Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Re-Direct


  • This topic is locked This topic is locked
2 replies to this topic

#1 maier58

maier58

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 03 October 2010 - 07:52 AM

I keep getting re-directed to various advertisement websites when I select websites after a google/yahoo etc. search. The unique thing about my re-direct problem is that if I re-hit the google/yahoo search button a second time after being redirected and select the same website I do get sent to the correct website.

I've tried Malwarebytes, Spybot, Trend Micro Housecall and several other programs but all tell me I have nothing wrong/can't find any problems. My Virus software in Norton and it is up to date and receiving auto updates.

I posted this problem previously, but I didn't respond in time and the topic was closed (a thousand appologies!). Any help would be greatly appreciated.

In the response to the previous post that expired, I was instructed to download and run the OTL program and post the two logs. I did that this morning and the logs are attached.

OTL.txt
OTL logfile created on: 10/3/2010 8:18:06 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\My Documents\download\bleeping computer
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

751.00 Mb Total Physical Memory | 350.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 28.36 Gb Free Space | 39.75% Space Free | Partition Type: NTFS
Drive D: | 3.16 Gb Total Space | 1.13 Gb Free Space | 35.76% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIER58
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 360 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/03 07:58:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\download\bleeping computer\OTL.exe
PRC - [2010/05/07 08:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/05/07 08:36:08 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 21:38:21 | 001,629,184 | ---- | M] (Juno, Inc.) -- C:\Program Files\Juno\exec.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe
PRC - [2005/05/09 13:55:07 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2010/10/03 07:58:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\download\bleeping computer\OTL.exe
MOD - [2008/04/13 20:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/07 08:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)
SRV - [2005/05/09 13:55:07 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/03/30 17:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2010/09/28 20:20:09 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20101002.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/28 20:20:09 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20101002.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/31 18:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/13 20:27:00 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100930.005\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 23:26:21 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 23:26:21 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/11/15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/06/27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/06/16 15:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/05/09 14:08:07 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/03/31 09:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 08:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 08:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 08:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 08:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/10/27 17:57:38 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/06/12 06:27:18 | 000,051,712 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/01/10 05:28:18 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2003/03/14 00:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2002/05/10 10:26:34 | 000,333,184 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/05/01 21:05:00 | 000,009,088 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2245624556-126218589-602344379-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2245624556-126218589-602344379-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-2245624556-126218589-602344379-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2245624556-126218589-602344379-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2245624556-126218589-602344379-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\ [2010/05/25 19:03:12 | 000,000,000 | ---D | M]

[2010/06/23 22:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/23 22:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/06/15 17:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/09/05 11:37:28 | 000,417,094 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14418 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-21-2245624556-126218589-602344379-1003..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe (Juno, Inc.)
O4 - HKU\S-1-5-21-2245624556-126218589-602344379-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2245624556-126218589-602344379-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..Trusted Domains: cogentid.com ([www.fbiapplicant] https in Trusted sites)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///E:/LTOCX14N.cab (LEAD Main Control (14.0))
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkLETKC) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 14:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{19063270-a7f8-11df-99eb-001320273f5a}\Shell\Auto\command - "" = F:\launcher.exe -- File not found
O33 - MountPoints2\{19063270-a7f8-11df-99eb-001320273f5a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33d64b35-2e03-11da-a91d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{33d64b35-2e03-11da-a91d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{425c6680-3b70-11dc-aa04-001320273f5a}\Shell - "" = AutoRun
O33 - MountPoints2\{425c6680-3b70-11dc-aa04-001320273f5a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{425c6680-3b70-11dc-aa04-001320273f5a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4399e678-3658-11de-ab4b-001320273f5a}\Shell\AutoRun\command - "" = G:\PStart.exe -- File not found
O33 - MountPoints2\{61b61feb-5753-11dc-aa1f-001320273f5a}\Shell - "" = AutoRun
O33 - MountPoints2\{61b61feb-5753-11dc-aa1f-001320273f5a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61b61feb-5753-11dc-aa1f-001320273f5a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8fcb44d1-265a-11df-abac-001320273f5a}\Shell - "" = AutoRun
O33 - MountPoints2\{8fcb44d1-265a-11df-abac-001320273f5a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8fcb44d1-265a-11df-abac-001320273f5a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bc1c8907-7f11-11df-972f-001320273f5a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 360 Days ==========

[2010/10/01 19:38:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/09/23 18:24:51 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symtdi.sys
[2010/09/23 18:24:51 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symtdiv.sys
[2010/09/23 18:24:51 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.sys
[2010/09/23 18:24:50 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.sys
[2010/09/23 18:24:50 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.sys
[2010/09/23 18:24:50 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.sys
[2010/09/23 18:24:50 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\ironx86.sys
[2010/09/23 18:24:50 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.sys
[2010/09/23 18:24:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1108000.005
[2010/09/04 15:43:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\solcache
[2010/08/18 22:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ieSpell
[2010/08/18 22:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2010/08/17 09:17:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010/07/28 08:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/07/22 20:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/22 20:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/22 20:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/14 21:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\assembly
[2010/07/14 17:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage
[2010/07/14 17:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Earth 3D
[2010/07/13 22:23:32 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/06 20:03:17 | 000,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/07/06 20:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Elementary Statistics 10e
[2010/06/23 22:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TomTom
[2010/06/23 22:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/06/23 22:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\TomTom
[2010/06/23 22:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TomTom
[2010/06/23 22:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/06/23 22:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/06/23 22:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2010/06/18 13:45:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010/06/15 20:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/06/15 17:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/06/15 17:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/06/13 20:27:01 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/13 20:27:00 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/13 20:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/06/13 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/06/13 20:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/06/13 19:57:30 | 000,854,064 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2010/06/13 19:56:06 | 086,133,848 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NAV-UPGRADE-ESD-17-5-0-127-EN.exe
[2010/06/13 19:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010/06/12 22:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2010/06/10 23:26:39 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/02 22:41:44 | 003,600,384 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/05/27 21:10:09 | 000,057,344 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\brprtink.dll
[2010/05/27 21:10:02 | 000,051,712 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrUsi08b.dll
[2010/05/27 21:10:01 | 001,530,880 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia08b.dll
[2010/05/27 21:09:50 | 000,126,976 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05b.dll
[2010/05/27 21:09:18 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll
[2010/05/27 21:09:18 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2010/05/27 21:09:18 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2010/05/27 21:09:18 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2010/05/27 21:09:14 | 000,167,936 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2010/05/27 21:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2010/05/27 21:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/05/06 20:12:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/06 20:12:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/06 20:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/20 01:30:08 | 000,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/04/16 11:36:56 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2010/04/14 19:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ArcGIS Explorer Documents
[2010/04/14 18:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\ArcGIS Explorer
[2010/04/07 20:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/04/06 21:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2010/04/06 21:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\wsInspector
[2010/04/06 21:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\wsInspector
[2010/04/06 21:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/04/06 21:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010/04/06 21:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows
[2010/03/31 00:16:34 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010/03/31 00:10:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010/03/30 12:24:40 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll
[2010/03/30 00:52:26 | 000,262,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2010/03/21 20:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Ulead VideoStudio SE
[2010/03/21 15:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2010/03/21 15:32:24 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/03/21 15:32:24 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/03/21 15:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2010/03/21 15:20:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/03/21 15:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/03/21 15:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/03/21 15:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2010/03/21 15:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2010/03/21 15:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/03/21 15:14:50 | 000,653,988 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkAPin.sys
[2010/03/21 15:14:50 | 000,243,212 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkACamd.sys
[2010/03/21 15:14:50 | 000,242,139 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkAMini.sys
[2010/03/21 15:14:50 | 000,106,496 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\Stk1150.exe
[2010/03/21 15:14:50 | 000,061,440 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\StkATVAp.exe
[2010/03/21 15:14:50 | 000,053,248 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAWIA.dll
[2010/03/21 15:14:50 | 000,049,152 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAProp.ax
[2010/03/21 15:14:50 | 000,045,056 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAVFW.dll
[2010/03/21 15:14:50 | 000,024,576 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAUSD.dll
[2010/03/21 15:14:50 | 000,024,576 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkASv2K.exe
[2010/03/21 15:14:50 | 000,024,576 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkASSrv.dll
[2010/03/21 15:14:50 | 000,018,754 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkASam.sys
[2010/03/21 15:14:50 | 000,004,772 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkScan.sys
[2010/03/21 15:14:49 | 010,479,603 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkAPipe.sys
[2010/03/10 16:35:05 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 19:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\File & Video Converters
[2010/03/09 00:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/03/09 00:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/03/09 00:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2010/03/09 00:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/03/09 00:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\NCH Software
[2010/03/05 10:37:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2010/02/21 11:00:46 | 000,020,588 | ---- | C] (Adobe Systems Incorporated.) -- C:\WINDOWS\System32\PdfPorts.dll
[2010/02/21 11:00:36 | 000,101,200 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\pdfshell.dll
[2010/02/21 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My eBooks
[2010/02/21 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2010/02/21 10:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Global Graphics
[2010/02/12 00:33:11 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/01/31 08:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\PROS
[2010/01/13 10:01:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010/01/13 01:02:35 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/12 21:35:39 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2010/01/12 21:35:38 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2010/01/12 21:35:38 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2010/01/12 21:35:38 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010/01/12 21:35:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/01/12 21:35:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2010/01/12 21:35:38 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2010/01/12 21:35:38 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/01/12 21:35:38 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2010/01/12 21:35:38 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/01/12 21:35:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2010/01/12 21:35:32 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dramp.dll
[2010/01/12 21:35:32 | 000,436,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim.dll
[2010/01/12 21:35:32 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3drm.dll
[2010/01/12 21:35:32 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dxof.dll
[2010/01/12 21:35:32 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dpmesh.dll
[2010/01/12 21:35:32 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxapi.sys
[2010/01/12 21:35:29 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2010/01/12 21:35:29 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2010/01/12 21:35:29 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2010/01/12 21:35:29 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2010/01/12 21:35:29 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2010/01/12 21:35:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2010/01/12 21:35:29 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2010/01/12 21:35:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2010/01/12 21:35:29 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2010/01/12 21:35:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2010/01/12 21:35:28 | 001,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2010/01/12 21:35:28 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2010/01/12 21:35:28 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2010/01/12 21:35:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2010/01/12 21:35:27 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diactfrm.dll
[2010/01/12 21:35:27 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2010/01/12 21:35:27 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2010/01/12 21:35:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2010/01/12 21:35:27 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2010/01/12 21:35:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dimap.dll
[2010/01/12 21:35:27 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2010/01/12 21:35:27 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2010/01/12 21:35:26 | 001,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2010/01/12 21:35:26 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2010/01/12 21:35:26 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2010/01/12 21:35:26 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2010/01/12 21:35:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll
[2010/01/12 21:35:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2010/01/12 21:35:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2010/01/12 21:35:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2010/01/12 21:35:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2010/01/12 21:35:25 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2010/01/12 21:35:25 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2010/01/12 21:35:25 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2010/01/12 21:35:25 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2010/01/12 21:35:25 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2010/01/12 21:35:25 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2010/01/12 21:35:25 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2010/01/12 21:35:25 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gcdef.dll
[2010/01/12 21:35:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2010/01/12 21:35:25 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2010/01/12 21:35:25 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2010/01/12 21:35:25 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2010/01/11 20:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec
[2010/01/11 20:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/01/11 20:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/01/11 20:16:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2010/01/11 20:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/01/11 20:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/01/11 20:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/31 16:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Infogrames
[2009/12/24 02:59:40 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2009/12/22 17:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Call of Duty
[2009/12/22 14:39:20 | 000,922,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2009/12/22 14:39:20 | 000,922,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2009/12/22 14:39:20 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2009/12/22 14:39:20 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2009/12/22 14:39:20 | 000,062,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2009/12/19 20:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos Interactive
[2009/12/16 14:43:27 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/15 22:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2009/12/15 22:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ubi Soft
[2009/12/15 22:07:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\UbiSoft
[2009/12/14 03:08:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/11/30 22:04:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2009/11/30 22:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/30 22:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/27 12:07:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 12:07:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/26 11:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/07 01:07:08 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2009/11/01 21:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/11/01 13:37:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/10/31 09:53:06 | 000,048,640 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll4pi.dll
[2009/10/31 08:27:08 | 000,069,632 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2009/10/31 08:27:08 | 000,065,536 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2009/10/21 01:38:36 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2009/10/21 01:38:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2009/10/20 12:20:16 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2009/10/18 15:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2009/10/18 15:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/10/18 15:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\RapidSolution
[2009/10/18 13:22:17 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX
[2009/10/18 13:22:16 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
[2009/10/18 13:22:16 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2009/10/18 13:22:16 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2009/10/18 13:22:16 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
[2009/10/18 13:22:16 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
[2009/10/18 13:22:16 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
[2009/10/18 13:22:16 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
[2009/10/18 13:22:15 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009/10/18 13:22:15 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009/10/18 13:22:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009/10/18 13:22:15 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
[2009/10/18 13:22:15 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
[2009/10/18 13:22:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2009/10/18 13:22:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009/10/18 13:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Free Audio Pack
[2009/10/13 06:30:16 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2009/10/12 09:38:19 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2009/10/12 09:38:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2010/10/03 08:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/03 07:47:10 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9AE3750C-72AE-40E2-8ACF-E47D5E2CA370}.job
[2010/10/01 18:04:06 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 18:01:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/01 18:01:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/01 18:01:27 | 787,271,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/30 19:33:58 | 000,138,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/09/30 19:33:44 | 000,214,816 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/09/29 22:26:21 | 000,705,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\Cat.DB
[2010/09/29 16:13:28 | 002,605,056 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2010/09/29 16:13:11 | 000,001,316 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/28 20:47:43 | 010,485,760 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/09/27 23:36:09 | 000,090,857 | ---- | M] () -- C:\WINDOWS\Owner8.xlb
[2010/09/27 23:36:00 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cancer walk.csv
[2010/09/27 23:29:33 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cancer walk emails.doc
[2010/09/25 06:52:55 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/09/25 06:50:38 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/09/23 14:21:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/20 17:57:11 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\isolate.ini
[2010/09/15 22:20:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/15 22:07:15 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/12 19:32:13 | 000,505,550 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\recipes.pdf
[2010/09/05 19:23:37 | 000,000,051 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2010/09/05 11:37:28 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/04 15:43:45 | 000,000,461 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/08/23 20:03:08 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/22 07:36:37 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010/08/13 09:03:23 | 000,308,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 08:31:55 | 000,501,604 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 08:31:55 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 08:31:55 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/03 21:11:00 | 008,920,064 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/08/03 21:11:00 | 006,037,504 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/08/01 21:19:14 | 000,000,077 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\.picasa.ini
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/22 20:42:01 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/07/22 20:22:22 | 000,065,536 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/22 11:49:15 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/07/21 17:57:59 | 000,000,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100905-113728.backup
[2010/07/14 17:40:05 | 000,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bing Maps 3D.lnk
[2010/07/14 17:39:12 | 000,095,800 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/06 20:03:14 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vpg_bcsb.ini
[2010/07/06 20:03:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Elementary Statistics 10e.lnk
[2010/06/30 08:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010/06/24 17:51:58 | 011,077,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/06/24 08:22:03 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/06/24 08:22:02 | 001,210,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/06/24 08:22:01 | 005,951,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/06/24 08:22:01 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/06/24 08:22:01 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/06/24 08:22:01 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/06/24 08:21:59 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/06/24 08:21:59 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/06/24 08:21:59 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/06/24 08:21:59 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/06/24 08:21:59 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/06/24 08:21:59 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/06/24 08:21:59 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/06/24 08:21:59 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/06/24 08:21:58 | 001,986,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/06/24 08:21:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/06/24 08:21:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/06/24 08:21:56 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/24 08:21:55 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/06/24 08:21:55 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/06/23 17:48:29 | 000,011,264 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2010/06/23 17:48:29 | 000,003,700 | ---- | M] () -- C:\WINDOWS\DCEBOOT.CFG
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/06/23 08:08:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/06/23 08:08:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/06/21 22:48:33 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/21 11:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/06/18 13:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll
[2010/06/18 13:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010/06/18 09:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/06/17 10:03:00 | 000,080,384 | ---- | M] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll
[2010/06/15 17:50:40 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.9.lnk
[2010/06/15 12:17:24 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax
[2010/06/14 10:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/06/14 03:41:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/06/13 20:27:00 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/13 20:27:00 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/13 20:27:00 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/13 20:27:00 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/13 19:57:59 | 000,854,064 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2010/06/13 19:56:21 | 086,133,848 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NAV-UPGRADE-ESD-17-5-0-127-EN.exe
[2010/06/11 20:03:27 | 000,002,187 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2010/06/09 03:43:36 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/06/02 22:41:44 | 003,600,384 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/05/27 21:13:09 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2010/05/27 21:12:46 | 000,000,951 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2010/05/27 21:12:46 | 000,000,487 | ---- | M] () -- C:\WINDOWS\Brpcfx.ini
[2010/05/27 21:12:09 | 000,000,507 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2010/05/27 21:10:12 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/05/22 14:08:04 | 002,215,286 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bissell.pdf
[2010/05/20 22:03:34 | 000,002,843 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\launch.jsp
[2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symtdi.sys
[2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symtdiv.sys
[2010/05/06 00:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnetv.inf
[2010/05/06 00:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnet.inf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\ironx86.sys
[2010/04/29 01:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\iron.cat
[2010/04/29 01:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\iron.inf
[2010/04/26 04:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.cat
[2010/04/24 07:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.inf
[2010/04/21 23:02:36 | 000,007,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnetv.cat
[2010/04/21 23:02:36 | 000,007,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnet.cat
[2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.sys
[2010/04/21 23:01:56 | 000,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.cat
[2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.sys
[2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.sys
[2010/04/21 22:29:50 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.cat
[2010/04/21 22:29:50 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.cat
[2010/04/21 22:29:50 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.inf
[2010/04/21 22:29:50 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.inf
[2010/04/20 01:30:08 | 000,285,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/04/20 01:30:08 | 000,285,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010/04/19 20:00:15 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kevin Maier Fall 2010 Schedule.xls
[2010/04/19 19:41:45 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kevin Fall 2010 Sched Final.xls
[2010/04/16 11:36:56 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2010/04/14 18:33:05 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ArcGIS Explorer.lnk
[2010/04/07 20:20:11 | 000,001,772 | ---- | M] () -- C:\WINDOWS\OPLIMIT.INI
[2010/04/07 20:19:47 | 000,010,438 | ---- | M] () -- C:\WINDOWS\scan05a.ini
[2010/04/06 21:49:28 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/04/06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVCore.dll
[2010/04/06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll
[2010/04/03 13:41:39 | 000,006,912 | ---- | M] () -- C:\WINDOWS\vista32.ini
[2010/03/31 00:16:34 | 000,099,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010/03/31 00:10:40 | 000,295,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010/03/30 12:24:40 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sdecd.dll
[2010/03/30 12:24:40 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll
[2010/03/30 00:52:26 | 000,262,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4ds32.ax
[2010/03/30 00:52:26 | 000,262,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2010/03/29 22:33:02 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 07:32:35 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Debug.ini
[2010/03/21 15:19:24 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ulead VideoStudio SE DVD.lnk
[2010/03/12 00:24:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\goldenShakeIcon.job
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/03/09 00:24:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\goldenSevenDays.job
[2010/03/06 20:38:26 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\Owner\udownload.dat
[2010/03/06 10:09:23 | 000,007,409 | ---- | M] () -- C:\WINDOWS\extend.dat
[2010/03/05 10:37:40 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2010/03/05 10:37:40 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asycfilt.dll
[2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.sys
[2010/02/25 14:54:56 | 000,007,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.cat
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/21 11:02:20 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 5.0.lnk
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/16 10:08:49 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/16 09:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/02/16 09:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/02/16 09:25:04 | 002,024,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/13 13:08:17 | 000,000,819 | ---- | M] () -- C:\WINDOWS\CoDUO.INI
[2010/02/12 00:33:11 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010/02/08 18:13:22 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dear Copine de moi.doc
[2010/02/05 17:52:57 | 000,001,754 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.inf
[2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/01/31 08:37:15 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PROS+ SE Launchpad.lnk
[2010/01/29 10:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm
[2010/01/13 10:01:25 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010/01/10 21:33:29 | 000,000,766 | ---- | M] () -- C:\WINDOWS\CoD.INI
[2009/12/24 02:59:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2009/12/22 14:39:20 | 000,922,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2009/12/22 14:39:20 | 000,922,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2009/12/22 14:39:20 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2009/12/22 14:39:20 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2009/12/22 14:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2009/12/19 20:33:39 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Hitman 2.lnk
[2009/12/16 14:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/16 14:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/15 22:11:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2009/12/14 03:08:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/14 03:08:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/09 01:53:44 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/12/09 01:53:44 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/12/08 05:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/11/27 13:11:44 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 12:07:35 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 12:07:35 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2009/11/27 12:07:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/27 12:07:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2009/11/27 12:07:34 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 12:07:34 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/21 11:51:42 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/21 11:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/07 01:07:08 | 000,049,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2009/10/31 09:59:54 | 000,124,053 | ---- | M] () -- C:\WINDOWS\HPHins12.dat
[2009/10/21 01:38:36 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
[2009/10/21 01:38:36 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2009/10/21 01:38:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
[2009/10/21 01:38:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2009/10/15 12:28:26 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2009/10/15 12:28:26 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/10/15 12:28:26 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2009/10/15 12:28:26 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.sys
[2009/10/14 23:50:05 | 000,002,793 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.inf
[2009/10/13 06:30:16 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oakley.dll
[2009/10/13 06:30:16 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2009/10/12 09:38:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rastls.dll
[2009/10/12 09:38:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2009/10/12 09:38:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\raschap.dll
[2009/10/12 09:38:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/27 23:33:33 | 000,000,404 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cancer walk.csv
[2010/09/27 23:29:33 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cancer walk emails.doc
[2010/09/25 06:52:05 | 000,705,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\Cat.DB
[2010/09/23 18:24:51 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnetv.cat
[2010/09/23 18:24:51 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnet.cat
[2010/09/23 18:24:51 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.inf
[2010/09/23 18:24:51 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnetv.inf
[2010/09/23 18:24:51 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symnet.inf
[2010/09/23 18:24:50 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symefa.cat
[2010/09/23 18:24:50 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.cat
[2010/09/23 18:24:50 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.cat
[2010/09/23 18:24:50 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\iron.cat
[2010/09/23 18:24:50 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.cat
[2010/09/23 18:24:50 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.cat
[2010/09/23 18:24:50 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\symds.inf
[2010/09/23 18:24:50 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\cchpx86.inf
[2010/09/23 18:24:50 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtspx.inf
[2010/09/23 18:24:50 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\srtsp.inf
[2010/09/23 18:24:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\iron.inf
[2010/09/23 18:24:31 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1108000.005\isolate.ini
[2010/09/12 19:32:13 | 000,505,550 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\recipes.pdf
[2010/08/01 21:19:10 | 000,000,077 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\.picasa.ini
[2010/07/22 20:42:01 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/07/22 20:22:22 | 000,065,536 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/17 12:25:11 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/14 17:40:00 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bing Maps 3D.lnk
[2010/07/11 19:45:37 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/06 20:03:14 | 000,000,063 | ---- | C] () -- C:\WINDOWS\vpg_bcsb.ini
[2010/07/06 20:03:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Elementary Statistics 10e.lnk
[2010/06/23 17:48:11 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010/06/23 17:48:11 | 000,003,700 | ---- | C] () -- C:\WINDOWS\DCEBOOT.CFG
[2010/06/21 22:48:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/15 17:50:40 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.9.lnk
[2010/06/15 17:49:15 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/13 20:27:01 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/13 20:27:01 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/13 20:26:44 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/05/27 21:13:09 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2010/05/27 21:10:12 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/05/22 14:08:04 | 002,215,286 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bissell.pdf
[2010/05/20 22:03:32 | 000,002,843 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\launch.jsp
[2010/04/19 19:13:14 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kevin Fall 2010 Sched Final.xls
[2010/04/17 21:42:34 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kevin Maier Fall 2010 Schedule.xls
[2010/04/14 18:33:04 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ArcGIS Explorer.lnk
[2010/04/06 21:54:52 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/04/06 21:49:28 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/03/21 15:19:23 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ulead VideoStudio SE DVD.lnk
[2010/03/09 00:24:30 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\goldenSevenDays.job
[2010/03/09 00:24:29 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\goldenShakeIcon.job
[2010/03/06 20:38:25 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Owner\udownload.dat
[2010/03/06 10:09:23 | 000,007,409 | ---- | C] () -- C:\WINDOWS\extend.dat
[2010/02/21 11:02:20 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 5.0.lnk
[2010/02/21 11:00:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2010/02/08 18:13:21 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dear Copine de moi.doc
[2010/01/31 08:37:14 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PROS+ SE Launchpad.lnk
[2010/01/12 21:35:38 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/01/12 21:35:38 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/01/12 21:35:38 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/01/12 21:35:38 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/01/12 21:35:38 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/01/12 21:35:38 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/01/12 21:35:35 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010/01/12 21:35:35 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/01/12 21:35:34 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010/01/12 21:35:34 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010/01/12 21:35:34 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010/01/12 21:35:32 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010/01/12 21:35:32 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010/01/12 21:35:32 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010/01/12 21:35:32 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010/01/12 21:35:32 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/01/02 22:31:56 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2010/01/02 22:28:56 | 000,000,819 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2009/12/19 20:33:39 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Play Hitman 2.lnk
[2009/12/15 22:11:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/10/31 09:54:23 | 002,565,810 | ---- | C] () -- C:\Documents and Settings\Owner\hph_ProductContextD1300.log
[2009/10/31 08:21:40 | 000,124,053 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2009/10/31 08:21:40 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2009/10/18 13:22:16 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009/10/18 13:22:14 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/09/23 19:51:53 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/07/25 20:26:43 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/11 18:18:54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/03/11 18:18:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/03/11 18:18:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/02/01 18:23:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/01/31 17:33:31 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/01/31 17:18:24 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/01/18 15:15:02 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/01/05 23:15:30 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/26 15:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 15:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/07/15 19:26:35 | 000,000,877 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/04/29 20:50:37 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/02/25 22:31:55 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/02/25 22:30:52 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/11/13 19:11:34 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini
[2006/11/13 18:56:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/11/05 17:00:27 | 000,000,951 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/10/28 17:25:39 | 000,000,165 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2006/10/26 22:29:57 | 000,002,321 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2006/10/26 21:52:00 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2006/10/26 21:42:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/10/26 21:42:26 | 000,000,168 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2006/10/26 21:00:45 | 000,002,747 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/26 21:00:38 | 000,001,772 | ---- | C] () -- C:\WINDOWS\OPLIMIT.INI
[2006/10/26 20:56:07 | 000,006,912 | ---- | C] () -- C:\WINDOWS\vista32.ini
[2006/10/26 20:56:07 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/10/26 20:56:07 | 000,000,065 | ---- | C] () -- C:\WINDOWS\umaxdrv.ini
[2006/10/26 20:55:34 | 000,135,200 | ---- | C] () -- C:\WINDOWS\u2x00_32.dll
[2006/10/26 20:55:34 | 000,106,528 | ---- | C] () -- C:\WINDOWS\u1230_32.dll
[2006/10/26 20:55:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\u2200_32.dll
[2006/10/26 20:55:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\usq3400.dll
[2006/10/26 20:55:33 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\sqEp2Usb.dll
[2006/10/26 20:55:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SQUSBIO.dll
[2006/10/26 20:55:33 | 000,018,366 | ---- | C] () -- C:\WINDOWS\uns3400.ini
[2006/10/26 20:55:33 | 000,016,474 | ---- | C] () -- C:\WINDOWS\uns5400.ini
[2006/10/26 20:55:33 | 000,010,438 | ---- | C] () -- C:\WINDOWS\scan05a.ini
[2006/10/26 20:55:33 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys
[2006/10/26 20:55:33 | 000,005,442 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini
[2006/10/26 20:55:32 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll
[2006/10/26 20:55:30 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll
[2006/10/26 20:55:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys
[2006/10/26 20:53:05 | 000,000,500 | ---- | C] () -- C:\WINDOWS\Upmagic.ini
[2006/10/26 20:52:52 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Vss.ini
[2006/10/26 20:49:03 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/10/26 20:49:02 | 000,000,410 | ---- | C] () -- C:\WINDOWS\umxaddin.ini
[2006/10/26 20:34:15 | 000,000,047 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI
[2006/10/24 19:35:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/02/04 19:19:40 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/01/01 13:40:17 | 000,001,864 | ---- | C] () -- C:\WINDOWS\epanet2.ini
[2005/12/19 20:22:15 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/06 18:38:31 | 000,000,461 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/10/04 21:18:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/10/04 20:58:47 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/10/04 20:58:37 | 000,002,187 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2005/10/04 20:56:20 | 000,000,507 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/10/04 20:56:20 | 000,000,487 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2005/10/04 20:56:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/09/25 21:02:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2005/09/25 20:30:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/05/09 14:13:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/09 14:11:59 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/09 12:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/03/24 00:07:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 12:53:24 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 12:53:24 | 000,000,481 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2002/08/12 08:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1996/12/09 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/09 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/07 23:08:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/11/07 23:08:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 10:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/07 23:08:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/11/07 23:08:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/03/23 06:02:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/03/23 06:02:03 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/23 06:02:03 | 000,851,968 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/30 19:33:58 | 000,138,328 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4EA859B
< End of report >

Attached Files


Edited by Maurice Naggar, 09 October 2010 - 03:07 PM.


BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:08 AM

Posted 09 October 2010 - 03:36 PM

Hello maier58,
Your logs showed some peer-to-peer filesharing apps:LimeWire 5.5.9. I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.
File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

P2P file sharing: Know the risks

De-install LimeWire and any other peer-to-peer sharing program ! and confirm that for me !

Go to Control Panel and Add-or-Remove programs.
De-install LimeWire 5.5.9
Look for it and click the line for it. Select Change/Remove to de-install it.
OK & Exit out of Control Panel


Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
1. Open Internet Explorer.
2. Click "Tools," and then click "Internet Options."
3. Click "Connections," and then click "LAN Settings."
4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.
5. Apply changes & OK


Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

  • Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    :processes

    :OTL
    O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O3 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    O3 - HKU\S-1-5-21-2245624556-126218589-602344379-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.


    :files
    recycler /alldrives

    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 5
Please download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.
  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and extract their contents to C:\DCE
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.
How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

Step 6
Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Step 7
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 8
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)


Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3







* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Step 9
Reply with copy of contents of Sysclean log
the DrWeb Cure-It log
the latest MBAM log
the C:\Combofix.txt log

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar, 09 October 2010 - 03:45 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:08 AM

Posted 17 October 2010 - 08:39 AM

This topic is Closed due to lack of response.
The suggestions posted here were only for this system.
If you are a casual reader & you have similar issues, please follow the forum requirements and create your own Topic to get guided help.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users