also @ TechSpot: IBM's Watson conquers Jeopardy, cancer and now customer service

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Possible virus.patchload.o Infection?

Discussion in 'Virus and Malware Removal' started by wisconsin, Dec 25, 2011.

Post New Reply

Page 3 of 5

wisconsin Newcomer, in training Posts: 45

ComboFix 11-12-28.03 - OEM 12/29/2011 13:33:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1392 [GMT 13:00]
Running from: c:\documents and settings\OEM\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OEM\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP"
"c:\windows\SETB4.tmp"
"c:\windows\SETB7.tmp"
"c:\windows\SETC3.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-28 02:33 . 2011-12-28 02:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-28 01:52 . 2003-03-24 03:52 82035 -c--a-w- c:\windows\system32\dllcache\fp4anscp.dll
2011-12-28 01:52 . 2003-03-24 03:52 49210 -c--a-w- c:\windows\system32\dllcache\fp4areg.dll
2011-12-28 01:52 . 2003-03-24 03:52 147513 -c--a-w- c:\windows\system32\dllcache\fp4apws.dll
2011-12-28 01:52 . 2004-05-12 11:39 184435 -c--a-w- c:\windows\system32\dllcache\fp4amsft.dll
2011-12-28 01:52 . 2008-04-13 16:41 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2011-12-28 01:52 . 2003-03-24 03:52 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe
2011-12-28 01:52 . 2003-03-24 03:52 20540 -c--a-w- c:\windows\system32\dllcache\author.dll
2011-12-28 01:52 . 2003-03-24 03:52 16439 -c--a-w- c:\windows\system32\dllcache\author.exe
2011-12-28 01:52 . 2008-04-13 16:41 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2011-12-28 01:52 . 2008-04-13 16:41 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-12-28 01:52 . 2003-03-24 03:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2011-12-28 01:52 . 2003-03-24 03:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2011-12-28 01:50 . 2001-08-23 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-12-28 01:35 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-12-28 01:35 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-12-28 01:35 . 2008-04-13 18:34 16535 ----a-r- c:\windows\SETC3.tmp
2011-12-28 01:35 . 2008-04-13 18:34 1088840 ----a-r- c:\windows\SETB7.tmp
2011-12-28 01:35 . 2008-04-13 18:40 1296669 ----a-r- c:\windows\SETB4.tmp
2011-12-27 14:49 . 2011-12-27 14:49 -------- d-----w- C:\_OTL
2011-12-18 01:23 . 2011-12-18 01:23 110080 ----a-r- c:\documents and settings\OEM\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconD7F16134.exe
2011-12-18 01:23 . 2011-12-18 01:23 110080 ----a-r- c:\documents and settings\OEM\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconCF33A0CE.exe
2011-12-18 01:23 . 2011-12-18 01:23 110080 ----a-r- c:\documents and settings\OEM\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconF7A21AF7.exe
2011-12-18 01:23 . 2011-12-18 01:24 -------- d-----w- C:\sh4ldr
2011-12-18 01:23 . 2011-12-18 01:23 -------- d-----w- c:\program files\Enigma Software Group
2011-12-18 01:21 . 2011-12-18 01:23 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-12-18 01:21 . 2011-12-18 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-12-18 00:15 . 2011-12-18 00:15 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-12-17 21:49 . 2011-12-17 22:22 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\adawaretb
2011-12-17 19:31 . 2011-12-17 21:41 -------- d-----w- c:\documents and settings\OEM\Application Data\MediaWmplay
2011-12-11 22:08 . 2011-12-11 22:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 22:08 . 2011-08-31 04:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 21:22 . 2011-12-11 18:02 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-11 20:55 . 2011-12-11 18:02 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-11 17:55 . 2011-12-11 17:55 -------- d-----w- c:\documents and settings\OEM\Local Settings\Application Data\adaware
2011-12-11 17:55 . 2011-12-11 17:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2011-12-11 17:55 . 2011-12-11 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-12-11 17:55 . 2011-12-11 17:55 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-11 17:55 . 2011-12-18 01:51 -------- d-----w- c:\documents and settings\OEM\Application Data\adawaretb
2011-12-11 17:54 . 2011-12-11 17:55 -------- d-----w- c:\program files\adawaretb
2011-12-11 17:54 . 2011-12-01 18:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-11 17:54 . 2011-12-11 17:54 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 05:20 . 2008-10-08 18:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-11 19:57 . 2011-05-15 20:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-11-29 19:15 86696 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ADSL_A2"="A2Installed" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2011-10-10 4712864]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
.
c:\documents and settings\OEM\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ADSL Diagnostic Tools.LNK - c:\windows\system32\mapiicon.exe [2001-10-5 377856]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Phoenix Viewer\\SLVoice.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\METAbolt\\METAbolt Auto Updater.exe"=
"c:\\Program Files\\METAbolt\\METAbolt.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
"c:\\Program Files\\Phoenix Viewer\\SLPlugin.exe"=
"c:\\Program Files\\Phoenix Viewer\\PhoenixViewer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Ad-Aware Browsing Protection\\adawarebp.exe"=
"c:\\Documents and Settings\\OEM\\Desktop\\SpyHunter-Installer.exe"=
"c:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter4.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/12/2011 6:54 AM 64512]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [9/19/2010 12:07 PM 20328]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/29/2011 12:49 PM 2152152]
R3 itexadsla2;ITeX ADSL PCI NIC Service;c:\windows\system32\drivers\TBCIwana.sys [10/5/2001 6:00 PM 432640]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [1/28/2009 2:36 PM 59776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:21 AM 135664]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE --> c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [?]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [1/28/2009 2:36 PM 19456]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [1/28/2009 2:36 PM 9600]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [3/31/2011 5:59 PM 23456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:21 AM 135664]
S3 HVWINDR.SYS;HVWINDR.SYS;c:\documents and settings\OEM\Desktop\hVC Alpha 2\hvwindr.sys [8/1/2009 3:10 PM 205220]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/2/2011 7:49 AM 15232]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [9/17/2009 6:27 PM 24416]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 5:42 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-01 18:02]
.
2011-12-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-30 04:16]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:21]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 13:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(484)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2232)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-29 13:49:07
ComboFix-quarantined-files.txt 2011-12-29 00:49
ComboFix2.txt 2011-12-29 00:06
.
Pre-Run: 2,962,817,024 bytes free
Post-Run: 2,951,348,224 bytes free
.
- - End Of File - - C4A432BD666EE7EEFD0336BE73911B55

wisconsin, Dec 28, 2011

#41
Broni Malware Annihilator Posts: 39,324 +175

Good.

See if you can reestablish your internet connection.

Broni, Dec 28, 2011

#42
wisconsin Newcomer, in training Posts: 45

Okay, will do. I think it's a simple forgotten password issue and I will need to contact my ISP Help Desk to check that out. If it's something more sinister, I will come back to you to help with that too!

wisconsin, Dec 28, 2011

#43
Broni Malware Annihilator Posts: 39,324 +175

Very well because at this point we really need your computer to be connected.

Broni, Dec 28, 2011

#44
wisconsin Newcomer, in training Posts: 45

Okay, the infected computer is connected back to the matrix.

wisconsin, Dec 28, 2011

#45

Broni Malware Annihilator Posts: 39,324 +175

Whatever "matrix" is....LOL

1. Re-run Combofix one more time. Allow recovery console installation. Post new log

2. Update MBAM, run "Quick scan". Post its log.

3. Let me know how computer is doing.

4. Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Broni, Dec 28, 2011

#46

wisconsin Newcomer, in training Posts: 45

ComboFix 11-12-28.03 - OEM 12/29/2011 16:39:40.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1443 [GMT 13:00]
Running from: c:\documents and settings\OEM\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-28 02:33 . 2011-12-28 02:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-28 01:52 . 2003-03-24 03:52 82035 -c--a-w- c:\windows\system32\dllcache\fp4anscp.dll
2011-12-28 01:52 . 2003-03-24 03:52 49210 -c--a-w- c:\windows\system32\dllcache\fp4areg.dll
2011-12-28 01:52 . 2003-03-24 03:52 147513 -c--a-w- c:\windows\system32\dllcache\fp4apws.dll
2011-12-28 01:52 . 2004-05-12 11:39 184435 -c--a-w- c:\windows\system32\dllcache\fp4amsft.dll
2011-12-28 01:52 . 2008-04-13 16:41 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2011-12-28 01:52 . 2003-03-24 03:52 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe
2011-12-28 01:52 . 2003-03-24 03:52 20540 -c--a-w- c:\windows\system32\dllcache\author.dll
2011-12-28 01:52 . 2003-03-24 03:52 16439 -c--a-w- c:\windows\system32\dllcache\author.exe
2011-12-28 01:52 . 2008-04-13 16:41 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2011-12-28 01:52 . 2008-04-13 16:41 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-12-28 01:52 . 2003-03-24 03:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2011-12-28 01:52 . 2003-03-24 03:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2011-12-28 01:50 . 2001-08-23 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-12-28 01:35 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-12-28 01:35 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-12-28 01:35 . 2008-04-13 18:34 16535 ----a-r- c:\windows\SETC3.tmp
2011-12-28 01:35 . 2008-04-13 18:34 1088840 ----a-r- c:\windows\SETB7.tmp
2011-12-28 01:35 . 2008-04-13 18:40 1296669 ----a-r- c:\windows\SETB4.tmp
2011-12-27 14:49 . 2011-12-27 14:49 -------- d-----w- C:\_OTL
2011-12-18 01:23 . 2011-12-18 01:23 110080 ----a-r- c:\documents and settings\OEM\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconD7F16134.exe
2011-12-18 01:23 . 2011-12-18 01:23 110080 ----a-r- c:\documents and settings\OEM\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconCF33A0CE.exe
2011-12-18 01:23 . 2011-12-18 01:23 110080 ----a-r- c:\documents and settings\OEM\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconF7A21AF7.exe
2011-12-18 01:23 . 2011-12-18 01:24 -------- d-----w- C:\sh4ldr
2011-12-18 01:23 . 2011-12-18 01:23 -------- d-----w- c:\program files\Enigma Software Group
2011-12-18 01:21 . 2011-12-18 01:23 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-12-18 01:21 . 2011-12-18 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-12-18 00:15 . 2011-12-18 00:15 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-12-17 21:49 . 2011-12-17 22:22 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\adawaretb
2011-12-17 19:31 . 2011-12-17 21:41 -------- d-----w- c:\documents and settings\OEM\Application Data\MediaWmplay
2011-12-11 22:08 . 2011-12-11 22:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 22:08 . 2011-08-31 04:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 21:22 . 2011-12-11 18:02 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-11 20:55 . 2011-12-11 18:02 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-11 17:55 . 2011-12-11 17:55 -------- d-----w- c:\documents and settings\OEM\Local Settings\Application Data\adaware
2011-12-11 17:55 . 2011-12-11 17:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2011-12-11 17:55 . 2011-12-11 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-12-11 17:55 . 2011-12-11 17:55 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-11 17:55 . 2011-12-18 01:51 -------- d-----w- c:\documents and settings\OEM\Application Data\adawaretb
2011-12-11 17:54 . 2011-12-11 17:55 -------- d-----w- c:\program files\adawaretb
2011-12-11 17:54 . 2011-12-01 18:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-11 17:54 . 2011-12-11 17:54 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 05:20 . 2008-10-08 18:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-11 19:57 . 2011-05-15 20:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-11-29 19:15 86696 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ADSL_A2"="A2Installed" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2011-10-10 4712864]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
.
c:\documents and settings\OEM\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ADSL Diagnostic Tools.LNK - c:\windows\system32\mapiicon.exe [2001-10-5 377856]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Phoenix Viewer\\SLVoice.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\METAbolt\\METAbolt Auto Updater.exe"=
"c:\\Program Files\\METAbolt\\METAbolt.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
"c:\\Program Files\\Phoenix Viewer\\SLPlugin.exe"=
"c:\\Program Files\\Phoenix Viewer\\PhoenixViewer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Ad-Aware Browsing Protection\\adawarebp.exe"=
"c:\\Documents and Settings\\OEM\\Desktop\\SpyHunter-Installer.exe"=
"c:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter4.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/12/2011 6:54 AM 64512]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [9/19/2010 12:07 PM 20328]
R3 itexadsla2;ITeX ADSL PCI NIC Service;c:\windows\system32\drivers\TBCIwana.sys [10/5/2001 6:00 PM 432640]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [1/28/2009 2:36 PM 59776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:21 AM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/29/2011 12:49 PM 2152152]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE --> c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [?]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [1/28/2009 2:36 PM 19456]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [1/28/2009 2:36 PM 9600]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [3/31/2011 5:59 PM 23456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:21 AM 135664]
S3 HVWINDR.SYS;HVWINDR.SYS;c:\documents and settings\OEM\Desktop\hVC Alpha 2\hvwindr.sys [8/1/2009 3:10 PM 205220]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [9/17/2009 6:27 PM 24416]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 5:42 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-01 18:02]
.
2011-12-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-30 04:16]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:21]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{D60D6B9F-6E55-4AC7-803F-BB70AD7BCE1F}: NameServer = 202.27.158.40 202.27.156.72
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 16:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(480)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-29 16:52:42
ComboFix-quarantined-files.txt 2011-12-29 03:52
ComboFix2.txt 2011-12-29 00:49
ComboFix3.txt 2011-12-29 00:06
.
Pre-Run: 2,919,034,880 bytes free
Post-Run: 2,908,983,296 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7BE461E2E39F7ED193C407779E67B88D

wisconsin, Dec 28, 2011

#47
wisconsin Newcomer, in training Posts: 45

MBAM still does not run with the same error message as noted last time. Should I delete the current installation of MBAM and reinstall?

The computer appears to be behaving okay thus far which doesn't fill me with a great deal of conidence, given all the nasty stuff you have been finding so far.

I haven't run the OTL step yet while I await your thoughts on the MBAM failure.

wisconsin, Dec 28, 2011

#48
Broni Malware Annihilator Posts: 39,324 +175
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

If still same problem....

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Double-click SUPERAntiSpyware.exe and use the default settings for installation.

An icon will be created on your desktop. Double-click that icon to launch the program.

Super should automatically the program definitions. If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)

Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

Open SUPERAntiSpyware.

Click on "Preferences" button.

Click the "Scanning Control" tab.

Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Click the "Home" button to leave the control center screen.

Back on the main screen checkmark "Complete scan" and click "Scan your computer".

Click "Next" to start the scan. Please be patient while it scans your computer.

After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

Make sure everything has a checkmark next to it and click "Next".

A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

If asked if you want to reboot, click "Yes".

To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Copy and paste the Scan Log results in your next reply.

Click Close to exit the program.

Post SUPERAntiSpyware log.
Broni, Dec 28, 2011

#49
wisconsin Newcomer, in training Posts: 45

I have attempted to download MBAM from the link you provided. It redirects me to

http://majorgeeks.com/download.php?det=5756

and fails to download.

wisconsin, Dec 28, 2011

#50
Broni Malware Annihilator Posts: 39,324 +175

Try here: http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Broni, Dec 28, 2011

#51
Broni Malware Annihilator Posts: 39,324 +175

Just in case uploaded it for you here: http://www.filedropper.com/mbam-setup-16001800

Broni, Dec 28, 2011

#52
wisconsin Newcomer, in training Posts: 45

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
OEM :: OEM-D6C1D17F45D [administrator]

12/30/2011 7:35:05 AM
mbam-log-2011-12-30 (07-39-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 157411
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini (Backdoor.ZAccess) -> No action taken.

(end)

wisconsin, Dec 29, 2011

#53
wisconsin Newcomer, in training Posts: 45

Although the MBAM log above doesn't show it, I hit the button to remove the file detected and restarted the computer as per MBAM's request to do so.

Should I run the OTL step now?

wisconsin, Dec 29, 2011

#54
Broni Malware Annihilator Posts: 39,324 +175

Re-run MBAM so I can see that entry is gone.

Then go with OTL.

Broni, Dec 29, 2011

#55
wisconsin Newcomer, in training Posts: 45

Here is the log from re-running MBAM. I am surpirised at how quickly MBAM runs the scan now. It was taking 15 minutes or more before I sought your assistance. Now it is a shade over 4 minutes to complete.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
OEM :: OEM-D6C1D17F45D [administrator]

12/30/2011 9:12:21 AM
mbam-log-2011-12-30 (09-12-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 157024
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

wisconsin, Dec 29, 2011

#56
wisconsin Newcomer, in training Posts: 45

Here is the OTL file ... I didn't get a second file named Etras.txt? I followed your steps to the letter as outlined above.

OTL logfile created on: 12/30/2011 9:32:29 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\OEM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.89% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 2.71 Gb Free Space | 7.27% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 0.56 Gb Free Space | 1.51% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 0.41 Gb Free Space | 1.09% Space Free | Partition Type: NTFS

Computer Name: OEM-D6C1D17F45D | User Name: OEM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 09:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Desktop\OTL.exe
PRC - [2011/12/29 12:56:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2011/12/29 12:49:07 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/12/12 07:02:03 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/11/15 12:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/02/26 16:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2001/10/05 18:00:00 | 000,377,856 | ---- | M] (ITeX INC.) -- C:\WINDOWS\system32\mapiicon.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/12 08:28:49 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/12/12 07:02:26 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/12/12 07:02:22 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/12/12 06:55:23 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/12/11 13:00:30 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/12/11 12:58:36 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/12/11 12:45:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/12/11 12:45:24 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/12/11 12:44:31 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/12/11 12:39:41 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/12/11 12:39:15 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/12/02 07:49:14 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/11/30 08:15:56 | 000,086,696 | ---- | M] () -- C:\Program Files\adawaretb\adawareDx.dll
MOD - [2011/11/01 09:28:02 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/02 09:43:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/11/02 09:43:04 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2010/11/02 09:43:04 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2010/11/02 09:43:04 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2010/11/02 09:43:04 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2010/11/02 09:43:03 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/11/02 09:43:03 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010/11/02 09:43:03 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/11/02 09:43:03 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010/11/02 09:43:03 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/11/02 09:43:03 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/11/02 09:43:03 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/11/02 09:43:03 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/11/02 09:43:03 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/11/02 09:43:03 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/11/02 09:43:03 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/11/02 09:43:03 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/11/02 09:43:02 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/11/02 09:43:02 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010/11/02 09:43:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/11/02 09:43:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/11/02 09:43:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010/11/02 09:43:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3693.42470__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll
MOD - [2010/11/02 09:43:01 | 001,036,288 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3693.42473__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll
MOD - [2010/11/02 09:43:01 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3693.42472__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll
MOD - [2010/11/02 09:42:59 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/11/02 09:42:59 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010/11/02 09:42:59 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/11/02 09:42:59 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010/11/02 09:42:59 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/11/02 09:42:59 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/11/02 09:42:59 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/11/02 09:42:59 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/11/02 09:42:59 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/11/02 09:42:59 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/11/02 09:42:59 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/11/02 09:42:59 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/11/02 09:42:59 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/11/02 09:42:59 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/11/02 09:42:59 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/11/02 09:42:58 | 000,086,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Dashboard\2.0.3693.42562__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Dashboard.dll
MOD - [2010/11/02 09:42:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/11/02 09:42:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Runtime\2.0.3693.42562__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Runtime.dll
MOD - [2010/11/02 09:42:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/11/02 09:42:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/11/02 09:42:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/11/02 09:42:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/11/02 09:42:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/11/02 09:42:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/11/02 09:42:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/11/02 09:42:58 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/11/02 09:42:57 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/11/02 09:42:57 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/11/02 09:42:57 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/11/02 09:42:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/11/02 09:42:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/11/02 09:42:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/11/02 09:42:56 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/11/02 09:42:56 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/11/02 09:42:56 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/11/02 09:42:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/11/02 09:42:56 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/11/02 09:42:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/11/02 09:42:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/11/02 09:42:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/11/02 09:42:56 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/11/02 09:42:56 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/11/02 09:42:56 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/11/02 09:42:55 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/11/02 09:42:55 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/11/02 09:42:55 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/11/02 09:42:55 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/11/02 09:42:55 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/11/02 09:42:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/11/02 09:42:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/11/02 09:42:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/11/02 09:42:55 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/11/02 09:42:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/11/02 09:42:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/11/02 09:42:54 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010/11/02 09:42:54 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll
MOD - [2010/11/02 09:42:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/11/02 09:42:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/11/02 09:42:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/11/24 13:36:36 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SpyHunter 4 Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/29 12:56:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2011/12/29 12:49:07 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

========== Driver Services (SafeList) ==========

DRV - [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/03/31 17:59:36 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/07/09 14:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/09/17 18:45:27 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2008/08/21 17:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/14 05:51:44 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 22:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2006/04/20 15:20:22 | 000,019,456 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2006/04/20 14:50:34 | 000,059,776 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2006/04/20 14:49:26 | 000,009,600 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2004/03/19 20:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 09:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/06/09 03:44:32 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/09 03:44:22 | 000,494,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/06/09 03:42:28 | 000,819,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/02/21 19:28:22 | 000,205,220 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\OEM\Desktop\hVC Alpha 2\hvwindr.sys -- (HVWINDR.SYS)
DRV - [2001/10/05 18:00:00 | 000,432,640 | ---- | M] (ITeX) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBCIwana.sys -- (itexadsla2)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2000/07/24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\OEM\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\OEM\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\OEM\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/29 12:58:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ADSL_A2] A2Installed File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe (ITeX INC.)
O4 - Startup: C:\Documents and Settings\OEM\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267652763921 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D60D6B9F-6E55-4AC7-803F-BB70AD7BCE1F}: NameServer = 202.27.158.40 202.27.156.72
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/09 15:08:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 07:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data\Malwarebytes
[2011/12/30 07:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 07:33:27 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/30 07:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/30 07:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/30 07:31:25 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/29 17:34:29 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\OEM\Desktop\mbam-clean.exe
[2011/12/29 16:52:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/29 16:33:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/29 10:41:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/29 10:41:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/29 10:41:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/29 10:41:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/29 10:41:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/29 10:40:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 10:34:59 | 004,354,974 | R--- | C] (Swearware) -- C:\Documents and Settings\OEM\Desktop\ComboFix.exe
[2011/12/28 18:15:27 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OEM\Desktop\tdsskiller.exe
[2011/12/28 17:31:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\OEM\Start Menu\Programs\Administrative Tools
[2011/12/28 17:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Desktop\New Folder
[2011/12/28 17:03:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\OEM\Desktop\dds.scr
[2011/12/28 15:00:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/12/28 03:49:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/18 14:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Start Menu\Programs\SpyHunter
[2011/12/18 14:23:31 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/12/18 14:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/18 14:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/12/18 14:15:15 | 000,706,976 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\OEM\Desktop\SpyHunter-Installer.exe
[2011/12/18 11:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/12/18 11:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/12/18 08:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data\MediaWmplay
[2011/12/12 10:38:44 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/12 09:55:13 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/12 06:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Local Settings\Application Data\adaware
[2011/12/12 06:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/12/12 06:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/12/12 06:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data\adawaretb
[2011/12/12 06:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/12/12 06:54:52 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/12/12 06:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/12 06:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

wisconsin, Dec 29, 2011

#57
wisconsin Newcomer, in training Posts: 45

========== Files - Modified Within 30 Days ==========

[2011/12/30 09:37:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/30 09:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Desktop\OTL.exe
[2011/12/30 08:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 08:57:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 07:51:19 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/30 07:51:00 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/12/30 07:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 07:33:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 07:31:25 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/29 17:34:29 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\OEM\Desktop\mbam-clean.exe
[2011/12/29 16:33:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/29 12:58:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/29 12:32:29 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/29 12:32:29 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/29 10:29:34 | 004,354,974 | R--- | M] (Swearware) -- C:\Documents and Settings\OEM\Desktop\ComboFix.exe
[2011/12/29 07:53:40 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\RKUnhookerLE.EXE
[2011/12/28 18:09:00 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OEM\Desktop\tdsskiller.exe
[2011/12/28 17:53:32 | 000,455,503 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\DummyCreator.zip
[2011/12/28 16:57:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\OEM\Desktop\dds.scr
[2011/12/28 16:55:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\gzgn8iqy.exe
[2011/12/28 15:03:01 | 000,502,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/28 15:03:01 | 000,088,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/28 15:00:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/28 15:00:15 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/28 14:57:42 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/12/28 14:52:21 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/12/28 14:52:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/28 14:52:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/28 14:52:05 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/28 14:48:35 | 000,023,376 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/28 14:46:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/28 14:40:53 | 000,001,398 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ ADSL PCI NIC.lnk
[2011/12/28 14:40:39 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ADSL Diagnostic Tools.LNK
[2011/12/26 08:45:04 | 000,562,929 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/12/18 14:23:45 | 000,001,969 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\SpyHunter.lnk
[2011/12/18 14:15:15 | 000,706,976 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\OEM\Desktop\SpyHunter-Installer.exe
[2011/12/18 13:01:40 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/12/18 12:51:42 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\WinPrefetchView.cfg
[2011/12/18 11:13:19 | 000,506,880 | ---- | M] () -- C:\Documents and Settings\OEM\My Documents\Ramones.pub
[2011/12/14 17:17:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/14 17:17:12 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\OEM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 16:12:35 | 000,044,504 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\winprefetchview.zip
[2011/12/12 10:38:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/12 07:02:31 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/12 07:02:29 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/12/12 06:52:41 | 012,406,784 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\Ad-Aware96Install.msi
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 07:33:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 16:33:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/29 16:33:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/29 10:41:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/29 10:41:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/29 10:41:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/29 10:41:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/29 10:41:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/29 08:03:57 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\RKUnhookerLE.EXE
[2011/12/28 18:00:32 | 000,455,503 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\DummyCreator.zip
[2011/12/28 17:03:33 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\gzgn8iqy.exe
[2011/12/28 14:40:39 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ADSL Diagnostic Tools.LNK
[2011/12/28 14:35:38 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/12/28 14:35:38 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/12/28 14:35:38 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/12/28 14:35:38 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/12/28 14:35:37 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/12/28 14:35:37 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/12/28 14:35:37 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/12/28 14:35:37 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/12/28 14:35:37 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/12/28 14:35:37 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/12/28 14:35:37 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/12/28 14:35:37 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/12/28 14:35:37 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/12/28 14:35:37 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/12/28 14:35:37 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/12/28 14:35:37 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/12/28 14:35:36 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/12/28 14:35:36 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/12/18 14:23:45 | 000,001,969 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\SpyHunter.lnk
[2011/12/18 11:13:18 | 000,506,880 | ---- | C] () -- C:\Documents and Settings\OEM\My Documents\Ramones.pub
[2011/12/18 08:31:25 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/18 08:31:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/14 17:07:22 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\WinPrefetchView.cfg
[2011/12/14 16:12:34 | 000,044,504 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\winprefetchview.zip
[2011/12/12 10:22:18 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/12/12 06:52:40 | 012,406,784 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\Ad-Aware96Install.msi
[2011/08/25 19:09:34 | 000,233,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/28 18:17:43 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\OEM\Local Settings\Application Data\Databases.db
[2010/10/27 17:43:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2010/10/25 07:54:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/10/25 07:54:25 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/10/24 15:51:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/19 10:02:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\captureur.ini
[2010/03/22 08:37:12 | 001,072,989 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2010/03/22 08:37:12 | 000,002,474 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/09/16 17:20:03 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\mywebhit.ini
[2009/08/01 14:09:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Dvbpws.dll
[2009/04/20 11:03:52 | 000,009,030 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2009/04/20 11:03:43 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/20 11:03:28 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\bd2040.dat
[2009/04/18 10:31:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2009/04/18 10:31:01 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2009/04/18 10:31:01 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2009/04/18 10:31:01 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/04/18 10:31:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/04/18 10:30:59 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/04/18 10:23:47 | 000,000,241 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/02/06 12:03:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/06 11:56:43 | 000,251,970 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2009/02/06 11:56:43 | 000,189,490 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2009/02/06 11:56:43 | 000,114,972 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2009/02/06 11:56:43 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/11/15 11:44:01 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\OEM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/10 10:48:45 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/10/10 06:12:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/10/10 06:06:39 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/10/10 06:06:27 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/10/10 06:06:26 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/10/10 06:06:25 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/10/10 06:06:25 | 000,174,818 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/10 03:23:08 | 000,000,791 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/09 15:12:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/09 15:03:58 | 000,023,376 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/09 07:55:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/09 07:54:01 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/06 10:14:13 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2008/04/14 18:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/15 01:06:21 | 000,202,240 | R--- | C] () -- C:\WINDOWS\System32\UnInst.exe
[2004/01/15 01:06:20 | 000,211,456 | R--- | C] () -- C:\WINDOWS\System32\DllMapi8.exe
[2004/01/15 01:06:20 | 000,151,040 | R--- | C] () -- C:\WINDOWS\System32\DllMapi6.exe
[2004/01/15 01:06:20 | 000,147,968 | R--- | C] () -- C:\WINDOWS\System32\DllMapi7.exe
[2004/01/15 01:06:20 | 000,133,632 | R--- | C] () -- C:\WINDOWS\System32\dllmapi2.exe
[2004/01/15 01:06:20 | 000,002,430 | ---- | C] () -- C:\WINDOWS\System32\AdslCfg.ini
[2001/08/24 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/24 01:00:00 | 000,502,534 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/24 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/24 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/24 01:00:00 | 000,088,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/24 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/24 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/24 01:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/24 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/12/12 06:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2009/01/08 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/12/29 17:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\adawaretb
[2011/12/17 09:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\MailWasherPro
[2011/12/18 10:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\MediaWmplay
[2011/11/22 08:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\METAbolt
[2011/01/28 10:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\Opera
[2011/10/27 14:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\SecondLife
[2011/10/24 12:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\T-App
[2011/12/30 07:51:19 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/12/30 07:50:49 | 000,014,561 | ---- | M] () -- C:\aaw7boot.log
[2008/10/09 15:08:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/12/28 14:46:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/29 16:33:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/29 16:52:43 | 000,013,284 | ---- | M] () -- C:\ComboFix.txt
[2008/10/09 15:08:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/10/09 15:08:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/09 15:08:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/09/17 18:30:27 | 000,000,116 | ---- | M] () -- C:\myDelm.bat
[2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/28 04:10:42 | 000,054,762 | ---- | M] () -- C:\OTL.Txt
[2011/12/30 07:50:50 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/12/28 18:19:45 | 000,051,138 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_28.12.2011_18.15.52_log.txt
[2011/10/24 15:04:41 | 000,000,139 | ---- | M] () -- C:\test.ini
[2009/08/05 11:40:04 | 000,000,024 | ---- | M] () -- C:\url_history.xml

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/12/28 14:51:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/07 01:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 23:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/12/29 03:33:12 | 003,932,160 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/12/28 13:02:40 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2011/12/29 03:33:12 | 032,243,712 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/12/29 03:33:12 | 005,242,880 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/12/28 14:52:32 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/10/09 15:16:49 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\OEM\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/10/09 15:16:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\OEM\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/10/13 12:20:46 | 023,454,528 | ---- | M] ( ) -- C:\Documents and Settings\OEM\Desktop\AdbeRdr812_en_US.exe
[2011/12/29 10:29:34 | 004,354,974 | R--- | M] (Swearware) -- C:\Documents and Settings\OEM\Desktop\ComboFix.exe
[2011/10/01 10:58:11 | 001,552,078 | ---- | M] (Toshiyuki Masui ) -- C:\Documents and Settings\OEM\Desktop\Gyazo-1.0.exe
[2011/12/28 16:55:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\gzgn8iqy.exe
[2011/12/29 17:34:29 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\OEM\Desktop\mbam-clean.exe
[2011/12/12 10:38:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/30 07:31:25 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/30 09:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Desktop\OTL.exe
[2011/12/29 07:53:40 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\RKUnhookerLE.EXE
[2011/12/18 14:15:15 | 000,706,976 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\OEM\Desktop\SpyHunter-Installer.exe
[2011/12/28 18:09:00 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OEM\Desktop\tdsskiller.exe
[2010/09/01 23:17:02 | 000,043,520 | ---- | M] (NirSoft) -- C:\Documents and Settings\OEM\Desktop\WinPrefetchView.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/10/09 15:16:47 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\OEM\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/30 09:31:06 | 000,622,592 | ---- | M] () -- C:\Documents and Settings\OEM\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 05:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[1 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/02 23:37:24 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 19:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/03 03:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 19:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/15 01:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/08/24 01:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2001/08/24 01:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2001/08/24 01:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 19:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 19:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

wisconsin, Dec 29, 2011

#58
Broni Malware Annihilator Posts: 39,324 +175

Go on.......

Broni, Dec 29, 2011

#59
wisconsin Newcomer, in training Posts: 45

Go on, you've lost me?

wisconsin, Dec 29, 2011

#60

Page 3 of 5

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.