:34:52 | 000,106,496 | ---- | M] (Canon Inc.) -- C:\WINDOWS\System32\cnco460.dll
[2011/05/26 21:34:51 | 000,135,168 | ---- | M] (Canon Inc.) -- C:\WINDOWS\System32\CNCL460.DLL
[2011/05/26 21:34:50 | 001,302,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\System32\CNCC460.DLL
[2011/05/26 21:34:50 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\System32\CNCI460.DLL
[2011/05/26 21:34:48 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.rll
[2011/05/26 21:34:48 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2011/05/26 21:34:47 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.dll
[2011/05/26 21:34:46 | 000,069,632 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\System32\cdnotify6.ocx
[2011/05/26 21:33:54 | 000,319,488 | ---- | M] () -- C:\WINDOWS\System32\AegisI5.exe
[2011/05/26 21:33:54 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ATHPRXY.DLL
[2011/05/26 21:33:51 | 000,380,928 | ---- | M] () -- C:\WINDOWS\System32\actskin4.ocx
[2011/05/26 21:33:50 | 000,323,584 | ---- | M] (Dialog Medien GmbH) -- C:\WINDOWS\System32\ACD.ocx
[2011/05/26 21:30:14 | 000,049,152 | ---- | M] () -- C:\WINDOWS\setpwrcg.exe
[2011/05/26 21:26:07 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/26 20:08:00 | 001,265,664 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/05/26 11:55:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/26 09:18:30 | 000,008,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/05/25 11:50:30 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15851300
[2011/05/25 11:50:20 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15851300
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/05/23 19:09:33 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/23 18:33:42 | 000,014,454 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\h0387md7ekpl3vuk24yy
[2011/05/23 18:33:42 | 000,014,454 | -HS- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\h0387md7ekpl3vuk24yy
[366 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[344 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 09:34:42 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/05/29 09:15:25 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/29 07:56:27 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/29 07:24:42 | 116,439,227 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/29 00:39:21 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/29 00:05:45 | 000,000,322 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor_sch_1278673A-89C2-11E0-BF8D-001320D39B0B.job
[2011/05/28 23:23:06 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Microsoft Security Essentials (2).lnk
[2011/05/28 21:55:49 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Shortcut to firefox.lnk
[2011/05/28 20:37:03 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/28 14:19:38 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/05/28 14:19:37 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/05/28 14:02:18 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2011/05/28 14:02:18 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2011/05/28 13:22:12 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/05/28 05:02:12 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/27 17:51:33 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/05/27 17:50:43 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/05/27 17:50:42 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/05/27 17:50:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/05/27 17:50:37 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/05/27 08:21:45 | 000,653,807 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/05/26 09:16:20 | 000,008,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/05/25 11:50:30 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15851300
[2011/05/25 11:50:20 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15851300
[2011/05/23 13:17:37 | 000,014,454 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h0387md7ekpl3vuk24yy
[2011/05/23 13:17:37 | 000,014,454 | -HS- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\h0387md7ekpl3vuk24yy
[2011/02/12 18:56:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olx98NT.sys
[2011/01/31 15:49:35 | 000,000,047 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/07/15 22:10:30 | 000,003,139 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/03/06 18:53:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/11/10 01:35:18 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/05 23:52:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/28 09:56:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/18 21:40:33 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/05/18 21:40:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/05/18 21:40:29 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2009/05/13 23:28:30 | 000,003,398 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2008/10/04 13:49:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2008/10/04 13:38:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Setup1.exe
[2008/06/21 01:21:50 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/21 01:08:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\fusioncache.dat
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/23 22:05:56 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/23 21:54:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/20 22:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/03/02 18:45:35 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Ar115e.INI
[2006/01/21 12:33:33 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/01/21 12:33:32 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/01/21 12:33:12 | 000,000,728 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/01/21 12:28:20 | 000,069,372 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2006/01/21 12:28:20 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2006/01/21 12:26:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/17 12:04:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/17 11:45:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/01/17 11:45:12 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 16:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 16:06:43 | 000,184,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 16:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 16:00:28 | 000,463,938 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 16:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 16:00:28 | 000,079,214 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 16:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 16:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 16:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 16:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 16:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 16:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 16:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 16:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17639624
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Jim Harrison
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2011-05-29
OS OS : windows xp
Points Points : 20226
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/fakerean

Post by Belahzur on 30th May 2011, 8:05 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2011/05/25 11:50:30 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15851300
    [2011/05/25 11:50:20 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15851300
    [2011/05/23 13:17:37 | 000,014,454 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h0387md7ekpl3vuk24yy
    [2011/05/23 13:17:37 | 000,014,454 | -HS- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\h0387md7ekpl3vuk24yy


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum