AMI HIJACKED?? OTL File 1 /3

View previous topic View next topic Go down

AMI HIJACKED?? OTL File 1 /3

Post by robotkilla1010 on Tue 27 Mar 2012, 11:00 am

I Think it's quite bad.
I cant log on to GP in Chrome or Safari, i daren't open Explorer
There are multiple changes to the registry.
The system hangs.
Some programmes don't open.
Security updates have been disabled.
I cant click any links in Mozilla. iam having to transfer the files to another comp to upload them.

OTL FILE 1 of 3

OTL logfile created on: 27/03/2012 01:45:20 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Laptop User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.49 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 74.10% Memory free
6.82 Gb Paging File | 5.80 Gb Available in Paging File | 85.02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 22.10 Gb Free Space | 29.66% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Laptop User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/27 00:31:32 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laptop User\My Documents\Downloads\OTL.com
PRC - [2011/10/19 12:22:52 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2011/06/19 04:11:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/21 20:48:18 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/21 20:48:18 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/21 20:48:15 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/21 20:48:14 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/21 20:48:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/31 03:41:28 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/19 14:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/02/19 14:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7311\Monitor.exe
PRC - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
PRC - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
PRC - [2005/08/10 07:54:34 | 000,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/19 04:11:43 | 001,014,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/11/23 23:37:49 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/08/15 11:43:08 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
MOD - [2009/07/01 23:46:06 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2007/10/09 19:17:44 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/10/09 19:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/07/25 16:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/24 11:57:52 | 000,065,536 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll
MOD - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
MOD - [2006/02/02 00:47:22 | 000,057,344 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\onsclient.dll
MOD - [2006/02/02 00:43:28 | 000,006,144 | ---- | M] () -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\orajox10.dll
MOD - [2005/10/07 09:22:50 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
MOD - [2005/05/11 13:23:42 | 000,073,728 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\dopewars-1.5.12\dopewars.exe -- (dopewars-server)
SRV - [2010/11/29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/08/21 20:48:14 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/21 20:48:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/16 13:29:28 | 006,562,432 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/03/06 13:26:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007/02/19 14:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/02/02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006/02/02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006/02/02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/07 03:10:04 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2010/05/07 03:10:04 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2010/05/07 03:10:04 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2010/05/07 03:10:04 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2010/05/07 03:10:02 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/21 20:48:18 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/21 20:48:18 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/09 11:26:19 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007/10/09 19:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/17 10:22:00 | 000,265,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/08/02 17:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 17:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 17:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/14 11:57:56 | 000,449,024 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/19 14:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/06 10:40:36 | 000,108,032 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2006/10/20 14:34:16 | 000,037,296 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2006/09/13 18:41:46 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
DRV - [2006/08/17 08:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/02/24 23:04:05 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2005/05/03 16:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.] "
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.6.2.1
FF - prefs.js..extensions.enabledItems: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09}:3.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}:0.3.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.2
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8
FF - prefs.js..extensions.enabledItems: {55009080-176f-11da-8cd6-0800200c9a66}:4.2.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: ststusscicalc@sunny:4.9.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {432b7585-862d-4384-9340-b66a5e426dca}:0.6
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 19:51:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/31 03:41:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/16 23:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/13 14:56:01 | 000,000,000 | ---D | M]

[2009/01/12 00:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Extensions
[2012/03/27 00:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions
[2010/04/04 02:33:29 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/05/28 01:16:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/07 14:28:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/08/25 14:03:49 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2011/09/19 16:36:22 | 000,000,000 | ---D | M] (View Source In Dreamweaver) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{432b7585-862d-4384-9340-b66a5e426dca}
[2010/04/04 02:33:26 | 000,000,000 | ---D | M] (ImageBot) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
[2011/09/19 16:36:25 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/05/23 02:32:29 | 000,000,000 | ---D | M] ("lori (Life-of-request info)") -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9}
[2011/09/19 16:36:22 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/05/23 02:32:35 | 000,000,000 | ---D | M] (CSSViewer) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{8be51513-0433-45c1-9203-7b45019df871}
[2011/06/05 23:36:50 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/05/23 02:32:30 | 000,000,000 | ---D | M] (EditCSS) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
[2011/08/25 14:03:55 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/04 02:33:21 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2011/01/11 17:33:13 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/23 02:32:35 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2011/09/19 16:36:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/11 17:33:11 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/04 02:33:17 | 000,000,000 | ---D | M] (Font Finder) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\fontfinder@bendodson.com
[2011/06/05 23:36:53 | 000,000,000 | ---D | M] (Fotofox) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\fotofox@mozilla.com
[2010/04/04 02:33:29 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\googletube@googletube.com
[2010/04/22 04:52:55 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\ststusscicalc@sunny
[2009/06/08 01:06:18 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\searchplugins\bing.xml
[2012/03/27 00:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 14:23:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 03:42:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 22:16:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/01/12 06:34:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2009/01/30 03:03:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/01/12 06:34:08 | 000,303,416 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2012/01/12 06:34:14 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2008/09/10 01:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 03:48:40 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/22 03:48:40 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/22 03:48:41 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/22 03:48:41 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Web Developer = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\
CHR - Extension: Rulers, Guides, Eye Dropper and Color Picker = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjpngjgkahhflejneemihpbnfdoafoeh\1.1_0\
CHR - Extension: *Ultimate Football Results* = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnpobggldcjebejmndignliobeifocj\1.6.65_0\
CHR - Extension: Abstract Green Nebula = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmiakbfojdnbagbidpdhfdfdmdefphkm\1.0_0\

O1 HOSTS File: ([2009/08/27 23:25:10 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\12.30.0016\PKTray.exe (PKWARE, Inc.)
O4 - Startup: C:\Documents and Settings\Laptop User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Laptop User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E035440-8BCC-4F6C-A796-5869DFEFBC95}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5E32C25-8AD3-4F52-82BC-5D70E6A0800C}: NameServer = 12.125.163.250,223.12.112.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0110438-7CE7-4023-AEB7-688A3E0C059A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/27 16:38:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{04721c86-6f17-11e1-af0d-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{04721c86-6f17-11e1-af0d-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{04721c86-6f17-11e1-af0d-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{061055e2-6554-11dd-a545-9ca6a2c065dd}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{21a2d5aa-bcff-11df-b6af-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{21a2d5aa-bcff-11df-b6af-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21a2d5aa-bcff-11df-b6af-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{21a2d5ad-bcff-11df-b6af-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{21a2d5ad-bcff-11df-b6af-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21a2d5ad-bcff-11df-b6af-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{21a2d5b1-bcff-11df-b6af-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{21a2d5b1-bcff-11df-b6af-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21a2d5b1-bcff-11df-b6af-001d0961e8a3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{256ce746-7015-11e1-af17-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{256ce746-7015-11e1-af17-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{256ce746-7015-11e1-af17-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2ee22be2-6a70-11e1-aefe-f200c1dfcd47}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee22be2-6a70-11e1-aefe-f200c1dfcd47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ee22be2-6a70-11e1-aefe-f200c1dfcd47}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{45ac3f8b-5d81-11e1-aed7-f4424119ed9e}\Shell - "" = AutoRun
O33 - MountPoints2\{45ac3f8b-5d81-11e1-aed7-f4424119ed9e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45ac3f8b-5d81-11e1-aed7-f4424119ed9e}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{613e6b88-841c-11de-b32d-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{613e6b88-841c-11de-b32d-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{613e6b88-841c-11de-b32d-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6a8de30a-7209-11e1-af24-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8de30a-7209-11e1-af24-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a8de30a-7209-11e1-af24-001d0961e8a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6a8de312-7209-11e1-af24-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8de312-7209-11e1-af24-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a8de312-7209-11e1-af24-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6c020972-6fb9-11e1-af14-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{6c020972-6fb9-11e1-af14-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6c020972-6fb9-11e1-af14-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6c7f2024-70c2-11e1-af21-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{6c7f2024-70c2-11e1-af21-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6c7f2024-70c2-11e1-af21-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7a3b9210-8010-11de-b31f-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3b9210-8010-11de-b31f-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a3b9210-8010-11de-b31f-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7af64c22-e84c-11de-b439-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{7af64c22-e84c-11de-b439-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7af64c22-e84c-11de-b439-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7c4bfad8-70bb-11e1-af1e-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{7c4bfad8-70bb-11e1-af1e-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c4bfad8-70bb-11e1-af1e-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{80dacad5-7228-11e1-af26-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{80dacad5-7228-11e1-af26-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{80dacad5-7228-11e1-af26-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8fcc9fe8-805b-11de-b321-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{8fcc9fe8-805b-11de-b321-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8fcc9fe8-805b-11de-b321-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{90697a74-6ba2-11e1-af01-f8f36582cc47}\Shell - "" = AutoRun
O33 - MountPoints2\{90697a74-6ba2-11e1-af01-f8f36582cc47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{90697a74-6ba2-11e1-af01-f8f36582cc47}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{94684d28-6f54-11e1-af0e-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{94684d28-6f54-11e1-af0e-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{94684d28-6f54-11e1-af0e-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{94684d2b-6f54-11e1-af0e-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{94684d2b-6f54-11e1-af0e-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{94684d2b-6f54-11e1-af0e-001d0961e8a3}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{97a0abc8-ab07-11e0-acb0-d65b19671448}\Shell - "" = AutoRun
O33 - MountPoints2\{97a0abc8-ab07-11e0-acb0-d65b19671448}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97a0abc8-ab07-11e0-acb0-d65b19671448}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{97a0abca-ab07-11e0-acb0-e3978fdd7e7d}\Shell - "" = AutoRun
O33 - MountPoints2\{97a0abca-ab07-11e0-acb0-e3978fdd7e7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97a0abca-ab07-11e0-acb0-e3978fdd7e7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9b24dde0-0bbb-11e1-adde-e745fc66ad35}\Shell - "" = AutoRun
O33 - MountPoints2\{9b24dde0-0bbb-11e1-adde-e745fc66ad35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b24dde0-0bbb-11e1-adde-e745fc66ad35}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9b8e487e-49dd-11e1-ae9f-84b3235e6747}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8e487e-49dd-11e1-ae9f-84b3235e6747}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b8e487e-49dd-11e1-ae9f-84b3235e6747}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{9e431a91-6fe4-11e1-af15-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{9e431a91-6fe4-11e1-af15-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e431a91-6fe4-11e1-af15-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9e431a93-6fe4-11e1-af15-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{9e431a93-6fe4-11e1-af15-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e431a93-6fe4-11e1-af15-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a0aa718c-6eec-11e1-af0a-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{a0aa718c-6eec-11e1-af0a-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0aa718c-6eec-11e1-af0a-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{af967598-7fb5-11de-b31e-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{af967598-7fb5-11de-b31e-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{af967598-7fb5-11de-b31e-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{af96759b-7fb5-11de-b31e-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{af96759b-7fb5-11de-b31e-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{af96759b-7fb5-11de-b31e-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b3d7fd22-a173-11de-b377-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{b3d7fd22-a173-11de-b377-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3d7fd22-a173-11de-b377-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be87eaec-5347-11e1-aeb9-ef60b316f555}\Shell - "" = AutoRun
O33 - MountPoints2\{be87eaec-5347-11e1-aeb9-ef60b316f555}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be87eaec-5347-11e1-aeb9-ef60b316f555}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{c9292a1b-70bc-11e1-af1f-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{c9292a1b-70bc-11e1-af1f-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9292a1b-70bc-11e1-af1f-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cbd9b2aa-723e-11e1-af2a-001f3c8ce1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{cbd9b2aa-723e-11e1-af2a-001f3c8ce1ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbd9b2aa-723e-11e1-af2a-001f3c8ce1ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cbd9b2af-723e-11e1-af2a-001f3c8ce1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{cbd9b2af-723e-11e1-af2a-001f3c8ce1ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbd9b2af-723e-11e1-af2a-001f3c8ce1ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d4092c08-7086-11e1-af1a-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{d4092c08-7086-11e1-af1a-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4092c08-7086-11e1-af1a-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d5c64984-aaef-11e0-acad-f050d572c048}\Shell - "" = AutoRun
O33 - MountPoints2\{d5c64984-aaef-11e0-acad-f050d572c048}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d5c64984-aaef-11e0-acad-f050d572c048}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d6aa6c9a-c0fd-11df-b6c3-001d0961e8a3}\Shell\AutoRun\command - "" = E:\p6xebrnt.exe
O33 - MountPoints2\{d6aa6c9a-c0fd-11df-b6c3-001d0961e8a3}\Shell\open\Command - "" = E:\p6xebrnt.exe
O33 - MountPoints2\{e1fec0e6-4933-11e0-ab8f-a0fd598e4525}\Shell - "" = AutoRun
O33 - MountPoints2\{e1fec0e6-4933-11e0-ab8f-a0fd598e4525}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1fec0e6-4933-11e0-ab8f-a0fd598e4525}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ebb4ffe1-723c-11e1-af29-001d0961e8a3}\Shell - "" = AutoRun
O33 - MountPoints2\{ebb4ffe1-723c-11e1-af29-001d0961e8a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ebb4ffe1-723c-11e1-af29-001d0961e8a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ebf8d3d4-49ba-11e0-ab91-001f3c8ce1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{ebf8d3d4-49ba-11e0-ab91-001f3c8ce1ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ebf8d3d4-49ba-11e0-ab91-001f3c8ce1ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eefdb588-6551-11dd-a544-f63cd4689f18}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{f3e304f4-6a37-11e1-aefd-001f3c8ce1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e304f4-6a37-11e1-aefd-001f3c8ce1ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3e304f4-6a37-11e1-aefd-001f3c8ce1ef}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{f3e304f6-6a37-11e1-aefd-a687dd5a09da}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e304f6-6a37-11e1-aefd-a687dd5a09da}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3e304f6-6a37-11e1-aefd-a687dd5a09da}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{f3e304fa-6a37-11e1-aefd-c0a6c017775c}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e304fa-6a37-11e1-aefd-c0a6c017775c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3e304fa-6a37-11e1-aefd-c0a6c017775c}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{f3e304ff-6a37-11e1-aefd-c0a6c017775c}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e304ff-6a37-11e1-aefd-c0a6c017775c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3e304ff-6a37-11e1-aefd-c0a6c017775c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f3e30501-6a37-11e1-aefd-c0a6c017775c}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e30501-6a37-11e1-aefd-c0a6c017775c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3e30501-6a37-11e1-aefd-c0a6c017775c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f522aa9e-6a29-11e1-aefc-001f3c8ce1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{f522aa9e-6a29-11e1-aefc-001f3c8ce1ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f522aa9e-6a29-11e1-aefc-001f3c8ce1ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f522aa9f-6a29-11e1-aefc-001f3c8ce1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{f522aa9f-6a29-11e1-aefc-001f3c8ce1ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f522aa9f-6a29-11e1-aefc-001f3c8ce1ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*




Last edited by robotkilla1010 on Tue 27 Mar 2012, 12:54 pm; edited 3 times in total

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

AM I HIJACKED OTL 2/3

Post by robotkilla1010 on Tue 27 Mar 2012, 11:17 am

OTL File 2 of 3

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 20:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2012/03/22 17:18:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Laptop User\Recent
[2012/03/22 15:36:27 | 004,837,680 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Laptop User\Desktop\Speccy.exe
[2012/03/22 15:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\WIn sp3 zip dll files
[2012/03/22 15:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\win sp2
[2012/03/22 15:20:42 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2012/03/22 15:20:38 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2012/03/22 15:20:35 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2012/03/22 15:20:32 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/03/22 15:20:29 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/03/22 15:20:27 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/03/22 15:20:24 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/03/22 15:20:21 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/03/22 15:20:18 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/03/22 15:20:15 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/03/22 15:20:12 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/03/22 15:20:09 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/03/22 15:20:07 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2012/03/22 15:20:03 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/03/22 15:20:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/03/22 15:19:14 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/03/22 15:19:14 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/03/22 15:19:12 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2012/03/22 15:19:09 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2012/03/22 15:19:06 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2012/03/22 15:19:03 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/03/22 15:18:59 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2012/03/22 15:18:58 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/03/22 15:18:54 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/03/22 15:18:51 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/03/22 15:16:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/03/22 15:16:30 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2012/03/22 15:16:27 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/03/22 15:16:24 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/03/22 15:16:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2012/03/22 15:16:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/03/22 15:16:18 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2012/03/22 15:16:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/03/22 15:16:10 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2012/03/22 15:16:07 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2012/03/22 15:16:04 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2012/03/22 15:16:01 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2012/03/22 15:15:58 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2012/03/22 15:15:58 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2012/03/22 15:15:54 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/03/22 15:15:51 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/03/22 15:15:48 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/03/22 15:15:47 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2012/03/22 15:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2012/03/22 15:15:41 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2012/03/22 15:15:37 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/03/22 15:15:34 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2012/03/22 15:15:31 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2012/03/22 15:15:31 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2012/03/22 15:15:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2012/03/22 15:15:27 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/03/22 15:15:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/03/22 15:15:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/03/22 15:15:18 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2012/03/22 15:15:15 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2012/03/22 15:15:12 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2012/03/22 15:15:10 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2012/03/22 15:15:07 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2012/03/22 15:15:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2012/03/22 15:15:01 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2012/03/22 15:15:01 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2012/03/22 15:14:56 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2012/03/22 15:14:55 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2012/03/22 15:14:54 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2012/03/22 15:14:54 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2012/03/22 15:14:50 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2012/03/22 15:14:48 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2012/03/22 15:14:47 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2012/03/22 15:14:44 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/03/22 15:14:41 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2012/03/22 15:14:38 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2012/03/22 15:14:36 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2012/03/22 15:14:33 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/03/22 15:14:32 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/03/22 15:14:29 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/03/22 15:14:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2012/03/22 15:14:27 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2012/03/22 15:14:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2012/03/22 15:14:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2012/03/22 15:14:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2012/03/22 15:14:13 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2012/03/22 15:14:11 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2012/03/22 15:14:08 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2012/03/22 15:14:05 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2012/03/22 15:14:02 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2012/03/22 15:14:00 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2012/03/22 15:13:57 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2012/03/22 15:13:54 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2012/03/22 15:13:51 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2012/03/22 15:13:48 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/03/22 15:13:45 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/03/22 15:13:43 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/03/22 15:13:40 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/03/22 15:13:34 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2012/03/22 15:13:31 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2012/03/22 15:13:27 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/03/22 15:12:51 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2012/03/22 15:12:48 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2012/03/22 15:12:48 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2012/03/22 15:12:44 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/03/22 15:12:41 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/03/22 15:12:38 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2012/03/22 15:12:38 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2012/03/22 15:12:33 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/03/22 15:12:30 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2012/03/22 15:12:26 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/03/22 15:12:24 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/03/22 15:12:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2012/03/22 15:12:17 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/03/22 15:12:15 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/03/22 15:12:12 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/03/22 15:12:09 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/03/22 15:12:07 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/03/22 15:12:04 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/03/22 15:12:01 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2012/03/22 15:11:59 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2012/03/22 15:11:56 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/03/22 15:11:53 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/03/22 15:11:51 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/03/22 15:11:48 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/03/22 15:11:45 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/03/22 15:11:44 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2012/03/22 15:11:36 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2012/03/22 15:11:31 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2012/03/22 15:11:26 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2012/03/22 15:11:21 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2012/03/22 15:11:19 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2012/03/22 15:11:19 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2012/03/22 15:11:18 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2012/03/22 15:10:43 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2012/03/22 15:10:40 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2012/03/22 15:10:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2012/03/22 15:10:33 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/03/22 15:10:22 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2012/03/22 15:10:19 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2012/03/22 15:10:14 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2012/03/22 15:10:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2012/03/22 15:10:10 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2012/03/22 15:10:07 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2012/03/22 15:10:07 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/03/22 15:10:07 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/03/22 15:10:06 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2012/03/22 15:10:03 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2012/03/22 15:10:01 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2012/03/22 15:10:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2012/03/22 15:09:54 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/03/22 15:09:51 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2012/03/22 15:09:35 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2012/03/22 15:09:32 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2012/03/22 15:09:30 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2012/03/22 15:09:27 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2012/03/22 15:09:27 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2012/03/22 15:09:24 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/03/22 15:09:22 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/03/22 15:09:21 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/03/22 15:09:21 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2012/03/22 15:09:18 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/03/22 15:09:18 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/03/22 15:09:15 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/03/22 15:09:12 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2012/03/22 15:09:12 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2012/03/22 15:09:05 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/03/22 15:09:03 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/03/22 15:09:00 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/03/22 15:08:58 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/03/22 15:08:57 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2012/03/22 15:08:54 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/03/22 15:08:52 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/03/22 15:08:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2012/03/22 15:08:48 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012/03/22 15:08:47 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2012/03/22 15:08:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2012/03/22 15:08:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012/03/22 15:08:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012/03/22 15:08:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012/03/22 15:08:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012/03/22 15:08:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012/03/22 15:08:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012/03/22 15:08:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012/03/22 15:08:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012/03/22 15:08:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012/03/22 15:08:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2012/03/22 15:08:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2012/03/22 15:08:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2012/03/22 15:08:39 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2012/03/22 15:08:36 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2012/03/22 15:08:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012/03/22 15:08:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012/03/22 15:08:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012/03/22 15:08:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012/03/22 15:08:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012/03/22 15:08:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012/03/22 15:08:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012/03/22 15:08:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012/03/22 15:08:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012/03/22 15:08:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012/03/22 15:08:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012/03/22 15:08:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012/03/22 15:08:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012/03/22 15:08:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012/03/22 15:08:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012/03/22 15:08:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012/03/22 15:08:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012/03/22 15:08:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012/03/22 15:08:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2012/03/22 15:08:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2012/03/22 15:08:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2012/03/22 15:08:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2012/03/22 15:08:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2012/03/22 15:08:20 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/03/22 15:08:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2012/03/22 15:08:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2012/03/22 15:08:13 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2012/03/22 15:08:11 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2012/03/22 15:08:08 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2012/03/22 15:08:08 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys

[2012/03/22 15:08:04 | 000,045,632 | ---- | C] (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2012/03/22 15:08:01 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2012/03/22 15:07:59 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2012/03/22 15:07:58 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2012/03/22 15:07:56 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2012/03/22 15:07:54 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2012/03/22 15:07:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2012/03/22 15:07:51 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2012/03/22 15:07:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2012/03/22 15:07:49 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2012/03/22 15:07:47 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2012/03/22 15:07:46 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012/03/22 15:07:45 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012/03/22 15:07:45 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2012/03/22 15:07:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2012/03/22 15:07:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2012/03/22 15:07:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2012/03/22 15:07:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2012/03/22 15:07:34 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/03/22 15:07:31 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2012/03/22 15:07:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2012/03/22 15:07:27 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2012/03/22 15:07:24 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2012/03/22 15:07:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2012/03/22 15:07:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2012/03/22 15:07:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2012/03/22 15:07:16 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2012/03/22 15:07:13 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2012/03/22 15:07:11 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2012/03/22 15:07:09 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2012/03/22 15:07:06 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2012/03/22 15:07:04 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2012/03/22 15:07:03 | 000,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2012/03/22 15:07:03 | 000,161,020 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2012/03/22 15:07:00 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2012/03/22 15:06:58 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2012/03/22 15:06:57 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2012/03/22 15:06:57 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2012/03/22 15:06:55 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2012/03/22 15:06:47 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/03/22 15:06:43 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2012/03/22 15:06:41 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2012/03/22 15:06:39 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2012/03/22 15:06:37 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2012/03/22 15:06:35 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2012/03/22 15:06:32 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2012/03/22 15:06:30 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2012/03/22 15:06:28 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2012/03/22 15:06:26 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2012/03/22 15:06:23 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2012/03/22 15:06:21 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2012/03/22 15:06:19 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2012/03/22 15:06:16 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2012/03/22 15:06:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2012/03/22 15:06:12 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2012/03/22 15:06:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2012/03/22 15:06:08 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2012/03/22 15:06:06 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2012/03/22 15:06:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2012/03/22 15:06:01 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/03/22 15:05:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2012/03/22 15:05:53 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/03/22 15:05:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2012/03/22 15:05:44 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2012/03/22 15:05:40 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2012/03/22 15:05:37 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2012/03/22 15:05:35 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2012/03/22 15:05:35 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2012/03/22 15:05:32 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2012/03/22 15:05:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2012/03/22 15:05:27 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/03/22 15:05:24 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/03/22 15:05:22 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys

[2012/03/22 15:05:19 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2012/03/22 15:05:18 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2012/03/22 15:05:16 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2012/03/22 15:05:14 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2012/03/22 15:05:12 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2012/03/22 15:05:09 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2012/03/22 15:05:07 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/03/22 15:05:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012/03/22 15:05:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012/03/22 15:05:03 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012/03/22 15:05:02 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012/03/22 15:04:59 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2012/03/22 15:04:57 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/03/22 15:04:55 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/03/22 15:04:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2012/03/22 15:04:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012/03/22 15:04:47 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/03/22 15:04:45 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/03/22 15:04:43 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/03/22 15:04:41 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/03/22 15:04:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2012/03/22 15:04:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/03/22 15:04:36 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2012/03/22 15:04:31 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2012/03/22 15:04:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/03/22 15:01:01 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/03/22 15:00:59 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2012/03/22 15:00:57 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/03/22 15:00:55 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/03/22 15:00:53 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2012/03/22 15:00:51 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2012/03/22 15:00:50 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/03/22 15:00:50 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/03/22 15:00:48 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2012/03/22 15:00:46 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/03/22 15:00:46 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2012/03/22 15:00:44 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2012/03/22 15:00:43 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/03/22 15:00:38 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2012/03/22 15:00:37 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2012/03/22 15:00:36 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2012/03/22 15:00:34 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2012/03/22 15:00:32 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2012/03/22 15:00:30 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2012/03/22 15:00:29 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2012/03/22 15:00:27 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2012/03/22 15:00:25 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2012/03/22 15:00:24 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2012/03/22 15:00:22 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2012/03/22 15:00:20 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2012/03/22 15:00:19 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2012/03/22 15:00:17 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2012/03/22 15:00:15 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2012/03/22 15:00:13 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2012/03/22 15:00:12 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2012/03/22 15:00:11 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2012/03/22 15:00:07 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2012/03/22 15:00:05 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2012/03/22 15:00:04 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2012/03/22 15:00:03 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2012/03/22 15:00:02 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2012/03/22 15:00:00 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2012/03/22 14:59:59 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2012/03/22 14:59:58 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2012/03/22 14:59:57 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2012/03/22 14:59:56 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2012/03/22 14:59:54 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2012/03/22 14:59:53 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2012/03/22 14:59:52 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2012/03/22 14:59:51 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2012/03/22 14:59:50 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2012/03/22 14:59:49 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2012/03/22 14:59:47 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2012/03/22 14:59:47 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2012/03/22 14:59:42 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2012/03/22 14:59:41 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2012/03/22 14:59:40 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2012/03/22 14:59:37 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2012/03/22 14:59:36 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/03/22 14:59:34 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2012/03/22 14:59:32 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/03/22 14:59:31 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2012/03/22 14:59:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2012/03/22 14:59:29 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2012/03/22 14:59:29 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys

[2012/03/22 14:59:26 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/03/22 14:59:26 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2012/03/22 14:59:24 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/03/22 14:59:23 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/03/22 14:59:19 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/03/22 14:59:18 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/03/22 14:59:17 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/03/22 14:59:16 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/03/22 14:59:14 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/03/22 14:59:13 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2012/03/22 14:59:12 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2012/03/22 14:59:11 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2012/03/22 14:59:10 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2012/03/22 14:59:09 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2012/03/22 14:59:08 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2012/03/22 14:59:07 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2012/03/22 14:59:06 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2012/03/22 14:59:05 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2012/03/22 14:59:04 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2012/03/22 14:59:03 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2012/03/22 14:59:02 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2012/03/22 14:59:01 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2012/03/22 14:58:59 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2012/03/22 14:58:58 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2012/03/22 14:58:57 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/03/22 14:58:56 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/03/22 14:58:55 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2012/03/22 14:58:54 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2012/03/22 14:58:53 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/03/22 14:58:52 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2012/03/22 14:58:51 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2012/03/22 14:58:50 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2012/03/22 14:58:49 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2012/03/22 14:58:48 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2012/03/22 14:58:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2012/03/22 14:58:45 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2012/03/22 14:58:44 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2012/03/22 14:58:42 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2012/03/22 14:58:41 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2012/03/22 14:58:40 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2012/03/22 14:58:39 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2012/03/22 14:58:38 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2012/03/22 14:58:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2012/03/22 14:58:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2012/03/22 14:58:35 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2012/03/22 14:58:34 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/03/22 14:58:34 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2012/03/22 14:58:33 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/03/22 14:58:32 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/03/22 14:58:31 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/03/22 14:58:30 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/03/22 14:58:29 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/03/22 14:58:28 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/03/22 14:58:27 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/03/22 14:58:27 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll

[2012/03/22 14:58:26 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2012/03/22 14:58:25 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2012/03/22 14:58:24 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2012/03/22 14:58:22 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2012/03/22 14:58:21 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2012/03/22 14:58:20 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/03/22 14:58:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/03/22 14:58:19 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2012/03/22 14:58:18 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2012/03/22 14:58:17 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2012/03/22 14:58:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2012/03/22 14:58:17 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2012/03/22 14:58:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2012/03/22 14:58:10 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2012/03/22 14:58:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2012/03/22 14:58:08 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2012/03/22 14:58:07 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/03/22 14:58:06 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2012/03/22 14:58:05 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2012/03/22 14:58:04 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2012/03/22 14:58:04 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2012/03/22 14:58:03 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2012/03/22 14:58:01 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2012/03/22 14:58:00 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/03/22 14:57:59 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012/03/22 14:57:59 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012/03/22 14:57:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/03/22 14:57:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/03/22 14:57:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/03/22 14:57:57 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2012/03/22 14:57:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/03/22 14:57:51 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/03/22 14:57:51 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/03/22 14:57:50 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/03/22 14:57:50 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/03/22 14:57:49 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/03/22 14:57:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2012/03/22 14:57:47 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/03/22 14:57:46 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/03/22 14:57:45 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/03/22 14:57:45 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/03/22 14:57:43 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/03/22 14:57:42 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/03/22 14:57:42 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/03/22 14:57:41 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2012/03/22 14:57:41 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2012/03/22 14:57:40 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2012/03/22 14:57:39 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2012/03/22 14:57:39 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2012/03/22 14:57:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2012/03/22 14:57:37 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2012/03/22 14:57:36 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2012/03/22 14:57:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2012/03/22 14:57:35 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012/03/22 14:57:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2012/03/22 14:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\new dll files
[2012/03/22 14:57:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2012/03/22 14:57:12 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/03/22 14:57:11 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/03/22 14:57:11 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/03/22 14:57:10 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/03/22 14:57:10 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/03/22 14:57:09 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/03/22 14:57:08 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/03/22 14:57:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2012/03/22 14:57:07 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/03/22 14:57:06 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/03/22 14:57:06 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/03/22 14:57:05 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2012/03/22 14:57:05 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/03/22 14:57:04 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/03/22 14:57:04 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/03/22 14:57:03 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/03/22 14:57:02 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/03/22 14:57:01 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/03/22 14:57:01 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/03/22 14:57:00 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/03/22 14:56:59 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2012/03/22 14:56:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2012/03/22 14:56:54 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/03/22 14:56:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2012/03/22 14:56:53 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2012/03/22 14:56:53 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2012/03/22 14:56:52 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2012/03/22 14:56:51 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/03/22 14:56:50 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/03/22 14:56:50 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/03/22 14:56:49 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/03/22 14:56:49 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/03/22 14:56:48 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/03/22 14:56:48 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/03/22 14:56:47 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll

[2012/03/22 14:56:46 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2012/03/22 14:56:46 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2012/03/22 14:56:45 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2012/03/22 14:56:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2012/03/22 14:56:34 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2012/03/22 14:56:33 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2012/03/22 14:56:31 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2012/03/22 14:56:31 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2012/03/22 14:56:30 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2012/03/22 14:56:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2012/03/22 14:56:29 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2012/03/22 14:56:29 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2012/03/22 14:56:29 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2012/03/22 14:56:25 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/03/22 14:56:24 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/03/22 14:56:24 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2012/03/22 14:56:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2012/03/22 14:56:19 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/03/22 14:56:18 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2012/03/22 14:56:18 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2012/03/22 14:56:18 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2012/03/22 14:55:47 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/03/22 14:55:47 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/03/22 14:55:46 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys



Last edited by robotkilla1010 on Tue 27 Mar 2012, 12:20 pm; edited 1 time in total

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

AM I HIJACKED OTL 3/3

Post by robotkilla1010 on Tue 27 Mar 2012, 12:16 pm

OTL PT£ of 3 of 3

[2012/03/22 14:55:46 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2012/03/22 14:55:45 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/03/22 14:55:45 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2012/03/22 14:55:44 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2012/03/22 14:55:44 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2012/03/22 14:55:44 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/03/22 14:55:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2012/03/22 14:55:41 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/03/22 14:55:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/03/22 14:55:21 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2012/03/22 14:55:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2012/03/22 14:55:20 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/03/22 14:55:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2012/03/22 14:55:17 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/03/22 14:55:17 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/03/22 14:55:16 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/03/22 14:55:16 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/03/22 14:55:15 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/03/22 14:55:15 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/03/22 14:55:14 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/03/22 14:55:14 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/03/22 14:55:13 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/03/22 14:55:13 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/03/22 14:55:13 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/03/22 14:55:12 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/03/22 14:55:12 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/03/22 14:55:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2012/03/22 14:55:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/03/22 14:55:11 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/03/22 14:55:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/03/22 14:55:10 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/03/22 14:55:10 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/03/22 14:55:10 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/03/22 14:55:09 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/03/22 14:55:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2012/03/22 14:54:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/03/22 14:54:45 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2012/03/22 14:54:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2012/03/22 14:54:43 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2012/03/22 14:54:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2012/03/22 14:54:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2012/03/22 14:54:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2012/03/22 14:54:36 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2012/03/20 04:52:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\clip.exe
[2012/03/20 00:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Application Data\ElevatedDiagnostics
[2012/03/20 00:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/20 00:51:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/03/17 10:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2012/03/16 18:14:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/16 18:11:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/16 17:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\virus logs
[2012/03/16 16:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\rootkit revealer
[2012/03/16 12:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Application Data\Malwarebytes
[2012/03/16 12:58:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/16 12:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/16 12:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/16 12:58:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/16 12:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/16 12:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Application Data\SUPERAntiSpyware.com
[2012/03/16 12:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/16 12:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/16 12:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/13 14:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WebEx
[2012/03/13 14:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2012/03/09 21:54:49 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2012/03/09 21:54:49 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll
[2012/03/09 21:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DatacardService

========== Files - Modified Within 30 Days ==========

[2012/03/27 01:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/27 01:14:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1292428093-839522115-1003UA.job
[2012/03/27 01:14:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1292428093-839522115-1003Core.job
[2012/03/27 00:28:47 | 000,000,185 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2012/03/26 20:03:56 | 000,445,766 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/26 20:03:56 | 000,073,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/26 20:00:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/26 19:59:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/26 19:59:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/26 19:58:22 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2012/03/26 19:49:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/26 19:17:39 | 073,164,281 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/03/26 13:55:16 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4E96CFDD-D545-4809-ADFD-13EFD974D7FE}.job
[2012/03/22 17:20:36 | 000,145,284 | ---- | M] () -- C:\Documents and Settings\Laptop User\My Documents\cc_20120322_162012.reg
[2012/03/22 14:46:11 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Laptop User\My Documents\Default.rdp
[2012/03/20 01:38:32 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt (2).lnk
[2012/03/20 01:37:05 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Laptop User\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/20 01:37:05 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Laptop User\Desktop\Dropbox.lnk
[2012/03/19 23:35:09 | 000,075,960 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/19 23:35:07 | 016,910,600 | ---- | M] () -- C:\Documents and Settings\Laptop User\Desktop\ubuntu-11.10-desktop-i386.iso
[2012/03/19 04:00:08 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/17 10:32:22 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/17 00:12:04 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\inst.exe
[2012/03/17 00:12:04 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\pcouffin.cat
[2012/03/17 00:12:03 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Laptop User\Application Data\pcouffin.sys
[2012/03/17 00:12:03 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\pcouffin.inf
[2012/03/16 23:22:43 | 000,004,540 | ---- | M] () -- C:\WINDOWS\flash.fpr
[2012/03/16 12:22:51 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/13 14:56:25 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Recording Player.lnk
[2012/03/09 21:56:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2012/03/09 21:56:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2012/03/09 21:56:04 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012/03/09 21:55:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

========== Files Created - No Company Name ==========

[2012/03/26 19:56:46 | 000,001,822 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk
[2012/03/26 19:56:46 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\Laptop User\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/26 19:05:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/26 19:05:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/03/26 13:58:48 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/22 17:20:16 | 000,145,284 | ---- | C] () -- C:\Documents and Settings\Laptop User\My Documents\cc_20120322_162012.reg
[2012/03/22 15:15:44 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/03/22 15:15:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/03/22 15:10:40 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/03/22 15:08:48 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/03/22 15:07:44 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/03/22 15:05:59 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/03/22 15:05:55 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/03/22 15:05:51 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/03/22 15:05:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/03/22 15:05:42 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/03/22 15:05:31 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/03/22 14:59:22 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/03/22 14:59:21 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/03/22 14:59:20 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/03/22 14:56:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/03/22 14:56:38 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/03/22 14:56:37 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/03/22 14:56:36 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/03/22 14:56:36 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/03/22 14:56:35 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/03/22 14:56:35 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/03/22 14:56:34 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/03/22 14:56:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/03/22 14:56:28 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/03/22 14:46:11 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Laptop User\My Documents\Default.rdp
[2012/03/19 23:32:47 | 016,910,600 | ---- | C] () -- C:\Documents and Settings\Laptop User\Desktop\ubuntu-11.10-desktop-i386.iso
[2012/03/19 04:00:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/17 10:32:22 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/16 12:22:51 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/13 14:56:25 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Recording Player.lnk
[2012/03/09 21:56:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2012/03/09 21:56:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2012/03/09 21:56:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012/03/09 21:55:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2010/10/05 00:48:18 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >
[2010/10/26 06:06:55 | 000,016,952 | ---- | M] (Un4seen Developments) -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\1eaadjc.dll
[2010/10/26 06:06:58 | 000,018,724 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\bass.dll
[2010/10/26 06:06:55 | 000,014,392 | ---- | M] (Un4seen Developments) -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\kfgresk.dll
[2010/10/26 06:06:55 | 000,013,984 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\mjcriu.dll
[2010/10/26 06:06:55 | 000,010,808 | ---- | M] (Un4seen Developments) -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\peaadje.dll
[2010/10/26 06:06:55 | 000,026,200 | ---- | M] ((: JOBnik! [Arthur Aminov, ISRAEL]) -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\qwadjb.dll
[2010/10/26 06:06:55 | 000,015,416 | ---- | M] (Un4seen Developments) -- C:\Documents and Settings\Laptop User\Application Data\Microsoft\rsaadjd.dll

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2010/06/07 07:51:59 | 007,503,864 | ---- | M] (IObit ) -- C:\Documents and Settings\Laptop User\Desktop\asc-setup.exe
[2010/05/07 02:33:06 | 012,187,844 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Laptop User\Desktop\Free3GPVideoConverter.exe
[2010/06/25 05:38:20 | 000,562,864 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Laptop User\Desktop\GoogleEarthPluginSetup.exe
[2010/06/07 04:31:43 | 004,523,297 | ---- | M] () -- C:\Documents and Settings\Laptop User\Desktop\Password-Reset.exe
[2010/12/13 18:14:33 | 000,748,127 | ---- | M] (Macromedia, Inc.) -- C:\Documents and Settings\Laptop User\Desktop\router_eSIM_v11.exe
[2011/08/23 18:37:38 | 004,837,680 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Laptop User\Desktop\Speccy.exe
[2010/02/15 20:39:02 | 000,175,880 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Laptop User\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/06/19 04:11:42 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/06/19 04:11:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/06/19 04:11:45 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/06/19 04:11:46 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/03/17 10:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\3 Mobile Broadband
[2009/08/27 23:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/06 13:35:34 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2007/03/27 17:54:37 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2007/03/27 17:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\AMD
[2009/01/30 03:34:27 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2008/08/08 15:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2007/03/27 16:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2008/08/08 16:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/11/26 06:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Packet Tracer 5.3
[2011/10/08 15:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/03/27 16:34:28 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/12/11 04:43:38 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2007/03/27 17:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2007/04/25 18:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/08/08 17:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2007/03/27 17:10:44 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/05/07 02:34:24 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2009/05/11 01:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\FeedReader30
[2009/07/07 03:01:57 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2012/03/26 14:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/08/08 17:15:37 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/03/26 20:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2010/10/04 17:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2012/03/18 07:04:13 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/08/08 16:55:52 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/03/10 02:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/27 12:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/05/18 15:22:39 | 000,000,000 | ---D | M] -- C:\Program Files\IObitCom
[2012/03/17 00:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/10/18 17:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2009/11/27 19:06:37 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2012/03/19 22:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/08 16:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2010/04/20 03:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/09/11 12:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/03/27 16:38:42 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/09/11 12:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/05 00:46:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/07/03 13:00:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio .NET
[2008/09/11 12:30:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/03/17 10:18:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mobile Partner
[2010/08/12 02:05:09 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/03/27 00:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/10/26 05:58:03 | 000,000,000 | ---D | M] -- C:\Program Files\MP3MyMP3 3.0
[2010/04/20 02:43:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/03/27 16:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/03/27 16:34:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/04/20 02:04:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/04/20 02:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/04/20 03:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/10/05 01:05:33 | 000,000,000 | ---D | M] -- C:\Program Files\Netopia
[2008/09/25 03:48:13 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/09/10 18:17:12 | 000,000,000 | ---D | M] -- C:\Program Files\O2
[2012/03/19 03:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 23:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/04/07 00:13:39 | 000,000,000 | ---D | M] -- C:\Program Files\PKWARE
[2009/04/11 03:29:03 | 000,000,000 | ---D | M] -- C:\Program Files\pkzip
[2010/12/02 05:56:11 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/12/31 03:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/04/20 02:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/02 04:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2008/11/13 20:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2008/08/09 11:30:35 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2011/10/16 06:03:52 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2007/03/27 17:21:32 | 000,000,000 | ---D | M] -- C:\Program Files\SlySoft
[2010/05/07 03:14:13 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2010/03/23 01:45:38 | 000,000,000 | ---D | M] -- C:\Program Files\Stellarium
[2012/03/16 12:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/02/06 12:58:09 | 000,000,000 | ---D | M] -- C:\Program Files\ToniArts
[2011/10/08 15:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Trust
[2007/03/27 16:44:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/02/02 02:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/03/06 22:58:08 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/10/05 00:46:46 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2012/03/13 14:55:50 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2010/04/20 03:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/04/20 03:20:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/03/27 16:36:49 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/08/08 18:18:54 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/03/27 16:38:42 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/11/13 20:10:09 | 000,000,000 | ---D | M] -- C:\Program Files\XviD

< MD5 for: AGP440.SYS >
[2006/03/17 22:00:28 | 016,737,753 | ---- | M] () .cab file -- C:\Documents and Settings\Laptop User\My Documents\Downloads\windows XP\WINDOWS XP (D)\I386\sp2.cab:AGP440.sys
[2004/08/12 14:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/20 03:13:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/04/20 03:13:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Documents and Settings\Laptop User\Desktop\WIn sp3 zip dll files\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Documents and Settings\Laptop User\Desktop\win sp2\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/17 22:00:28 | 016,737,753 | ---- | M] () .cab file -- C:\Documents and Settings\Laptop User\My Documents\Downloads\windows XP\WINDOWS XP (D)\I386\sp2.cab:atapi.sys
[2004/08/12 14:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/20 03:13:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/04/20 03:13:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Laptop User\Desktop\WIn sp3 zip dll files\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Laptop User\Desktop\win sp2\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/12 14:17:27 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/12 14:17:27 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2006/03/17 22:00:28 | 016,737,753 | ---- | M] () .cab file -- C:\Documents and Settings\Laptop User\My Documents\Downloads\windows XP\WINDOWS XP (D)\I386\sp2.cab:disk.sys
[2004/08/12 14:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/04/20 03:13:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/04/20 03:13:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 23:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Laptop User\Desktop\win sp2\disk.sys
[2004/08/12 14:18:39 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 20:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\Documents and Settings\Laptop User\Desktop\WIn sp3 zip dll files\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2004/08/12 14:36:15 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/12 14:24:31 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/19 04:11:46 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/19 04:11:46 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/19 04:11:46 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/19 04:11:42 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/19 04:11:42 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/19 04:11:42 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/21 12:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/21 12:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/21 12:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/20 12:29:11 | 000,634,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/06/08 15:11:50 | 005,110,568 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/06/08 15:11:50 | 005,110,568 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/06/08 15:11:50 | 005,110,568 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/06/08 15:11:50 | 005,110,568 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/19 04:11:46 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/19 04:11:46 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/19 04:11:46 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/19 04:11:42 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/19 04:11:42 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/19 04:11:42 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/21 12:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/21 12:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/21 12:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/20 12:29:11 | 000,634,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/06/08 15:11:50 | 005,110,568 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/06/08 15:11:50 | 005,110,568 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/06/08 15:11:50 | 005,110,568 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/06/08 15:11:50 | 005,110,568 | ---- | M] (Apple Inc.)

< End of report >


robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by robotkilla1010 on Tue 27 Mar 2012, 12:18 pm

EXTRAS FILE

OTL Extras logfile created on: 27/03/2012 01:45:20 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Laptop User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.49 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 74.10% Memory free
6.82 Gb Paging File | 5.80 Gb Available in Paging File | 85.02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 22.10 Gb Free Space | 29.66% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Laptop User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Cisco Packet Tracer 5.3\bin\PacketTracer5.exe" = C:\Program Files\Cisco Packet Tracer 5.3\bin\PacketTracer5.exe:*:Disabled:PacketTracer5 -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Laptop User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Laptop User\Application Data\Dropbox\bin\Dropbox.exe:*:Disabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE" = C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Disabled:Microsoft (R) Visual Studio VSA RPC Event Creator -- (Microsoft Corporation)
"C:\Documents and Settings\Laptop User\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\Laptop User\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3436DDF8-D043-4CF0-902B-FF4A3225C8CB}" = SecureZIP for Windows 12.30.0016
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C6FCC1-8C36-4E08-B598-700CAE3489FE}" = Network Recording Player
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937DD47C-BFAC-4E41-9B1F-E1051F0779AE}" = Trust Webcam Live
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AnyDVD" = AnyDVD
"AVG8Uninstall" = AVG Free 8.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"Cisco Packet Tracer 5.3_is1" = Cisco Packet Tracer 5.3
"CloneCD" = CloneCD
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Europages 2007" = Europages 2007
"FeedReader_is1" = FeedReader
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"HTML Help Workshop" = HTML Help Workshop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{937DD47C-BFAC-4E41-9B1F-E1051F0779AE}" = Trust Webcam Live
"InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"IObitCom Toolbar" = IObitCom Toolbar
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MP3MyMP3_is1" = MP3MyMP3 3.0
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Stellarium_is1" = Stellarium 0.10.2
"uTorrent" = µTorrent
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 0.9.8a
"WampServer 2_is1" = WampServer 2.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.2.6.1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/01/2012 04:32:23 | Computer Name = DELL | Source = STacSV | ID = 268435455
Description =

Error - 11/02/2012 14:47:47 | Computer Name = DELL | Source = STacSV | ID = 268435455
Description =

Error - 26/03/2012 14:06:51 | Computer Name = DELL | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 26/03/2012 13:55:29 | Computer Name = DELL | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 26/03/2012 14:05:42 | Computer Name = DELL | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 26/03/2012 14:09:02 | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 26/03/2012 14:16:18 | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 26/03/2012 14:35:11 | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1c99377942a6a2e
with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 26/03/2012 14:52:04 | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/03/2012 17:09:18 | Computer Name = DELL | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 26/03/2012 17:09:18 | Computer Name = DELL | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 26/03/2012 17:09:20 | Computer Name = DELL | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 26/03/2012 17:09:20 | Computer Name = DELL | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by robotkilla1010 on Tue 27 Mar 2012, 12:28 pm

ASWMBR Output file

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 02:22:00
-----------------------------
02:22:00.515 OS Version: Windows 5.1.2600 Service Pack 3
02:22:00.515 Number of processors: 1 586 0x1601
02:22:00.515 ComputerName: DELL UserName:
02:22:01.375 Initialize success
02:23:57.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
02:23:57.406 Disk 0 Vendor: TOSHIBA_MK8046GSX LB313D Size: 76319MB BusType: 3
02:23:57.437 Disk 0 MBR read successfully
02:23:57.437 Disk 0 MBR scan
02:23:57.437 Disk 0 Windows VISTA default MBR code
02:23:57.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
02:23:57.437 Disk 0 scanning sectors +156296385
02:23:57.531 Disk 0 scanning C:\WINDOWS\system32\drivers
02:24:13.328 Service scanning
02:24:34.500 Modules scanning
02:24:47.312 Disk 0 trace - called modules:
02:24:47.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
02:24:47.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b4afab8]
02:24:47.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b525d98]
02:24:47.687 Scan finished successfully
02:25:33.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Laptop User\My Documents\Downloads\MBR.dat"
02:25:33.937 The log file has been saved successfully to "C:\Documents and Settings\Laptop User\My Documents\Downloads\aswMBR.txt"


robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

AM I HIJACKED 317 Security Check

Post by robotkilla1010 on Tue 27 Mar 2012, 12:45 pm

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 8.5
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
CCleaner (remove only)
Java(TM) 6 Update 30
Java version out of date!
Adobe Flash Player 10.1.102.64 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.0.7) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by Superdave on Wed 28 Mar 2012, 4:31 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by robotkilla1010 on Wed 28 Mar 2012, 8:37 pm

Hi Superdave,

Thanks for your help.

Here is the SAS log.

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 03/28/2012 at 10:29 AM

Application Version : 4.48.1000

Core Rules Database Version : 8206
Trace Rules Database Version: 6018

Scan type : Complete Scan
Total Scan Time : 02:06:12

Memory items scanned : 542
Memory threats detected : 0
Registry items scanned : 7653
Registry threats detected : 0
File items scanned : 187002
File threats detected : 40

Adware.Tracking Cookie
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
accounts.google.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.accounts.google.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.accounts.google.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\cookies.sqlite ]

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by robotkilla1010 on Thu 29 Mar 2012, 12:33 am

MBAM LOG
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.03.28.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Laptop User :: DELL [administrator]

Protection: Enabled

28/03/2012 10:55:16
mbam-log-2012-03-28 (10-55-16).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 400815
Time elapsed: 2 hour(s), 14 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Laptop User\Application Data\Thinstall\Fireworks\4000003e00002i\igfxsrvc.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.

(end)

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by robotkilla1010 on Thu 29 Mar 2012, 12:40 am

DDS.txt log


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_30
Run by Laptop User at 14:34:09 on 2012-03-28
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.3574.2709 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PAC7311_Monitor] c:\windows\pixart\pac7311\Monitor.exe
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\laptop~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\laptop user\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\pkware\pkzipm\12.30.0016\PKTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7E035440-8BCC-4F6C-A796-5869DFEFBC95} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C5E32C25-8AD3-4F52-82BC-5D70E6A0800C} : NameServer = 12.125.163.250,223.12.112.116
TCP: Interfaces\{F0110438-7CE7-4023-AEB7-688A3E0C059A} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laptop user\application data\mozilla\firefox\profiles\nraigjg5.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\laptop user\application data\mozilla\firefox\profiles\nraigjg5.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\laptop user\application data\mozilla\firefox\profiles\nraigjg5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Fotofox: [You must be registered and logged in to see this link.] - %profile%\extensions\fotofox@mozilla.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: GoogleTube: [You must be registered and logged in to see this link.] - %profile%\extensions\googletube@googletube.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Status-bar Scientific Calculator: ststusscicalc@sunny - %profile%\extensions\ststusscicalc@sunny
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: CSS Validator: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09} - %profile%\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: EditCSS: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2} - %profile%\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
FF - Ext: ImageBot: {55009080-176f-11da-8cd6-0800200c9a66} - %profile%\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
FF - Ext: Font Finder: [You must be registered and logged in to see this link.] - %profile%\extensions\fontfinder@bendodson.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: View Source In Dreamweaver: {432b7585-862d-4384-9340-b66a5e426dca} - %profile%\extensions\{432b7585-862d-4384-9340-b66a5e426dca}
FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-8 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-27 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-8 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-13 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-13 297752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-8 108032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]
S0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-3-27 3456]
S2 gupdate1c99377942a6a2e;Google Update Service (gupdate1c99377942a6a2e);c:\program files\google\update\GoogleUpdate.exe [2009-2-20 133104]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-8-8 37296]
S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -n --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-20 133104]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys --> c:\windows\system32\drivers\ew_jucdcacm.sys [?]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys --> c:\windows\system32\drivers\ew_jucdcecm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys --> c:\windows\system32\drivers\ew_juextctrl.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-12 14336]
S3 PAC7311;Trust Webcam Live;c:\windows\system32\drivers\PA707UCM.SYS [2007-3-14 449024]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
.
=============== Created Last 30 ================
.
2012-03-28 07:18:15 -------- d-----w- c:\documents and settings\laptop user\application data\SUPERAntiSpyware.com
2012-03-28 07:17:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 18:36:57 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-03-26 18:36:56 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2012-03-26 18:36:56 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-03-26 18:36:54 233472 -c----w- c:\windows\system32\dllcache\webcheck.dll
2012-03-26 18:36:53 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-03-26 18:36:52 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2012-03-26 18:36:52 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2012-03-26 18:36:49 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2012-03-26 18:36:39 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-03-26 18:33:11 1860096 -c----w- c:\windows\system32\dllcache\win32k.sys
2012-03-26 18:32:28 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2012-03-26 18:32:16 293376 -c----w- c:\windows\system32\dllcache\winsrv.dll
2012-03-26 18:32:07 176128 -c----w- c:\windows\system32\dllcache\winmm.dll
2012-03-26 18:05:02 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-26 18:05:02 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-22 14:19:14 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-03-22 14:19:14 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2012-03-22 14:19:12 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2012-03-22 14:19:09 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2012-03-22 14:19:06 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2012-03-22 14:19:03 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2012-03-22 14:18:59 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2012-03-22 14:18:58 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2012-03-22 14:18:54 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-03-22 14:18:51 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-03-22 14:16:39 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2012-03-22 14:16:30 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-03-22 14:16:27 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-03-22 14:16:24 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2012-03-22 14:16:21 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2012-03-22 14:16:18 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2012-03-22 14:16:18 16384 -c--a-w- c:\windows\system32\dllcache\quser.exe
2012-03-22 14:16:17 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2012-03-22 14:16:10 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2012-03-22 14:16:07 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2012-03-22 14:16:04 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2012-03-22 14:16:01 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2012-03-22 14:14:56 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-03-22 14:13:57 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-03-22 14:13:54 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-03-22 14:13:51 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-03-22 14:13:48 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-03-22 14:13:45 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-03-22 14:13:43 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-03-22 14:13:40 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-03-22 14:13:34 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-03-22 14:13:31 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-03-22 14:13:27 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-03-22 14:11:59 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2012-03-22 14:11:56 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2012-03-22 14:11:53 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2012-03-22 14:11:51 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2012-03-22 14:11:48 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-03-22 14:11:45 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2012-03-22 14:11:44 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2012-03-22 14:11:36 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2012-03-22 14:11:31 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-03-22 14:11:26 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-03-22 14:11:21 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-03-22 14:11:19 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-03-22 14:11:18 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-03-22 14:09:54 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2012-03-22 14:08:58 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-03-22 14:07:59 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2012-03-22 14:06:58 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2012-03-22 14:05:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2012-03-22 14:04:59 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-03-22 14:01:01 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2012-03-22 13:59:59 153631 -c--a-w- c:\windows\system32\dllcache\el90xnd5.sys
2012-03-22 13:58:59 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll
2012-03-22 13:57:59 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2012-03-22 13:56:59 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2012-03-22 13:55:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2012-03-22 13:54:53 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-03-22 13:54:45 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2012-03-22 13:54:44 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2012-03-22 13:54:43 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2012-03-22 13:54:42 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2012-03-22 13:54:42 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2012-03-22 13:54:41 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-03-20 03:52:55 26624 ----a-w- c:\windows\clip.exe
2012-03-19 23:53:01 -------- d-----w- c:\documents and settings\laptop user\application data\ElevatedDiagnostics
2012-03-17 09:41:09 -------- d-----w- c:\program files\3 Mobile Broadband
2012-03-16 11:58:30 -------- d-----w- c:\documents and settings\laptop user\application data\Malwarebytes
2012-03-16 11:58:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-16 11:58:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 11:58:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-16 11:22:59 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-13 13:55:49 -------- d-----w- c:\program files\WebEx
2012-03-09 20:54:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-03-09 20:54:49 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-03-09 20:54:11 -------- d-----w- c:\documents and settings\all users\application data\DatacardService
.
==================== Find3M ====================
.
2012-03-16 23:12:04 87608 -c--a-w- c:\documents and settings\laptop user\application data\inst.exe
2012-03-16 23:12:03 47360 -c--a-w- c:\documents and settings\laptop user\application data\pcouffin.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-01-30 00:18:24 19750864 -c--a-w- c:\program files\15307_01.exe
2009-01-28 22:49:47 22260008 -c--a-w- c:\program files\SkypeSetup.exe
.
============= FINISH: 14:35:59.84 ===============

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by robotkilla1010 on Thu 29 Mar 2012, 12:46 am


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 27/03/2007 16:41:14
System Uptime: 28/03/2012 14:26:45 (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel Pentium II processor | Microprocessor | 1994/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 21.785 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10218086&REV_02\4&AB208E&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10218086&REV_02\4&AB208E&0&00E1
Service: NETw4x32
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP737: 02/02/2012 01:54:04 - System Checkpoint
RP738: 03/02/2012 18:12:35 - System Checkpoint
RP739: 04/02/2012 18:59:24 - System Checkpoint
RP740: 05/02/2012 19:12:44 - System Checkpoint
RP741: 07/02/2012 16:07:29 - System Checkpoint
RP742: 08/02/2012 19:46:51 - System Checkpoint
RP743: 10/02/2012 18:00:09 - System Checkpoint
RP744: 12/02/2012 20:10:38 - System Checkpoint
RP745: 13/02/2012 21:35:01 - System Checkpoint
RP746: 14/02/2012 22:45:11 - System Checkpoint
RP747: 16/02/2012 17:07:41 - System Checkpoint
RP748: 17/02/2012 18:01:45 - System Checkpoint
RP749: 18/02/2012 22:45:01 - System Checkpoint
RP750: 22/02/2012 17:48:44 - System Checkpoint
RP751: 23/02/2012 23:39:21 - System Checkpoint
RP752: 27/02/2012 18:58:15 - System Checkpoint
RP753: 29/02/2012 19:25:04 - System Checkpoint
RP754: 01/03/2012 22:36:05 - System Checkpoint
RP755: 02/03/2012 23:40:16 - System Checkpoint
RP756: 05/03/2012 00:05:02 - System Checkpoint
RP757: 06/03/2012 00:14:55 - System Checkpoint
RP758: 08/03/2012 22:24:02 - System Checkpoint
RP759: 10/03/2012 04:37:39 - Removed mobile broadband
RP760: 10/03/2012 04:40:13 - Removed mobile broadband
RP761: 10/03/2012 04:41:20 - Installed mobile broadband
RP762: 10/03/2012 05:11:15 - Removed mobile broadband
RP763: 10/03/2012 05:13:20 - Installed mobile broadband
RP764: 10/03/2012 05:18:18 - Removed mobile broadband
RP765: 10/03/2012 11:03:34 - Installed mobile broadband
RP766: 10/03/2012 11:41:34 - Removed mobile broadband
RP767: 10/03/2012 11:42:50 - Installed mobile broadband
RP768: 10/03/2012 18:39:07 - Removed mobile broadband
RP769: 11/03/2012 16:11:02 - Installed mobile broadband
RP770: 11/03/2012 16:16:32 - Removed mobile broadband
RP771: 11/03/2012 16:17:44 - Installed mobile broadband
RP772: 11/03/2012 16:23:55 - Removed mobile broadband
RP773: 11/03/2012 16:27:00 - Installed mobile broadband
RP774: 11/03/2012 16:38:03 - Removed mobile broadband
RP775: 11/03/2012 17:49:43 - Installed mobile broadband
RP776: 12/03/2012 18:56:09 - System Checkpoint
RP777: 13/03/2012 13:55:48 - Installed Network Recording Player
RP778: 14/03/2012 22:53:51 - System Checkpoint
RP779: 15/03/2012 22:02:49 - Removed mobile broadband
RP780: 15/03/2012 22:16:03 - Installed 3Connect
RP781: 16/03/2012 01:53:58 - Removed 3Connect
RP782: 16/03/2012 23:14:36 - Removed iTunes
RP783: 16/03/2012 23:15:31 - Removed J2SE Runtime Environment 5.0 Update 6
RP784: 17/03/2012 02:47:23 - Removed Apple Software Update
RP785: 17/03/2012 04:55:31 - Installed 3Connect
RP786: 17/03/2012 09:25:41 - Removed 3Connect
RP787: 17/03/2012 09:41:09 - Installed 3Connect
RP788: 18/03/2012 05:32:36 - Removed 3Connect
RP789: 18/03/2012 05:34:12 - Removed 3Connect
RP790: 18/03/2012 06:04:13 - Installed 3Connect
RP791: 18/03/2012 06:15:54 - Removed 3Connect
RP792: 18/03/2012 06:26:34 - Removed Skype Click to Call
RP793: 19/03/2012 15:08:26 - System Checkpoint
RP794: 19/03/2012 22:12:36 - Installed 3Connect
RP795: 19/03/2012 23:51:51 - Installed %1 %2.
RP796: 20/03/2012 03:37:12 - Removed 3Connect
RP797: 20/03/2012 03:41:43 - Installed 3Connect
RP798: 22/03/2012 10:18:09 - System Checkpoint
RP799: 22/03/2012 16:21:49 - Removed 3Connect
RP800: 23/03/2012 16:41:43 - System Checkpoint
RP801: 26/03/2012 14:01:40 - Removed Microsoft Visual C++ 2005 Redistributable
RP802: 26/03/2012 19:39:47 - Software Distribution Service 3.0
RP803: 27/03/2012 00:35:30 - OTL Restore Point - 27/03/2012 00:35:24
RP804: 27/03/2012 03:00:16 - Software Distribution Service 3.0
RP805: 28/03/2012 13:36:42 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 3
AMD Processor Driver
AnyDVD
ArcSoft VideoImpression 2
µTorrent
AVG Free 8.5
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
CCScore
Cisco Packet Tracer 5.3
CloneCD
Conexant HDA D110 MDC V.92 Modem
Conexant HDA D330 MDC V.92 Modem
Connect
Dell Resource CD
Dell Wireless WLAN Card
Digimax Master
Dropbox
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Europages 2007
FeedReader
fflink
FileZilla Client 3.2.6.1
Free 3GP Video Converter version 3.4
getPlus(R) for Adobe
Google Chrome
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTML Help Workshop
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
IObitCom Toolbar
Java Auto Updater
Java(TM) 6 Update 30
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
kuler
Magic ISO Maker v5.5 (build 0265)
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0.7)
MP3MyMP3 3.0
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mWMI
mZConfig
Nero 6 Ultra Edition
netbrdg
Network Recording Player
OfotoXMI
Oracle Data Provider for .NET Help
Oracle Database 10g Express Edition
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
PowerDVD
RealPlayer
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Samsung USB Driver
SecureZIP for Windows 12.30.0016
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
SigmaTel Audio
skin0001
SKINXSDK
Skype™ 5.5
Sony Ericsson PC Suite 1.20.173
staticcr
Stellarium 0.10.2
Suite Shared Configuration CS4
SUPERAntiSpyware
tooltips
Trust Webcam Live
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 0.9.8a
VPRINTOL
WampServer 2.0
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
XviD 1.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
28/03/2012 14:27:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ACPIEC atiide
28/03/2012 10:44:06, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/03/2012 10:43:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
26/03/2012 19:52:04, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
26/03/2012 19:05:42, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
26/03/2012 18:55:29, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
22/03/2012 05:40:24, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
22/03/2012 05:35:00, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate1c99377942a6a2e with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by robotkilla1010 on Thu 29 Mar 2012, 12:50 am

Hi Sperdave, i performed the dds scan whilst i was still connected to the internet.

Should i re perform that scan now, offline??


robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by robotkilla1010 on Thu 29 Mar 2012, 12:56 am

DDS performed offline


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 27/03/2007 16:41:14
System Uptime: 28/03/2012 14:26:45 (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel Pentium II processor | Microprocessor | 1994/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 21.785 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10218086&REV_02\4&AB208E&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10218086&REV_02\4&AB208E&0&00E1
Service: NETw4x32
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP737: 02/02/2012 01:54:04 - System Checkpoint
RP738: 03/02/2012 18:12:35 - System Checkpoint
RP739: 04/02/2012 18:59:24 - System Checkpoint
RP740: 05/02/2012 19:12:44 - System Checkpoint
RP741: 07/02/2012 16:07:29 - System Checkpoint
RP742: 08/02/2012 19:46:51 - System Checkpoint
RP743: 10/02/2012 18:00:09 - System Checkpoint
RP744: 12/02/2012 20:10:38 - System Checkpoint
RP745: 13/02/2012 21:35:01 - System Checkpoint
RP746: 14/02/2012 22:45:11 - System Checkpoint
RP747: 16/02/2012 17:07:41 - System Checkpoint
RP748: 17/02/2012 18:01:45 - System Checkpoint
RP749: 18/02/2012 22:45:01 - System Checkpoint
RP750: 22/02/2012 17:48:44 - System Checkpoint
RP751: 23/02/2012 23:39:21 - System Checkpoint
RP752: 27/02/2012 18:58:15 - System Checkpoint
RP753: 29/02/2012 19:25:04 - System Checkpoint
RP754: 01/03/2012 22:36:05 - System Checkpoint
RP755: 02/03/2012 23:40:16 - System Checkpoint
RP756: 05/03/2012 00:05:02 - System Checkpoint
RP757: 06/03/2012 00:14:55 - System Checkpoint
RP758: 08/03/2012 22:24:02 - System Checkpoint
RP759: 10/03/2012 04:37:39 - Removed mobile broadband
RP760: 10/03/2012 04:40:13 - Removed mobile broadband
RP761: 10/03/2012 04:41:20 - Installed mobile broadband
RP762: 10/03/2012 05:11:15 - Removed mobile broadband
RP763: 10/03/2012 05:13:20 - Installed mobile broadband
RP764: 10/03/2012 05:18:18 - Removed mobile broadband
RP765: 10/03/2012 11:03:34 - Installed mobile broadband
RP766: 10/03/2012 11:41:34 - Removed mobile broadband
RP767: 10/03/2012 11:42:50 - Installed mobile broadband
RP768: 10/03/2012 18:39:07 - Removed mobile broadband
RP769: 11/03/2012 16:11:02 - Installed mobile broadband
RP770: 11/03/2012 16:16:32 - Removed mobile broadband
RP771: 11/03/2012 16:17:44 - Installed mobile broadband
RP772: 11/03/2012 16:23:55 - Removed mobile broadband
RP773: 11/03/2012 16:27:00 - Installed mobile broadband
RP774: 11/03/2012 16:38:03 - Removed mobile broadband
RP775: 11/03/2012 17:49:43 - Installed mobile broadband
RP776: 12/03/2012 18:56:09 - System Checkpoint
RP777: 13/03/2012 13:55:48 - Installed Network Recording Player
RP778: 14/03/2012 22:53:51 - System Checkpoint
RP779: 15/03/2012 22:02:49 - Removed mobile broadband
RP780: 15/03/2012 22:16:03 - Installed 3Connect
RP781: 16/03/2012 01:53:58 - Removed 3Connect
RP782: 16/03/2012 23:14:36 - Removed iTunes
RP783: 16/03/2012 23:15:31 - Removed J2SE Runtime Environment 5.0 Update 6
RP784: 17/03/2012 02:47:23 - Removed Apple Software Update
RP785: 17/03/2012 04:55:31 - Installed 3Connect
RP786: 17/03/2012 09:25:41 - Removed 3Connect
RP787: 17/03/2012 09:41:09 - Installed 3Connect
RP788: 18/03/2012 05:32:36 - Removed 3Connect
RP789: 18/03/2012 05:34:12 - Removed 3Connect
RP790: 18/03/2012 06:04:13 - Installed 3Connect
RP791: 18/03/2012 06:15:54 - Removed 3Connect
RP792: 18/03/2012 06:26:34 - Removed Skype Click to Call
RP793: 19/03/2012 15:08:26 - System Checkpoint
RP794: 19/03/2012 22:12:36 - Installed 3Connect
RP795: 19/03/2012 23:51:51 - Installed %1 %2.
RP796: 20/03/2012 03:37:12 - Removed 3Connect
RP797: 20/03/2012 03:41:43 - Installed 3Connect
RP798: 22/03/2012 10:18:09 - System Checkpoint
RP799: 22/03/2012 16:21:49 - Removed 3Connect
RP800: 23/03/2012 16:41:43 - System Checkpoint
RP801: 26/03/2012 14:01:40 - Removed Microsoft Visual C++ 2005 Redistributable
RP802: 26/03/2012 19:39:47 - Software Distribution Service 3.0
RP803: 27/03/2012 00:35:30 - OTL Restore Point - 27/03/2012 00:35:24
RP804: 27/03/2012 03:00:16 - Software Distribution Service 3.0
RP805: 28/03/2012 13:36:42 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 3
AMD Processor Driver
AnyDVD
ArcSoft VideoImpression 2
µTorrent
AVG Free 8.5
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
CCScore
Cisco Packet Tracer 5.3
CloneCD
Conexant HDA D110 MDC V.92 Modem
Conexant HDA D330 MDC V.92 Modem
Connect
Dell Resource CD
Dell Wireless WLAN Card
Digimax Master
Dropbox
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Europages 2007
FeedReader
fflink
FileZilla Client 3.2.6.1
Free 3GP Video Converter version 3.4
getPlus(R) for Adobe
Google Chrome
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTML Help Workshop
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
IObitCom Toolbar
Java Auto Updater
Java(TM) 6 Update 30
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
kuler
Magic ISO Maker v5.5 (build 0265)
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0.7)
MP3MyMP3 3.0
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mWMI
mZConfig
Nero 6 Ultra Edition
netbrdg
Network Recording Player
OfotoXMI
Oracle Data Provider for .NET Help
Oracle Database 10g Express Edition
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
PowerDVD
RealPlayer
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Samsung USB Driver
SecureZIP for Windows 12.30.0016
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
SigmaTel Audio
skin0001
SKINXSDK
Skype™ 5.5
Sony Ericsson PC Suite 1.20.173
staticcr
Stellarium 0.10.2
Suite Shared Configuration CS4
SUPERAntiSpyware
tooltips
Trust Webcam Live
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 0.9.8a
VPRINTOL
WampServer 2.0
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
XviD 1.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
28/03/2012 14:27:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ACPIEC atiide
28/03/2012 10:44:06, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/03/2012 10:43:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
26/03/2012 19:52:04, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
26/03/2012 19:05:42, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
26/03/2012 18:55:29, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
22/03/2012 05:40:24, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
22/03/2012 05:35:00, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate1c99377942a6a2e with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by robotkilla1010 on Thu 29 Mar 2012, 12:59 am


2nd DDS Scan performed offline.
contents off Attached.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 27/03/2007 16:41:14
System Uptime: 28/03/2012 14:26:45 (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel Pentium II processor | Microprocessor | 1994/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 21.785 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10218086&REV_02\4&AB208E&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10218086&REV_02\4&AB208E&0&00E1
Service: NETw4x32
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP737: 02/02/2012 01:54:04 - System Checkpoint
RP738: 03/02/2012 18:12:35 - System Checkpoint
RP739: 04/02/2012 18:59:24 - System Checkpoint
RP740: 05/02/2012 19:12:44 - System Checkpoint
RP741: 07/02/2012 16:07:29 - System Checkpoint
RP742: 08/02/2012 19:46:51 - System Checkpoint
RP743: 10/02/2012 18:00:09 - System Checkpoint
RP744: 12/02/2012 20:10:38 - System Checkpoint
RP745: 13/02/2012 21:35:01 - System Checkpoint
RP746: 14/02/2012 22:45:11 - System Checkpoint
RP747: 16/02/2012 17:07:41 - System Checkpoint
RP748: 17/02/2012 18:01:45 - System Checkpoint
RP749: 18/02/2012 22:45:01 - System Checkpoint
RP750: 22/02/2012 17:48:44 - System Checkpoint
RP751: 23/02/2012 23:39:21 - System Checkpoint
RP752: 27/02/2012 18:58:15 - System Checkpoint
RP753: 29/02/2012 19:25:04 - System Checkpoint
RP754: 01/03/2012 22:36:05 - System Checkpoint
RP755: 02/03/2012 23:40:16 - System Checkpoint
RP756: 05/03/2012 00:05:02 - System Checkpoint
RP757: 06/03/2012 00:14:55 - System Checkpoint
RP758: 08/03/2012 22:24:02 - System Checkpoint
RP759: 10/03/2012 04:37:39 - Removed mobile broadband
RP760: 10/03/2012 04:40:13 - Removed mobile broadband
RP761: 10/03/2012 04:41:20 - Installed mobile broadband
RP762: 10/03/2012 05:11:15 - Removed mobile broadband
RP763: 10/03/2012 05:13:20 - Installed mobile broadband
RP764: 10/03/2012 05:18:18 - Removed mobile broadband
RP765: 10/03/2012 11:03:34 - Installed mobile broadband
RP766: 10/03/2012 11:41:34 - Removed mobile broadband
RP767: 10/03/2012 11:42:50 - Installed mobile broadband
RP768: 10/03/2012 18:39:07 - Removed mobile broadband
RP769: 11/03/2012 16:11:02 - Installed mobile broadband
RP770: 11/03/2012 16:16:32 - Removed mobile broadband
RP771: 11/03/2012 16:17:44 - Installed mobile broadband
RP772: 11/03/2012 16:23:55 - Removed mobile broadband
RP773: 11/03/2012 16:27:00 - Installed mobile broadband
RP774: 11/03/2012 16:38:03 - Removed mobile broadband
RP775: 11/03/2012 17:49:43 - Installed mobile broadband
RP776: 12/03/2012 18:56:09 - System Checkpoint
RP777: 13/03/2012 13:55:48 - Installed Network Recording Player
RP778: 14/03/2012 22:53:51 - System Checkpoint
RP779: 15/03/2012 22:02:49 - Removed mobile broadband
RP780: 15/03/2012 22:16:03 - Installed 3Connect
RP781: 16/03/2012 01:53:58 - Removed 3Connect
RP782: 16/03/2012 23:14:36 - Removed iTunes
RP783: 16/03/2012 23:15:31 - Removed J2SE Runtime Environment 5.0 Update 6
RP784: 17/03/2012 02:47:23 - Removed Apple Software Update
RP785: 17/03/2012 04:55:31 - Installed 3Connect
RP786: 17/03/2012 09:25:41 - Removed 3Connect
RP787: 17/03/2012 09:41:09 - Installed 3Connect
RP788: 18/03/2012 05:32:36 - Removed 3Connect
RP789: 18/03/2012 05:34:12 - Removed 3Connect
RP790: 18/03/2012 06:04:13 - Installed 3Connect
RP791: 18/03/2012 06:15:54 - Removed 3Connect
RP792: 18/03/2012 06:26:34 - Removed Skype Click to Call
RP793: 19/03/2012 15:08:26 - System Checkpoint
RP794: 19/03/2012 22:12:36 - Installed 3Connect
RP795: 19/03/2012 23:51:51 - Installed %1 %2.
RP796: 20/03/2012 03:37:12 - Removed 3Connect
RP797: 20/03/2012 03:41:43 - Installed 3Connect
RP798: 22/03/2012 10:18:09 - System Checkpoint
RP799: 22/03/2012 16:21:49 - Removed 3Connect
RP800: 23/03/2012 16:41:43 - System Checkpoint
RP801: 26/03/2012 14:01:40 - Removed Microsoft Visual C++ 2005 Redistributable
RP802: 26/03/2012 19:39:47 - Software Distribution Service 3.0
RP803: 27/03/2012 00:35:30 - OTL Restore Point - 27/03/2012 00:35:24
RP804: 27/03/2012 03:00:16 - Software Distribution Service 3.0
RP805: 28/03/2012 13:36:42 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 3
AMD Processor Driver
AnyDVD
ArcSoft VideoImpression 2
µTorrent
AVG Free 8.5
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
CCScore
Cisco Packet Tracer 5.3
CloneCD
Conexant HDA D110 MDC V.92 Modem
Conexant HDA D330 MDC V.92 Modem
Connect
Dell Resource CD
Dell Wireless WLAN Card
Digimax Master
Dropbox
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Europages 2007
FeedReader
fflink
FileZilla Client 3.2.6.1
Free 3GP Video Converter version 3.4
getPlus(R) for Adobe
Google Chrome
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTML Help Workshop
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
IObitCom Toolbar
Java Auto Updater
Java(TM) 6 Update 30
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
kuler
Magic ISO Maker v5.5 (build 0265)
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0.7)
MP3MyMP3 3.0
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mWMI
mZConfig
Nero 6 Ultra Edition
netbrdg
Network Recording Player
OfotoXMI
Oracle Data Provider for .NET Help
Oracle Database 10g Express Edition
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
PowerDVD
RealPlayer
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Samsung USB Driver
SecureZIP for Windows 12.30.0016
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
SigmaTel Audio
skin0001
SKINXSDK
Skype™ 5.5
Sony Ericsson PC Suite 1.20.173
staticcr
Stellarium 0.10.2
Suite Shared Configuration CS4
SUPERAntiSpyware
tooltips
Trust Webcam Live
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 0.9.8a
VPRINTOL
WampServer 2.0
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
XviD 1.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
28/03/2012 14:27:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ACPIEC atiide
28/03/2012 10:44:06, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/03/2012 10:43:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
26/03/2012 19:52:04, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
26/03/2012 19:05:42, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
26/03/2012 18:55:29, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
22/03/2012 05:40:24, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
22/03/2012 05:35:00, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate1c99377942a6a2e with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by Superdave on Thu 29 Mar 2012, 5:30 am

You logs are squeaky clean. What's make you think there's something wrong with the computer?

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

AM I UN-HIJACKED ?? ;)

Post by robotkilla1010 on Thu 29 Mar 2012, 10:45 am

Cheers SuperDave, I owe you an ice cold Trois Pistoles ;)

I Think these infections were propogated by an infected USB Broadband stick, with compromised firmware. i have another machine with similar infections, but i am just going to perform a clean install on that one.

There is a folder from the USB stick called Birdstep technology, Sub folder, easy connect that i cannot remove. i deleted the content files.
I deleted all the programes that were installed from the stick.

Do i need to purge the registry? is there a free registry clean uo tool?

I am currently using AVG Anti Virus 8.5 ver.
is this sufficiant or should i change AV ?
Any recomendations?

Thanks again for your help.
Rory

robotkilla1010

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2012-03-24
Operating System : XP Pro

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by Superdave on Thu 29 Mar 2012, 12:09 pm

Do i need to purge the registry? is there a free registry clean uo tool?
I am currently using AVG Anti Virus 8.5 ver.
is this sufficiant or should i change AV ?
Any recomendations?
Please stay away from the registry. There's no need to do any cleaning there. As for AV's I prefer MicroSoft Security Essentials because it is not an resource hog like some others and it updates automatically with no hassles. It's free to all registered Windows users.

Panda USB and AutoRun Vaccine

Insert your flash drive before we begin. Hold down the Shift key when inserting the flash drive until Windows detects it to bypass the autorun feature. This will keep the autorun.inf from executing automatically.

Download Panda USB and AutoRun Vaccine and save it to your desktop.

* Extract (unzip) the file to your desktop and a folder named USBVaccine will be created.
* Open that folder and double-click on USBVaccine.exe to start the program.
* Click Run
* Click the button to Vaccinate computer.
* Insert your USB flash drive.
* When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
* Exit Panda USB and AutoRun Vaccine when done.

Note: Computer AutoRun Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
*************************************************
Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: AMI HIJACKED?? OTL File 1 /3

Post by Sponsored content Today at 6:23 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum