Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With IE Popup and JPEG


  • This topic is locked This topic is locked
32 replies to this topic

#1 justjim2

justjim2

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California
  • Local time:04:35 PM

Posted 12 October 2010 - 07:41 PM

I think this is more than a popup. I found some files in the temp internet folder that were name "thanks" and most had the web url of the site: hxxp://www.siro.eroexpres.com or hxxp://www.siro.eroexpres.com/reg2php.cid=0 The file types are JPEG and PNG at least the ones I found which I deleted. I have tried tree or four spyware programs. I was able to get rid of the popup and IE explorer opening but when I restarted my computer the same problem is back again. It is always the same place and the same JPEG on my desk top. I cannot grab the JPEG and drag it but IE Explorer functions fine.


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Jim Grice at 16:49:59.19 on Tue 10/12/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_21
Microsoftฎ Windows Vistaโโ€žข Home Premium 6.0.6002.2.1252.1.1033.18.3964.1958 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\mshta.EXE
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Ziggy TV Toolbar\ZiggyTVSvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jim Grice\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jim Grice\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 0.0.0.0:80
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} -

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {43BEAFD9-E005-483D-A367-146BA6C8A32E} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - No File
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: ZiggyTV Toolbar: {4c350b19-6ca1-4569-b14c-296d8d65300c} - "C:\Program Files (x86)\Ziggy TV Toolbar\ziggytvtb.dll"
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {AEF44653-C059-42CB-A5B7-41C640DA4A67} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [<NO NAME>]
mRun: [AirMac Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: DisallowCpl = 1 (0x1)
uPolicies-explorer: MaxRecentDocs = 6 (0x6)
uPolicies-explorer: DisallowRun = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
AppInit_DLLs: C:\PROGRA~2\Google\GO333C~1\GOEC62~1.DLL
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB-X64: {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {4C350B19-6CA1-4569-B14C-296D8D65300C} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -
TB-X64: {AEF44653-C059-42CB-A5B7-41C640DA4A67} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - C:\Users\JIMGRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - prefs.js: browser.startup.homepage - hxxp://www.mozilla.com/en-US/firefox/central/\r
FF - prefs.js: keyword.URL - hxxp://wyzo.wyzostart.com/s/?src=FF-Address&site=Bing&cfg=2-47-0-1AkM3&q=
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - prefs.js: browser.search.selectedEngine - ZiggyTV
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\platform\WINNT_x86-

msvc\components\yjAuthApi.dll
FF - component: C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\platform\WINNT_x86-

msvc\components\yjUniqueHashId.dll
FF - component: C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\platform\WINNT_x86-

msvc\components\ytoolbar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\OpenOffice.org 3\program\npsoplugin.dll
FF - plugin: C:\Program Files (x86)\PANDORA.TV\Launcher\npmini.dll
FF - plugin: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Jim Grice\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: C:\Users\Jim Grice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jim Grice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation

Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-11-11 55024]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2008-1-20 27648]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-2-2 204800]
R2 ZiggyTV Toolbar Helper;ZiggyTV Toolbar Helper;C:\Program Files (x86)\Ziggy TV Toolbar\ZiggyTVSvc.exe [2010-6-23 232104]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2008-5-9 286208]
R3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c91ba9fe4c660;Google Update Service (gupdate1c91ba9fe4c660);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-9-20 133104]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-7-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-6-7 1424232]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-8-25 30192]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-4-10 342320]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SRS_WOWHD_DivX_Service;WOW HD DivX Edition;C:\Windows\System32\drivers\SRS_DivX_amd64.sys [2010-6-6 377584]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18

1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Devices remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-6-4 55648]

============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-10-12 12:15:53 7935824 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{79D7A6FD-2255-4FE4-9587-C73C1E96D755}\mpengine.dll
2010-10-12 05:31:35 -------- d-----w- C:\!KillBox
2010-10-12 04:17:47 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-12 04:15:52 -------- d-----w- C:\Users\JIMGRI~1\AppData\Local\FixItCenter
2010-10-12 03:12:00 4984 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2010-10-12 00:46:10 -------- d-----w- C:\Windows\MATS
2010-10-12 00:46:08 -------- d-----w- C:\Program Files\Microsoft Fix it Center
2010-10-10 05:02:13 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2010-10-09 19:16:08 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-10-09 07:50:42 -------- d-----w- C:\PROGRA~3\STOPzilla!
2010-10-08 09:36:36 -------- d-----w- C:\Users\JIMGRI~1\AppData\Local\SimpleMencoderShellGUI
2010-10-08 09:35:53 -------- d-----w- C:\Users\JIMGRI~1\AppData\Local\TempImages
2010-10-08 04:56:07 831488 ----a-w- C:\Windows\System32\d2d1.dll
2010-10-08 04:54:43 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2010-10-06 11:55:17 -------- d-----w- C:\Users\JIMGRI~1\AppData\Local\Sunbelt Software
2010-10-06 09:01:50 -------- d-----w- C:\PROGRA~3\PC Tools
2010-10-06 07:57:53 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2010-10-05 11:24:24 -------- d-----w- C:\Users\JIMGRI~1\AppData\Local\Yahoo
2010-10-04 12:04:50 -------- d-----w- C:\Program Files (x86)\FriendFinder
2010-10-03 11:10:24 -------- d-----w- C:\Games
2010-10-03 11:10:03 -------- d-----w- C:\Program Files (x86)\RealArcade
2010-10-02 11:34:47 1152488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPFxViewer.dll
2010-09-30 03:15:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-30 03:15:35 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 05:57:23 -------- d-----w- C:\Users\JIMGRI~1\AppData\Roaming\AVS4YOU
2010-09-28 05:54:13 -------- d-----w- C:\PROGRA~3\AVS4YOU
2010-09-27 09:52:04 774144 ----a-w- C:\Windows\SysWow64\htmlayout.dll
2010-09-27 09:52:00 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2010-09-27 09:52:00 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2010-09-27 09:52:00 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2010-09-23 01:10:52 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-09-23 01:10:52 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-09-22 01:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2010-09-21 05:08:04 8192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2010-09-21 05:07:25 140864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2010-09-21 05:07:08 98304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2010-09-21 05:05:34 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-09-19 23:43:35 -------- d-----w- C:\Program Files (x86)\Ziggy TV Toolbar
2010-09-19 10:25:33 -------- d-----w- C:\Program Files (x86)\eptsoft
2010-09-19 00:22:57 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio .NET
2010-09-19 00:19:38 -------- d-----w- C:\oraclexe
2010-09-18 14:59:25 -------- d-----w- C:\Users\JIMGRI~1\AppData\Roaming\PhotoScape
2010-09-18 14:59:10 -------- d-----w- C:\Program Files (x86)\PhotoScape
2010-09-18 13:14:05 -------- d-----w- C:\Users\JIMGRI~1\AppData\Local\BuildAGadget Content
2010-09-15 02:49:36 317952 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL
2010-09-15 02:49:36 295424 ----a-w- C:\Windows\System32\MP4SDECD.DLL
2010-09-15 02:49:35 273920 ----a-w- C:\Windows\System32\spoolsv.exe
2010-09-15 02:49:33 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-09-15 02:49:33 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-09-15 02:49:31 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2010-09-15 02:49:30 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2010-09-15 02:49:28 621568 ----a-w- C:\Windows\System32\usp10.dll
2010-09-15 02:49:28 502272 ----a-w- C:\Windows\SysWow64\usp10.dll

==================== Find3M ====================

2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-01 07:46:36 1355264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2010-09-01 07:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-01 07:44:30 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-01 07:44:24 1122304 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-01 07:44:06 424960 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-09-01 07:43:22 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-01 07:43:12 72704 ----a-w- C:\Windows\SysWow64\SetDepNx.exe
2010-09-01 07:43:12 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-01 07:43:12 114176 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-01 07:43:10 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2010-09-01 07:43:10 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2010-09-01 07:43:02 448512 ----a-w- C:\Windows\System32\html.iec
2010-09-01 07:41:56 601088 ----a-w- C:\Windows\System32\vbscript.dll
2010-09-01 07:40:56 76800 ----a-w- C:\Windows\System32\tdc.ocx
2010-09-01 07:40:40 215552 ----a-w- C:\Windows\System32\msls31.dll
2010-08-17 23:58:54 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-08-17 23:58:38 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-08-17 23:56:19 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
2010-08-17 23:55:52 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2010-08-17 23:54:51 280064 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-08-17 23:54:47 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-08-17 23:54:46 377856 ----a-w- C:\Windows\System32\mfmp4src.dll
2010-08-17 23:54:33 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-08-17 23:52:43 2013184 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-08-17 23:52:39 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2010-08-17 23:52:08 196608 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-08-17 23:52:00 1555456 ----a-w- C:\Windows\System32\DWrite.dll
2010-08-17 23:51:56 1147904 ----a-w- C:\Windows\System32\FntCache.dll
2010-08-17 23:51:55 328192 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-08-17 23:51:50 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
2010-08-17 23:51:08 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-08-17 23:51:07 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
2010-08-17 23:50:09 680960 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-08-17 23:49:57 1174528 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-08-17 23:49:19 1068032 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-08-17 23:48:49 161280 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-08-17 23:48:41 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-07-21 21:31:58 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2010-07-17 12:00:04 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2009-05-24 21:33:48 7349744 ----a-w- C:\Program Files (x86)\FLV PlayerATBSetup.exe

============= FINISH: 16:50:51.36 ===============

In my original post about Infected With IE Popup and JPEG, Cannot Remove The Virus or PopUp, I did not upload the Attach and the ARK files. So here they are. Thanks!
Jim Grice

EDIT: Topics and posts merged ~BP

Attached Files


Edited by Budapest, 14 October 2010 - 04:33 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 PM

Posted 21 October 2010 - 06:35 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 PM

Posted 22 October 2010 - 04:01 AM

Hi Jim,

Thanks for the PMs but can we communicate through the forum from now on so that it can be read by everyone?

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Now please run OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#4 justjim2

justjim2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California
  • Local time:04:35 PM

Posted 22 October 2010 - 06:30 AM

Hi Jim,

Thanks for the PMs but can we communicate through the forum from now on so that it can be read by everyone?

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Now please run OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.



#5 justjim2

justjim2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California
  • Local time:04:35 PM

Posted 22 October 2010 - 06:34 AM

I could not use the hyper link to download as I couldn't display page so I went to Kaspersky site and found it but it had no way of downloading it and it was not for 64 bit systems. I don't know if it matters. Am I using the wrong browser Google Chrome?

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 PM

Posted 22 October 2010 - 04:39 PM

Sorry, please run OTL and ignore the first part of the instructions.
Posted Image
m0le is a proud member of UNITE

#7 justjim2

justjim2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California
  • Local time:04:35 PM

Posted 23 October 2010 - 09:14 AM

I still have the problem. It stayed away until I restarted the computer about 12 hours later and it cam back. I suspended the mshta.exe file again so it will stay hidden.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 PM

Posted 23 October 2010 - 09:57 AM

Hi Jim,

I need some clairification here.

What is the mshta.exe file doing? It is a legitimate service that you are suspending. If suspending it stops the issue then why have you not run OTL?
Posted Image
m0le is a proud member of UNITE

#9 justjim2

justjim2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California
  • Local time:04:35 PM

Posted 23 October 2010 - 11:32 AM

I tried to reply and included the pasted text from both otl files but I don't see it.

#10 justjim2

justjim2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California
  • Local time:04:35 PM

Posted 23 October 2010 - 11:39 AM

I have to shut off the computer because they are shutting off power in the area for most of the day. I wil check back tonight or sooner. Thanks!

#11 justjim2

justjim2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California
  • Local time:04:35 PM

Posted 23 October 2010 - 01:46 PM

Here is the otl.txt

OTL logfile created on: 10/23/2010 11:21:57 AM - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Jim Grice\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 323.43 Gb Free Space | 71.14% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.31 Gb Free Space | 11.80% Space Free | Partition Type: NTFS

Computer Name: JIMGRICE-PC | User Name: Jim Grice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jim Grice\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Jim Grice\AppData\Local\Temp\Cofe\-220981526\procexp.exe (Sysinternals - www.sysinternals.com)
PRC - C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Jim Grice\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Users\Jim Grice\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE ()
PRC - c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe (Oracle Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Jim Grice\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msiltcfg.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\eptsoft\Mathematics V10 FREE Download\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\tcpsvcs.exe (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (NtmsSvc) -- C:\Windows\SysNative\ntmssvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (OracleXEClrAgent) -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe ()
SRV - (OracleXETNSListener) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE ()
SRV - (OracleMTSRecoveryService) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (Oracle Corporation)
SRV - (OracleJobSchedulerXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe ()
SRV - (OracleServiceXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (Oracle Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (SRS_WOWHD_DivX_Service) -- C:\Windows\SysNative\drivers\SRS_DivX_amd64.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (FreshIO) -- C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "ZiggyTV"
FF - prefs.js..browser.search.defaultenginename: "ZiggyTV"
FF - prefs.js..browser.search.order.1: "ZiggyTV"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=196149"
FF - prefs.js..browser.search.selectedEngine: "ZiggyTV"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com/en-US/firefox/central/\r"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {F807FACD-E46A-4793-B345-D58CB177673C}:3.5.3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:7.3.0.2010052416
FF - prefs.js..extensions.enabledItems: designmodetweak@tamingdfox.blogspot.com:1.1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {155b68cd-2661-4d9a-8d0d-de336d6f9461}:1.0.1
FF - prefs.js..extensions.enabledItems: wisestamp@wisestamp.com:2.0.1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://wyzo.wyzostart.com/s/?src=FF-Address&site=Bing&cfg=2-47-0-1AkM3&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/04/07 05:11:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 03:09:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/22 02:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/20 22:07:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/22 03:25:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/08 20:26:12 | 000,000,000 | ---D | M]

[2010/04/07 05:27:45 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Extensions
[2010/10/22 06:19:33 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions
[2010/08/14 00:27:01 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/08/08 22:49:23 | 000,000,000 | ---D | M] (MozTweak) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{155b68cd-2661-4d9a-8d0d-de336d6f9461}
[2010/06/01 22:18:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/03 00:19:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/31 22:22:46 | 000,000,000 | ---D | M] (Yahoo!ใƒ„ใƒผใƒซใƒใƒผ) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/27 21:18:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/21 17:48:04 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2010/07/15 20:15:13 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\designmodetweak@tamingdfox.blogspot.com
[2010/07/13 16:56:43 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\firefox@tvunetworks.com
[2010/09/11 04:36:42 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\searchtoolbar@zugo.com
[2010/10/22 06:09:35 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\toolbar@ask.com
[2010/09/03 22:15:18 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\wisestamp@wisestamp.com
[2010/07/23 23:36:31 | 000,001,949 | ---- | M] () -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\searchplugins\bing-zugo.xml
[2010/10/16 16:24:36 | 000,002,412 | ---- | M] () -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\searchplugins\fjvin0-8.xml
[2010/07/19 22:26:08 | 000,002,168 | ---- | M] () -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\searchplugins\inbox-search.xml
[2010/08/14 00:33:27 | 000,001,196 | ---- | M] () -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\searchplugins\winamp-search.xml
[2010/10/13 20:56:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/04 15:52:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 17:56:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/07/03 19:33:04 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\CheckTudouVa.dll
[2008/11/11 00:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/02 04:34:47 | 001,152,488 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPFxViewer.dll
[2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010/10/13 20:43:51 | 000,002,518 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\ZiggyTV.xml
[2010/10/13 20:43:51 | 000,002,502 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\ZiggyTV.xml.bak

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Yahoo!ƒc[ƒ‹ƒo[ƒtƒBƒbƒVƒ“ƒOŒx) - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files\Yahoo!J\Toolbar64\7_3_0_12\Modules\ypho.dll (Yahoo Japan Corporation. )
O2:64bit: - BHO: (Yahoo!ƒc[ƒ‹ƒo[ƒwƒ‹ƒp[) - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files\Yahoo!J\Toolbar64\7_3_0_12\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - No CLSID value found.
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files\Yahoo!J\Toolbar64\7_3_0_12\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {4C350B19-6CA1-4569-B14C-296D8D65300C} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files\Yahoo!J\Toolbar64\7_3_0_12\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [CD Autorun] C:\Program Files (x86)\TweakNow PowerPack 2010\CDAuto.exe File not found
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RAM Idle Professional] C:\Program Files (x86)\TweakNow PowerPack 2010\Module64\RAM2_XP.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [(default)] File not found
O4 - HKLM..\Run: [AirMac Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 6
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = E0 01 00 00 [binary data]
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Welcome Center = Welcome Center
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Windows CardSpace = Windows CardSpace
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Windows Defender = Windows Defender
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Windows Mobility Center = Windows Mobility Center
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Windows Sidebar Properties = Windows Sidebar Properties
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Windows SideShow = Windows SideShow
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Bluetooth Radio Properties = Bluetooth Radio Properties
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Ease of Access Center = Ease of Access Center
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Folder Options = Folder Options
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Fonts = Fonts
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Game Controllers = Game Controllers
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Parental Controls = Parental Controls
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Regional and Language Options = Regional and Language Options
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Speech Recognition Options = Speech Recognition Options
O7 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GO333C~1\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\JIM GRICE\APPDATA\LOCAL\TEMP\COFE\-220981526\PROCEXP64.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/22 17:15:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jim Grice\Desktop\OTL.exe
[2010/10/22 04:15:45 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\Desktop\iGoogle_files
[2010/10/21 19:27:47 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Roaming\Malwarebytes
[2010/10/21 19:27:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/21 19:27:36 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/21 19:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/21 19:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/21 10:23:05 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\Downloads\Documents\FrostWire
[2010/10/20 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/19 17:29:02 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Roaming\FreshDiagnose
[2010/10/19 17:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreshDevices
[2010/10/19 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!J
[2010/10/18 00:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/14 01:43:32 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/14 01:37:01 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/10/13 20:36:48 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Roaming\IObit
[2010/10/13 20:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/10/13 15:46:30 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 15:46:27 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 15:46:27 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 15:46:26 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 15:46:26 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 15:46:24 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 15:46:21 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/13 15:46:21 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/13 15:46:04 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 15:46:00 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 15:45:58 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 15:45:57 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 15:45:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/13 15:45:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/13 15:45:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/13 15:45:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/13 15:45:31 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 15:45:30 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/11 22:31:35 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/10/11 21:17:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/11 21:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Local\FixItCenter
[2010/10/11 20:08:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2010/10/11 20:08:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2010/10/11 20:08:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2010/10/11 20:08:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2010/10/11 20:08:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2010/10/11 20:08:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2010/10/11 20:08:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2010/10/11 20:08:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2010/10/11 20:08:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2010/10/11 20:08:19 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2010/10/11 20:08:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2010/10/11 20:08:11 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2010/10/11 20:08:11 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2010/10/11 20:08:11 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2010/10/11 20:08:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2010/10/11 20:08:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2010/10/11 20:08:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2010/10/11 20:08:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2010/10/11 20:08:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2010/10/11 20:08:11 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2010/10/11 20:08:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2010/10/11 20:08:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2010/10/11 20:08:01 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2010/10/11 20:08:01 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2010/10/11 20:08:01 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2010/10/11 20:08:01 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2010/10/11 20:08:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2010/10/11 20:08:01 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2010/10/11 20:08:01 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2010/10/11 20:08:00 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2010/10/11 20:08:00 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2010/10/11 20:08:00 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2010/10/11 17:46:10 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2010/10/11 17:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/10/11 17:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/10/11 17:45:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/10/09 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2010/10/09 12:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/09 00:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/10/08 20:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/08 02:36:36 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Local\SimpleMencoderShellGUI
[2010/10/08 02:35:53 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Local\TempImages
[2010/10/07 21:57:44 | 001,633,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2010/10/07 21:57:44 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/07 21:57:44 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/07 21:57:44 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2010/10/07 21:57:44 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2010/10/07 21:57:44 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/10/07 21:57:43 | 000,819,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/10/07 21:57:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/10/07 21:57:43 | 000,690,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/07 21:57:43 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/07 21:57:43 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/07 21:57:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/07 21:57:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/07 21:57:43 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2010/10/07 21:57:43 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/10/07 21:57:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/07 21:57:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/07 21:57:43 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/07 21:57:43 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2010/10/07 21:57:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/10/07 21:57:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/07 21:57:42 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2010/10/07 21:57:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/07 21:57:42 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/07 21:57:41 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2010/10/07 21:57:41 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/07 21:57:41 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/07 21:57:41 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/10/07 21:57:41 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2010/10/07 21:57:41 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/10/07 21:57:41 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/07 21:57:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/10/07 21:57:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2010/10/07 21:57:41 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2010/10/07 21:57:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2010/10/07 21:57:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2010/10/07 21:57:41 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/10/07 21:57:41 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2010/10/07 21:57:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2010/10/07 21:57:41 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/07 21:57:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2010/10/07 21:57:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/10/07 21:57:41 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/07 21:57:40 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2010/10/07 21:57:40 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/10/07 21:57:40 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/07 21:57:40 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/07 21:57:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/07 21:57:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2010/10/07 21:57:40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/07 21:57:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/10/07 21:57:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/07 21:57:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/07 21:57:39 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/10/07 21:57:39 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2010/10/07 21:57:39 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/07 21:57:39 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/10/07 21:57:38 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/10/07 21:57:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/10/07 21:57:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2010/10/07 21:57:38 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/10/07 21:57:38 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010/10/07 21:57:38 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010/10/07 21:57:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetDepNx.exe
[2010/10/07 21:57:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2010/10/07 21:57:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/10/07 21:57:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/10/07 21:57:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2010/10/07 21:57:38 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/10/07 21:57:37 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2010/10/07 21:57:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2010/10/07 21:57:37 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/10/07 21:57:37 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/10/07 21:57:37 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2010/10/07 21:57:37 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/07 21:57:37 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/07 21:57:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/07 21:57:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/07 21:57:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2010/10/07 21:57:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/10/07 21:57:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/10/07 21:57:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2010/10/07 21:56:07 | 000,831,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/10/07 21:56:07 | 000,680,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010/10/07 21:56:07 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010/10/07 21:56:07 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010/10/07 21:56:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010/10/07 21:56:07 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010/10/07 21:56:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2010/10/07 21:56:07 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2010/10/07 21:56:07 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010/10/07 21:56:06 | 002,013,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010/10/07 21:56:06 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010/10/07 21:56:06 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2010/10/07 21:56:06 | 001,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010/10/07 21:56:06 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010/10/07 21:56:06 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2010/10/07 21:56:06 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010/10/07 21:56:06 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2010/10/07 21:56:06 | 000,377,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2010/10/07 21:56:06 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2010/10/07 21:56:06 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/10/07 21:56:06 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2010/10/07 21:56:06 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/10/07 21:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/10/06 04:55:17 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Local\Sunbelt Software
[2010/10/06 04:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/10/06 02:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/06 00:57:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2010/10/05 04:24:24 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Local\Yahoo
[2010/10/04 05:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FriendFinder
[2010/10/03 04:10:24 | 000,000,000 | ---D | C] -- C:\Games
[2010/10/03 04:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade
[2010/09/27 22:57:23 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Roaming\AVS4YOU
[2010/09/27 22:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/09/27 02:52:04 | 000,774,144 | ---- | C] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\Windows\SysWow64\htmlayout.dll
[2010/09/27 02:52:00 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2010/09/27 02:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/09/27 02:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2009/08/03 20:21:14 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jim Grice\AppData\Roaming\pcouffin.sys
[3 C:\Users\Jim Grice\AppData\Local\*.tmp files -> C:\Users\Jim Grice\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 11:04:14 | 000,149,682 | ---- | M] () -- C:\Users\Jim Grice\Desktop\Extras.zip
[2010/10/23 11:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/23 11:01:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2653656259-1793968272-638556749-1000UA.job
[2010/10/23 10:58:03 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/23 10:55:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 10:55:21 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/10/23 10:55:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/23 10:55:20 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/23 10:55:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/23 10:55:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/23 07:33:50 | 000,000,000 | ---- | M] () -- C:\Users\Jim Grice\Desktop\TDSSKiller.exe
[2010/10/23 07:16:03 | 001,211,285 | ---- | M] () -- C:\Users\Jim Grice\Desktop\tdsskiller.zip
[2010/10/23 05:27:47 | 000,004,888 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\mofdecf.abw
[2010/10/23 00:03:53 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/10/22 23:01:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2653656259-1793968272-638556749-1000Core.job
[2010/10/22 17:15:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jim Grice\Desktop\OTL.exe
[2010/10/22 04:15:45 | 000,070,720 | ---- | M] () -- C:\Users\Jim Grice\Desktop\iGoogle.htm
[2010/10/22 03:45:04 | 000,000,785 | ---- | M] () -- C:\Users\Jim Grice\jidols.rtf
[2010/10/21 19:27:40 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 14:58:03 | 218,096,780 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\mshta.dmp
[2010/10/20 00:20:00 | 000,001,968 | ---- | M] () -- C:\Users\Jim Grice\Desktop\HiJackThis.lnk
[2010/10/19 20:12:25 | 000,011,320 | ---- | M] () -- C:\Users\Jim Grice\AppData\Roaming\wklnhst.dat
[2010/10/19 19:52:33 | 000,090,112 | ---- | M] () -- C:\Users\Jim Grice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/19 19:18:43 | 000,001,042 | ---- | M] () -- C:\Users\Jim Grice\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/10/19 17:26:44 | 000,001,061 | ---- | M] () -- C:\Users\Jim Grice\Desktop\Revo Uninstaller.lnk
[2010/10/19 17:02:14 | 000,000,036 | ---- | M] () -- C:\Users\Jim Grice\AppData\Local\housecall.guid.cache
[2010/10/18 22:49:18 | 003,285,568 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\RichmondPlunge.pdf
[2010/10/17 23:27:55 | 000,096,687 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\schedule_end_sem.pdf
[2010/10/17 01:47:25 | 000,002,449 | ---- | M] () -- C:\Users\Jim Grice\Desktop\Quick Zip 5.1.lnk
[2010/10/16 01:47:42 | 000,838,458 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\some_Code.rtf
[2010/10/13 21:46:10 | 000,345,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/13 21:32:35 | 000,959,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/13 21:32:35 | 000,774,220 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/13 21:32:35 | 000,168,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/12 17:49:45 | 000,005,288 | ---- | M] () -- C:\Users\Jim Grice\Desktop\Attach.zip
[2010/10/12 17:49:26 | 000,055,132 | ---- | M] () -- C:\Users\Jim Grice\Desktop\ark.zip
[2010/10/12 16:49:19 | 000,000,000 | ---- | M] () -- C:\Users\Jim Grice\defogger_reenable
[2010/10/12 14:50:19 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/11 17:46:11 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2010/10/11 17:43:11 | 003,866,624 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/10/11 17:43:11 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/10/11 17:43:11 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/10/11 17:43:04 | 003,866,624 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/10/11 17:43:04 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/10/11 17:43:04 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/10/10 17:31:37 | 000,000,116 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/10 01:07:42 | 000,105,538 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\PersonalMedInvent.pdf
[2010/10/10 01:07:25 | 000,105,538 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\PersonalMedInventjim.pdf
[2010/10/09 22:02:21 | 000,000,836 | ---- | M] () -- C:\Users\Jim Grice\Desktop\KMPlayer.lnk
[2010/10/09 21:22:43 | 000,000,901 | ---- | M] () -- C:\Users\Jim Grice\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/09 05:10:00 | 000,031,016 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/10/08 20:26:12 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/08 02:36:06 | 000,000,071 | ---- | M] () -- C:\AskScreen.ini
[2010/10/07 21:59:25 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2010/10/07 21:59:25 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2010/10/07 21:59:25 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2010/10/07 21:59:25 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2010/10/07 09:11:17 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/06 04:36:07 | 000,006,864 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\headachePopUps.abw
[2010/10/06 03:03:31 | 000,938,956 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/06 02:22:06 | 002,514,160 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/10/05 20:47:11 | 000,000,700 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/10/05 01:56:35 | 000,000,063 | -H-- | M] () -- C:\ProgramData\Ts_infos.ini
[2010/10/03 02:22:10 | 000,002,265 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\more_Code.rtf
[2010/10/02 06:32:58 | 000,003,297 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\contactsPersonal.abw
[2010/09/24 17:45:49 | 000,019,456 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\ORACLEdatabaseInfo.wps
[2010/09/23 22:23:17 | 000,005,358 | ---- | M] () -- C:\Users\Jim Grice\StackLayout_jg.rtf
[3 C:\Users\Jim Grice\AppData\Local\*.tmp files -> C:\Users\Jim Grice\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 11:04:14 | 000,149,682 | ---- | C] () -- C:\Users\Jim Grice\Desktop\Extras.zip
[2010/10/23 07:33:50 | 000,000,000 | ---- | C] () -- C:\Users\Jim Grice\Desktop\TDSSKiller.exe
[2010/10/23 07:16:00 | 001,211,285 | ---- | C] () -- C:\Users\Jim Grice\Desktop\tdsskiller.zip
[2010/10/23 05:27:47 | 000,004,888 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\mofdecf.abw
[2010/10/22 04:15:44 | 000,070,720 | ---- | C] () -- C:\Users\Jim Grice\Desktop\iGoogle.htm
[2010/10/21 19:27:40 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 14:57:49 | 218,096,780 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\mshta.dmp
[2010/10/20 00:20:00 | 000,001,968 | ---- | C] () -- C:\Users\Jim Grice\Desktop\HiJackThis.lnk
[2010/10/19 19:18:51 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/19 19:18:43 | 000,001,042 | ---- | C] () -- C:\Users\Jim Grice\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/10/19 17:02:14 | 000,000,036 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\housecall.guid.cache
[2010/10/18 22:49:18 | 003,285,568 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\RichmondPlunge.pdf
[2010/10/17 23:27:55 | 000,096,687 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\schedule_end_sem.pdf
[2010/10/16 01:47:39 | 000,838,458 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\some_Code.rtf
[2010/10/12 17:49:45 | 000,005,288 | ---- | C] () -- C:\Users\Jim Grice\Desktop\Attach.zip
[2010/10/12 17:49:26 | 000,055,132 | ---- | C] () -- C:\Users\Jim Grice\Desktop\ark.zip
[2010/10/12 16:49:19 | 000,000,000 | ---- | C] () -- C:\Users\Jim Grice\defogger_reenable
[2010/10/11 20:12:00 | 000,004,984 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2010/10/11 20:08:03 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/10/11 20:08:03 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/10/11 20:08:03 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/10/11 20:08:03 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/10/11 20:08:03 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/10/11 20:08:03 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/10/11 17:46:11 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2010/10/11 17:43:04 | 003,866,624 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/10/11 17:43:04 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/10/11 17:43:04 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/10/11 17:42:29 | 003,866,624 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/10/11 17:42:29 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/10/11 17:42:29 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/10/10 17:31:36 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/10 01:07:42 | 000,105,538 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\PersonalMedInvent.pdf
[2010/10/10 01:07:25 | 000,105,538 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\PersonalMedInventjim.pdf
[2010/10/09 22:02:21 | 000,000,836 | ---- | C] () -- C:\Users\Jim Grice\Desktop\KMPlayer.lnk
[2010/10/09 19:54:55 | 000,000,901 | ---- | C] () -- C:\Users\Jim Grice\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/09 01:17:11 | 000,031,016 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/10/08 20:26:12 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/08 02:36:06 | 000,000,071 | ---- | C] () -- C:\AskScreen.ini
[2010/10/07 21:57:43 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/10/07 21:57:43 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/10/06 04:36:07 | 000,006,864 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\headachePopUps.abw
[2010/10/06 02:20:59 | 002,514,160 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/10/06 02:19:30 | 000,422,316 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistMSI184C.txt
[2010/10/06 02:19:30 | 000,011,378 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistUI184C.txt
[2010/10/06 02:19:30 | 000,010,630 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistUI184D.txt
[2010/10/05 02:02:02 | 000,372,062 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_rdbgexp64_80MSI3CBC.txt
[2010/10/05 02:01:57 | 000,025,452 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_rdbgexp64_80UI3CBC.txt
[2010/10/02 06:32:58 | 000,003,297 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\contactsPersonal.abw
[2010/10/02 04:34:49 | 000,000,063 | -H-- | C] () -- C:\ProgramData\Ts_infos.ini
[2010/09/24 17:45:49 | 000,019,456 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\ORACLEdatabaseInfo.wps
[2010/09/19 19:17:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/09/11 04:37:02 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/11 04:37:02 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/02 04:55:22 | 000,000,023 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\phology
[2010/07/11 19:25:39 | 000,213,176 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SQLCEToolsForVS2007_MSI1C1D.txt
[2010/07/11 19:25:31 | 000,679,618 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SSCERuntime_64_MSI1C03.txt
[2010/07/11 19:25:10 | 001,146,886 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SSCERuntime_MSI1BBE.txt
[2010/07/11 19:23:03 | 012,772,154 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VSMsiLog1A20.txt
[2010/07/11 19:22:50 | 000,340,028 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vc_runtime_x64_msi19F5.txt
[2010/07/11 17:12:55 | 000,337,126 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_HelpSetup_MSI3686.txt
[2010/07/11 17:11:53 | 000,969,068 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI35BB.txt
[2010/07/11 17:11:22 | 002,740,422 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SharedManagementObjects_MSI3556.txt
[2010/07/11 17:11:08 | 000,861,220 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SQLSysClrTypes_msi3528.txt
[2010/07/11 17:10:51 | 001,474,364 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_silverlight_sdk.msi34F1.txt
[2010/07/11 17:10:36 | 000,322,586 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SqlPubWiz_14_msi34C0.txt
[2010/07/11 17:10:31 | 000,126,992 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_AspNetMVC2.msi34B0.txt
[2010/07/11 17:09:28 | 000,441,668 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VWD2010ToolsMVC2.msi33E2.txt
[2010/07/11 17:09:13 | 000,503,996 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_WebDeploy_x64_en-US.msi33B1.txt
[2010/07/11 17:04:17 | 017,755,288 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VSMsiLog2FEA.txt
[2010/07/11 17:03:43 | 001,540,812 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_netfx_dtp2F7B.txt
[2010/07/11 17:03:16 | 001,293,344 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vsexpbsln64_1002F23.txt
[2010/07/11 17:02:30 | 000,451,994 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VC_Red_MSI2E8D.txt
[2010/07/11 17:02:20 | 000,340,276 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vc_runtime_x86_msi2E6C.txt
[2010/07/11 16:55:39 | 000,166,543 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_depcheck_VNS_EXP_100.txt
[2010/07/11 16:55:35 | 000,000,002 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_error_vns_xcor_100.txt
[2010/07/11 16:55:33 | 000,547,972 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_install_vns_xcor_100.txt
[2010/07/09 18:12:41 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/27 19:53:45 | 008,424,206 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\VSMsiLog6BBF.txt
[2010/06/27 19:46:08 | 000,483,124 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vsexpbsln64_10065EE.txt
[2010/06/27 19:45:44 | 001,091,176 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_netfx_dtp659C.txt
[2010/06/27 19:43:25 | 007,705,190 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VSMsiLog63D9.txt
[2010/06/27 19:43:04 | 000,143,080 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SQLCEToolsForVS2007_MSI6395.txt
[2010/06/27 19:42:23 | 000,649,872 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI630C.txt
[2010/06/27 19:42:12 | 000,346,552 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_HelpSetup_MSI62E8.txt
[2010/06/27 19:39:29 | 000,022,160 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_depcheck_VCS_EXP_100.txt
[2010/06/27 19:39:23 | 000,097,700 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_install_vcs_xcor_100.txt
[2010/06/27 19:39:23 | 000,001,396 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_error_vcs_xcor_100.txt
[2010/06/15 03:03:15 | 000,417,650 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistMSI3CC1.txt
[2010/06/15 03:03:15 | 000,011,496 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistUI3CC1.txt
[2010/04/04 19:35:12 | 000,435,974 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistMSI3A60.txt
[2010/04/04 19:35:11 | 000,011,410 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistUI3A60.txt
[2010/02/16 23:08:32 | 000,000,700 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/01/23 22:13:25 | 000,000,000 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\prvlcl.dat
[2009/11/01 12:23:18 | 000,361,312 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_HelpSetup_MSI6F59.txt
[2009/11/01 12:22:55 | 000,897,748 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI6F0D.txt
[2009/11/01 12:14:12 | 001,603,692 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SharedManagementObjects_MSI6862.txt
[2009/11/01 12:13:55 | 000,509,194 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SQLSysClrTypes_msi682A.txt
[2009/11/01 12:13:49 | 000,198,352 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SQLCEToolsForVS2007_MSI6816.txt
[2009/11/01 12:13:35 | 000,701,794 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SSCERuntime_MSI67E9.txt
[2009/11/01 12:10:44 | 014,014,814 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VSMsiLog65BA.txt
[2009/11/01 12:10:00 | 001,906,848 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_netfx_dtp652B.txt
[2009/11/01 12:09:32 | 001,198,108 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vsexpbsln64_10064CF.txt
[2009/11/01 05:37:37 | 000,440,892 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VC_Red_MSI38D9.txt
[2009/11/01 05:15:00 | 000,352,899 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_depcheck_VB_EXP_100.txt
[2009/11/01 05:14:52 | 001,533,500 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_install_vb_xcor_100.txt
[2009/11/01 05:14:52 | 000,000,002 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_error_vb_xcor_100.txt
[2009/09/17 06:33:15 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 06:32:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/08 17:14:48 | 010,034,222 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\VSMsiLog5D26.txt
[2009/08/08 17:14:32 | 000,186,326 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI5CF2.txt
[2009/08/08 17:14:28 | 000,200,274 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_WinSDK_ExpTools_x64_MSI5CE1.txt
[2009/08/08 17:13:47 | 001,785,270 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_NET_Framework35_x64_MSI5C5F.txt
[2009/08/08 17:10:55 | 000,329,032 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VC_Red_MSI5A2D.txt
[2009/08/03 20:21:38 | 000,000,033 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\pcouffin.log
[2009/08/03 20:21:14 | 000,099,384 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\inst.exe
[2009/08/03 20:21:14 | 000,007,859 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\pcouffin.cat
[2009/08/03 20:21:14 | 000,001,167 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\pcouffin.inf
[2009/07/24 17:48:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/14 22:17:14 | 000,048,507 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/14 02:42:41 | 000,048,507 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/10 01:05:03 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2009/06/10 01:05:03 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2009/05/24 14:33:33 | 007,349,744 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe
[2009/04/17 20:01:01 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/02/13 23:23:39 | 000,000,097 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\fusioncache.dat
[2009/02/13 22:02:51 | 000,938,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/02/01 22:35:51 | 011,231,892 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\VSMsiLog71DB.txt
[2009/02/01 22:35:42 | 000,201,402 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI71C1.txt
[2009/02/01 22:35:36 | 000,214,522 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_WinSDK_ExpTools_x64_MSI71AD.txt
[2009/02/01 22:35:27 | 001,202,510 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_ExpRemoteDbg_x64_MSI7190.txt
[2009/02/01 22:33:40 | 002,484,758 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_NET_Framework35_x64_MSI7032.txt
[2009/02/01 22:19:21 | 000,396,661 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/02/01 22:19:18 | 000,443,934 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_dotnetfx35install.txt
[2009/02/01 22:19:18 | 000,000,002 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_dotnetfx35error.txt
[2009/02/01 22:18:54 | 000,422,874 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VC_Red_MSI64E5.txt
[2009/02/01 22:12:30 | 000,521,986 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_depcheck_VB_EXP_90.txt
[2009/02/01 22:12:26 | 001,178,324 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_install_vb_xcor_90.txt
[2009/02/01 22:12:26 | 000,403,300 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\uxeventlog.txt
[2009/02/01 22:12:26 | 000,000,002 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_error_vb_xcor_90.txt
[2008/12/02 00:07:23 | 000,000,680 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\d3d9caps.dat
[2008/11/30 18:18:48 | 000,124,432 | ---- | C] () -- C:\Windows\SysWow64\PanInstaller.dll
[2008/11/30 18:18:46 | 000,083,480 | ---- | C] () -- C:\Windows\SysWow64\FirstLoad.dll
[2008/09/03 04:06:24 | 000,000,128 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/02 01:14:42 | 000,011,320 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\wklnhst.dat
[2008/09/02 01:11:18 | 000,027,070 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\UserTile.png
[2008/09/01 23:30:23 | 000,090,112 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/09 16:31:50 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/09 16:31:50 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll

========== LOP Check ==========

[2009/06/12 08:04:46 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Costco Photo Viewer US
[2009/06/12 08:02:57 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Printer Info Cache
[2009/06/19 10:42:09 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\StarOffice8
[2009/06/15 18:45:34 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\W Photo Studio Viewer
[2010/02/03 08:26:59 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ZiggyTV
[2009/02/13 21:13:04 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\.BitTornado
[2009/04/24 04:58:12 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Amphetype
[2009/03/21 23:31:47 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Azureus
[2009/06/04 02:25:30 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Badongo Toolbar
[2009/06/04 02:11:32 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\BitZipper
[2009/11/08 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\BNeReader
[2009/10/17 16:15:19 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\CBS Interactive
[2009/02/22 13:53:24 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/09 10:39:43 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/09/27 00:21:37 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\CometPlayer
[2010/06/12 21:28:20 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\COWON
[2008/09/04 03:53:33 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\DreamNavigator
[2010/06/15 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\enchant
[2008/09/02 19:20:32 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\FDRLab
[2009/06/01 23:24:52 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\FFSJ
[2010/05/20 22:23:14 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\foobar2000
[2010/10/19 17:37:50 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\FreshDiagnose
[2010/10/13 21:31:04 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\FreshHTML
[2010/10/22 22:43:05 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\FrostWire
[2010/01/07 03:05:49 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\GlarySoft
[2009/07/29 22:11:45 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\gtk-2.0
[2010/10/21 01:27:58 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\IObit
[2009/02/03 22:29:55 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\iWin
[2010/04/04 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Leadertech
[2009/04/17 19:49:09 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Megaupload
[2010/05/20 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\MiguMusic
[2010/03/18 10:42:42 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\OpenCandy
[2010/03/22 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\OpenOffice.org
[2009/09/28 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Paltalk
[2009/05/13 15:05:47 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\PandoraTV
[2009/07/28 23:58:04 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Participatory Culture Foundation
[2008/09/02 01:11:18 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\PeerNetworking
[2010/09/27 03:04:51 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\PhotoScape
[2010/05/20 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\PPLive
[2010/08/28 00:38:25 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Spider Player
[2009/12/26 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\StarOffice8
[2008/09/02 01:17:16 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Template
[2010/08/12 04:52:57 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\TheSage
[2010/09/27 00:21:31 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\TigerPlayer
[2010/05/21 06:53:56 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Transparent
[2010/07/21 03:46:58 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\TreeSheetsdbs
[2010/10/09 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\TweakNow PowerPack 2010
[2010/06/12 21:24:36 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\uTorrent
[2009/08/07 22:43:03 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Vso
[2009/06/04 20:52:15 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\WeatherBug
[2008/09/02 00:13:52 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\WildTangent
[2008/09/09 17:32:42 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\WinBatch
[2010/07/28 03:43:52 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Windows Live Writer
[2010/06/15 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\WordWeb
[2010/09/19 16:44:57 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\ZiggyTV
[2010/10/23 10:55:20 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/10/23 10:55:21 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2010/10/23 09:40:28 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B05DDA6E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 PM

Posted 23 October 2010 - 06:03 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
[2010/07/23 23:36:31 | 000,001,949 | ---- | M] () -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\searchplugins\bing-zugo.xml
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..keyword.URL: "http://wyzo.wyzostart.com/s/?src=FF-Address&site=Bing&cfg=2-47-0-1AkM3&q="
O2 - BHO: (no name) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {4C350B19-6CA1-4569-B14C-296D8D65300C} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-2653656259-1793968272-638556749-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [(default)] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2010/10/09 05:10:00 | 000,031,016 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B05DDA6E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please then rerun OTL on scan only and post the log
Posted Image
m0le is a proud member of UNITE

#13 justjim2

justjim2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California
  • Local time:04:35 PM

Posted 24 October 2010 - 01:50 AM

========== OTL ==========
HKU\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\searchplugins\bing-zugo.xml moved successfully.
Prefs.js: searchtoolbar@zugo.com:1.2 removed from extensions.enabledItems
Prefs.js: "http://wyzo.wyzostart.com/s/?src=FF-Address&site=Bing&cfg=2-47-0-1AkM3&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43BEAFD9-E005-483D-A367-146BA6C8A32E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_USERS\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4C350B19-6CA1-4569-B14C-296D8D65300C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C350B19-6CA1-4569-B14C-296D8D65300C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\S-1-5-21-2653656259-1793968272-638556749-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\(default) deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
C:\Windows\SysNative\drivers\kgpcpy.cfg moved successfully.
ADS C:\ProgramData\TEMP:B05DDA6E deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.16.0 log created on 10232010_234839

#14 justjim2

justjim2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California
  • Local time:04:35 PM

Posted 24 October 2010 - 01:58 AM

Here is the scan otl.exe after running te fix. I still did not reboot as I was not asked to by the fix or by the scan. When I ran the fix and scan I still had the mshta.exe file suspended, I did not change that. In the past I did not change that either but of course when I do reboot it is un suspended until I suspend it again. Of course I don't want to have to keep suspending mshta.exe and assume it will not need suspending when the virus is cured. Thanks!
Jim

OTL logfile created on: 10/23/2010 11:51:37 PM - Run 3
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Jim Grice\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 323.10 Gb Free Space | 71.07% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.31 Gb Free Space | 11.80% Space Free | Partition Type: NTFS

Computer Name: JIMGRICE-PC | User Name: Jim Grice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jim Grice\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Jim Grice\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE ()
PRC - c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe (Oracle Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Jim Grice\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msiltcfg.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\eptsoft\Mathematics V10 FREE Download\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\tcpsvcs.exe (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (NtmsSvc) -- C:\Windows\SysNative\ntmssvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (OracleXEClrAgent) -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe ()
SRV - (OracleXETNSListener) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE ()
SRV - (OracleMTSRecoveryService) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (Oracle Corporation)
SRV - (OracleJobSchedulerXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe ()
SRV - (OracleServiceXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (Oracle Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (SRS_WOWHD_DivX_Service) -- C:\Windows\SysNative\drivers\SRS_DivX_amd64.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (FreshIO) -- C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "ZiggyTV"
FF - prefs.js..browser.search.defaultenginename: "ZiggyTV"
FF - prefs.js..browser.search.order.1: "ZiggyTV"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=196149"
FF - prefs.js..browser.search.selectedEngine: "ZiggyTV"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com/en-US/firefox/central/\r"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {F807FACD-E46A-4793-B345-D58CB177673C}:3.5.3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:7.3.0.2010052416
FF - prefs.js..extensions.enabledItems: designmodetweak@tamingdfox.blogspot.com:1.1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {155b68cd-2661-4d9a-8d0d-de336d6f9461}:1.0.1
FF - prefs.js..extensions.enabledItems: wisestamp@wisestamp.com:2.0.1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5


FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/04/07 05:11:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 03:09:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/22 02:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/20 22:07:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/22 03:25:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/08 20:26:12 | 000,000,000 | ---D | M]

[2010/04/07 05:27:45 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Extensions
[2010/10/22 06:19:33 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions
[2010/08/14 00:27:01 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/08/08 22:49:23 | 000,000,000 | ---D | M] (MozTweak) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{155b68cd-2661-4d9a-8d0d-de336d6f9461}
[2010/06/01 22:18:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/03 00:19:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/31 22:22:46 | 000,000,000 | ---D | M] (Yahoo!ใƒ„ใƒผใƒซใƒใƒผ) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/27 21:18:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/21 17:48:04 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2010/07/15 20:15:13 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\designmodetweak@tamingdfox.blogspot.com
[2010/07/13 16:56:43 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\firefox@tvunetworks.com
[2010/09/11 04:36:42 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\searchtoolbar@zugo.com
[2010/10/22 06:09:35 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\toolbar@ask.com
[2010/09/03 22:15:18 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\extensions\wisestamp@wisestamp.com
[2010/10/16 16:24:36 | 000,002,412 | ---- | M] () -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\searchplugins\fjvin0-8.xml
[2010/07/19 22:26:08 | 000,002,168 | ---- | M] () -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\searchplugins\inbox-search.xml
[2010/08/14 00:33:27 | 000,001,196 | ---- | M] () -- C:\Users\Jim Grice\AppData\Roaming\Mozilla\Firefox\Profiles\qgojnwuq.default\searchplugins\winamp-search.xml
[2010/10/13 20:56:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/04 15:52:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 17:56:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/07/03 19:33:04 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\CheckTudouVa.dll
[2008/11/11 00:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/02 04:34:47 | 001,152,488 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPFxViewer.dll
[2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010/10/13 20:43:51 | 000,002,518 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\ZiggyTV.xml
[2010/10/13 20:43:51 | 000,002,502 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\ZiggyTV.xml.bak

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Yahoo!ƒc[ƒ‹ƒo[ƒtƒBƒbƒVƒ“ƒOŒx) - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files\Yahoo!J\Toolbar64\7_3_0_12\Modules\ypho.dll (Yahoo Japan Corporation. )
O2:64bit: - BHO: (Yahoo!ƒc[ƒ‹ƒo[ƒwƒ‹ƒp[) - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files\Yahoo!J\Toolbar64\7_3_0_12\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files\Yahoo!J\Toolbar64\7_3_0_12\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files\Yahoo!J\Toolbar64\7_3_0_12\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [CD Autorun] C:\Program Files (x86)\TweakNow PowerPack 2010\CDAuto.exe File not found
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RAM Idle Professional] C:\Program Files (x86)\TweakNow PowerPack 2010\Module64\RAM2_XP.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AirMac Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 6
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = E0 01 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Welcome Center = Welcome Center
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Windows CardSpace = Windows CardSpace
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Windows Defender = Windows Defender
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Windows Mobility Center = Windows Mobility Center
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Windows Sidebar Properties = Windows Sidebar Properties
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Windows SideShow = Windows SideShow
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Bluetooth Radio Properties = Bluetooth Radio Properties
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Ease of Access Center = Ease of Access Center
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Folder Options = Folder Options
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Fonts = Fonts
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Game Controllers = Game Controllers
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Parental Controls = Parental Controls
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Regional and Language Options = Regional and Language Options
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: Speech Recognition Options = Speech Recognition Options
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GO333C~1\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\JIM GRICE\APPDATA\LOCAL\TEMP\COFE\-220981526\PROCEXP64.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 23:48:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/22 17:15:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jim Grice\Desktop\OTL.exe
[2010/10/22 04:15:45 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\Desktop\iGoogle_files
[2010/10/21 19:27:47 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Roaming\Malwarebytes
[2010/10/21 19:27:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/21 19:27:36 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/21 19:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/21 19:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/21 10:23:05 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\Downloads\Documents\FrostWire
[2010/10/20 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/19 17:29:02 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Roaming\FreshDiagnose
[2010/10/19 17:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreshDevices
[2010/10/19 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!J
[2010/10/18 00:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/14 01:43:32 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/14 01:37:01 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/10/13 20:36:48 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Roaming\IObit
[2010/10/13 20:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/10/13 15:46:30 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 15:46:27 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 15:46:27 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 15:46:26 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 15:46:26 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 15:46:24 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 15:46:21 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/13 15:46:21 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/13 15:46:04 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 15:46:00 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 15:45:58 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 15:45:57 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 15:45:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/13 15:45:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/13 15:45:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/13 15:45:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/13 15:45:31 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 15:45:30 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/11 22:31:35 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/10/11 21:17:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/11 21:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Local\FixItCenter
[2010/10/11 20:08:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2010/10/11 20:08:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2010/10/11 20:08:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2010/10/11 20:08:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2010/10/11 20:08:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2010/10/11 20:08:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2010/10/11 20:08:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2010/10/11 20:08:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2010/10/11 20:08:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2010/10/11 20:08:19 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2010/10/11 20:08:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2010/10/11 20:08:11 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2010/10/11 20:08:11 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2010/10/11 20:08:11 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2010/10/11 20:08:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2010/10/11 20:08:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2010/10/11 20:08:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2010/10/11 20:08:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2010/10/11 20:08:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2010/10/11 20:08:11 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2010/10/11 20:08:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2010/10/11 20:08:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2010/10/11 20:08:01 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2010/10/11 20:08:01 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2010/10/11 20:08:01 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2010/10/11 20:08:01 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2010/10/11 20:08:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2010/10/11 20:08:01 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2010/10/11 20:08:01 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2010/10/11 20:08:00 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2010/10/11 20:08:00 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2010/10/11 20:08:00 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2010/10/11 17:46:10 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2010/10/11 17:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/10/11 17:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/10/11 17:45:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/10/09 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2010/10/09 12:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/09 00:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/10/08 20:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/08 02:36:36 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Local\SimpleMencoderShellGUI
[2010/10/08 02:35:53 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Local\TempImages
[2010/10/07 21:57:44 | 001,633,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2010/10/07 21:57:44 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/07 21:57:44 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/07 21:57:44 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2010/10/07 21:57:44 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2010/10/07 21:57:44 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/10/07 21:57:43 | 000,819,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/10/07 21:57:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/10/07 21:57:43 | 000,690,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/07 21:57:43 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/07 21:57:43 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/07 21:57:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/07 21:57:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/07 21:57:43 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2010/10/07 21:57:43 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/10/07 21:57:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/07 21:57:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/07 21:57:43 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/07 21:57:43 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2010/10/07 21:57:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/10/07 21:57:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/07 21:57:42 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2010/10/07 21:57:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/07 21:57:42 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/07 21:57:41 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2010/10/07 21:57:41 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/07 21:57:41 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/07 21:57:41 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/10/07 21:57:41 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2010/10/07 21:57:41 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/10/07 21:57:41 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/07 21:57:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/10/07 21:57:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2010/10/07 21:57:41 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2010/10/07 21:57:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2010/10/07 21:57:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2010/10/07 21:57:41 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/10/07 21:57:41 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2010/10/07 21:57:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2010/10/07 21:57:41 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/07 21:57:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2010/10/07 21:57:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/10/07 21:57:41 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/07 21:57:40 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2010/10/07 21:57:40 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/10/07 21:57:40 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/07 21:57:40 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/07 21:57:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/07 21:57:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2010/10/07 21:57:40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/07 21:57:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/10/07 21:57:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/07 21:57:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/07 21:57:39 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/10/07 21:57:39 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2010/10/07 21:57:39 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/07 21:57:39 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/10/07 21:57:38 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/10/07 21:57:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/10/07 21:57:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2010/10/07 21:57:38 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/10/07 21:57:38 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010/10/07 21:57:38 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010/10/07 21:57:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetDepNx.exe
[2010/10/07 21:57:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2010/10/07 21:57:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/10/07 21:57:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/10/07 21:57:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2010/10/07 21:57:38 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/10/07 21:57:37 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2010/10/07 21:57:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2010/10/07 21:57:37 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/10/07 21:57:37 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/10/07 21:57:37 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2010/10/07 21:57:37 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/07 21:57:37 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/07 21:57:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/07 21:57:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/07 21:57:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2010/10/07 21:57:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/10/07 21:57:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/10/07 21:57:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2010/10/07 21:56:07 | 000,831,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/10/07 21:56:07 | 000,680,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010/10/07 21:56:07 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010/10/07 21:56:07 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010/10/07 21:56:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010/10/07 21:56:07 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010/10/07 21:56:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2010/10/07 21:56:07 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2010/10/07 21:56:07 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010/10/07 21:56:06 | 002,013,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010/10/07 21:56:06 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010/10/07 21:56:06 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2010/10/07 21:56:06 | 001,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010/10/07 21:56:06 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010/10/07 21:56:06 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2010/10/07 21:56:06 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010/10/07 21:56:06 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2010/10/07 21:56:06 | 000,377,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2010/10/07 21:56:06 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2010/10/07 21:56:06 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/10/07 21:56:06 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2010/10/07 21:56:06 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/10/07 21:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/10/06 04:55:17 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Local\Sunbelt Software
[2010/10/06 04:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/10/06 02:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/06 00:57:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2010/10/05 04:24:24 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Local\Yahoo
[2010/10/04 05:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FriendFinder
[2010/10/03 04:10:24 | 000,000,000 | ---D | C] -- C:\Games
[2010/10/03 04:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade
[2010/09/27 22:57:23 | 000,000,000 | ---D | C] -- C:\Users\Jim Grice\AppData\Roaming\AVS4YOU
[2010/09/27 22:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/09/27 02:52:04 | 000,774,144 | ---- | C] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\Windows\SysWow64\htmlayout.dll
[2010/09/27 02:52:00 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2010/09/27 02:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/09/27 02:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2009/08/03 20:21:14 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jim Grice\AppData\Roaming\pcouffin.sys
[3 C:\Users\Jim Grice\AppData\Local\*.tmp files -> C:\Users\Jim Grice\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 23:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/23 23:01:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2653656259-1793968272-638556749-1000UA.job
[2010/10/23 23:01:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2653656259-1793968272-638556749-1000Core.job
[2010/10/23 22:55:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/23 22:55:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/23 20:03:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 13:53:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/23 11:04:14 | 000,149,682 | ---- | M] () -- C:\Users\Jim Grice\Desktop\Extras.zip
[2010/10/23 10:55:21 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/10/23 10:55:20 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/23 10:55:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/23 07:33:50 | 000,000,000 | ---- | M] () -- C:\Users\Jim Grice\Desktop\TDSSKiller.exe
[2010/10/23 07:16:03 | 001,211,285 | ---- | M] () -- C:\Users\Jim Grice\Desktop\tdsskiller.zip
[2010/10/23 05:27:47 | 000,004,888 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\mofdecf.abw
[2010/10/23 00:03:53 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/10/22 17:15:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jim Grice\Desktop\OTL.exe
[2010/10/22 04:15:45 | 000,070,720 | ---- | M] () -- C:\Users\Jim Grice\Desktop\iGoogle.htm
[2010/10/22 03:45:04 | 000,000,785 | ---- | M] () -- C:\Users\Jim Grice\jidols.rtf
[2010/10/21 19:27:40 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 14:58:03 | 218,096,780 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\mshta.dmp
[2010/10/20 00:20:00 | 000,001,968 | ---- | M] () -- C:\Users\Jim Grice\Desktop\HiJackThis.lnk
[2010/10/19 20:12:25 | 000,011,320 | ---- | M] () -- C:\Users\Jim Grice\AppData\Roaming\wklnhst.dat
[2010/10/19 19:52:33 | 000,090,112 | ---- | M] () -- C:\Users\Jim Grice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/19 19:18:43 | 000,001,042 | ---- | M] () -- C:\Users\Jim Grice\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/10/19 17:26:44 | 000,001,061 | ---- | M] () -- C:\Users\Jim Grice\Desktop\Revo Uninstaller.lnk
[2010/10/19 17:02:14 | 000,000,036 | ---- | M] () -- C:\Users\Jim Grice\AppData\Local\housecall.guid.cache
[2010/10/18 22:49:18 | 003,285,568 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\RichmondPlunge.pdf
[2010/10/17 23:27:55 | 000,096,687 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\schedule_end_sem.pdf
[2010/10/17 01:47:25 | 000,002,449 | ---- | M] () -- C:\Users\Jim Grice\Desktop\Quick Zip 5.1.lnk
[2010/10/16 01:47:42 | 000,838,458 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\some_Code.rtf
[2010/10/13 21:46:10 | 000,345,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/13 21:32:35 | 000,959,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/13 21:32:35 | 000,774,220 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/13 21:32:35 | 000,168,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/12 17:49:45 | 000,005,288 | ---- | M] () -- C:\Users\Jim Grice\Desktop\Attach.zip
[2010/10/12 17:49:26 | 000,055,132 | ---- | M] () -- C:\Users\Jim Grice\Desktop\ark.zip
[2010/10/12 16:49:19 | 000,000,000 | ---- | M] () -- C:\Users\Jim Grice\defogger_reenable
[2010/10/12 14:50:19 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/11 17:46:11 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2010/10/11 17:43:11 | 003,866,624 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/10/11 17:43:11 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/10/11 17:43:11 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/10/11 17:43:04 | 003,866,624 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/10/11 17:43:04 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/10/11 17:43:04 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/10/10 17:31:37 | 000,000,116 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/10 01:07:42 | 000,105,538 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\PersonalMedInvent.pdf
[2010/10/10 01:07:25 | 000,105,538 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\PersonalMedInventjim.pdf
[2010/10/09 22:02:21 | 000,000,836 | ---- | M] () -- C:\Users\Jim Grice\Desktop\KMPlayer.lnk
[2010/10/09 21:22:43 | 000,000,901 | ---- | M] () -- C:\Users\Jim Grice\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/08 20:26:12 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/08 02:36:06 | 000,000,071 | ---- | M] () -- C:\AskScreen.ini
[2010/10/07 21:59:25 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2010/10/07 21:59:25 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2010/10/07 21:59:25 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2010/10/07 21:59:25 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2010/10/07 09:11:17 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/06 04:36:07 | 000,006,864 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\headachePopUps.abw
[2010/10/06 03:03:31 | 000,938,956 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/06 02:22:06 | 002,514,160 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/10/05 20:47:11 | 000,000,700 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/10/05 01:56:35 | 000,000,063 | -H-- | M] () -- C:\ProgramData\Ts_infos.ini
[2010/10/03 02:22:10 | 000,002,265 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\more_Code.rtf
[2010/10/02 06:32:58 | 000,003,297 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\contactsPersonal.abw
[2010/09/24 17:45:49 | 000,019,456 | ---- | M] () -- C:\Users\Jim Grice\Downloads\Documents\ORACLEdatabaseInfo.wps
[3 C:\Users\Jim Grice\AppData\Local\*.tmp files -> C:\Users\Jim Grice\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 11:04:14 | 000,149,682 | ---- | C] () -- C:\Users\Jim Grice\Desktop\Extras.zip
[2010/10/23 07:33:50 | 000,000,000 | ---- | C] () -- C:\Users\Jim Grice\Desktop\TDSSKiller.exe
[2010/10/23 07:16:00 | 001,211,285 | ---- | C] () -- C:\Users\Jim Grice\Desktop\tdsskiller.zip
[2010/10/23 05:27:47 | 000,004,888 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\mofdecf.abw
[2010/10/22 04:15:44 | 000,070,720 | ---- | C] () -- C:\Users\Jim Grice\Desktop\iGoogle.htm
[2010/10/21 19:27:40 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 14:57:49 | 218,096,780 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\mshta.dmp
[2010/10/20 00:20:00 | 000,001,968 | ---- | C] () -- C:\Users\Jim Grice\Desktop\HiJackThis.lnk
[2010/10/19 19:18:51 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/19 19:18:43 | 000,001,042 | ---- | C] () -- C:\Users\Jim Grice\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/10/19 17:02:14 | 000,000,036 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\housecall.guid.cache
[2010/10/18 22:49:18 | 003,285,568 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\RichmondPlunge.pdf
[2010/10/17 23:27:55 | 000,096,687 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\schedule_end_sem.pdf
[2010/10/16 01:47:39 | 000,838,458 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\some_Code.rtf
[2010/10/12 17:49:45 | 000,005,288 | ---- | C] () -- C:\Users\Jim Grice\Desktop\Attach.zip
[2010/10/12 17:49:26 | 000,055,132 | ---- | C] () -- C:\Users\Jim Grice\Desktop\ark.zip
[2010/10/12 16:49:19 | 000,000,000 | ---- | C] () -- C:\Users\Jim Grice\defogger_reenable
[2010/10/11 20:12:00 | 000,004,984 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2010/10/11 20:08:03 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/10/11 20:08:03 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/10/11 20:08:03 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/10/11 20:08:03 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/10/11 20:08:03 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/10/11 20:08:03 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/10/11 17:46:11 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2010/10/11 17:43:04 | 003,866,624 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/10/11 17:43:04 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/10/11 17:43:04 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/10/11 17:42:29 | 003,866,624 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/10/11 17:42:29 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/10/11 17:42:29 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/10/10 17:31:36 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/10 01:07:42 | 000,105,538 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\PersonalMedInvent.pdf
[2010/10/10 01:07:25 | 000,105,538 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\PersonalMedInventjim.pdf
[2010/10/09 22:02:21 | 000,000,836 | ---- | C] () -- C:\Users\Jim Grice\Desktop\KMPlayer.lnk
[2010/10/09 19:54:55 | 000,000,901 | ---- | C] () -- C:\Users\Jim Grice\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/08 20:26:12 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/08 02:36:06 | 000,000,071 | ---- | C] () -- C:\AskScreen.ini
[2010/10/07 21:57:43 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/10/07 21:57:43 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/10/06 04:36:07 | 000,006,864 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\headachePopUps.abw
[2010/10/06 02:20:59 | 002,514,160 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/10/06 02:19:30 | 000,422,316 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistMSI184C.txt
[2010/10/06 02:19:30 | 000,011,378 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistUI184C.txt
[2010/10/06 02:19:30 | 000,010,630 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistUI184D.txt
[2010/10/05 02:02:02 | 000,372,062 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_rdbgexp64_80MSI3CBC.txt
[2010/10/05 02:01:57 | 000,025,452 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_rdbgexp64_80UI3CBC.txt
[2010/10/02 06:32:58 | 000,003,297 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\contactsPersonal.abw
[2010/10/02 04:34:49 | 000,000,063 | -H-- | C] () -- C:\ProgramData\Ts_infos.ini
[2010/09/24 17:45:49 | 000,019,456 | ---- | C] () -- C:\Users\Jim Grice\Downloads\Documents\ORACLEdatabaseInfo.wps
[2010/09/19 19:17:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/09/11 04:37:02 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/11 04:37:02 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/02 04:55:22 | 000,000,023 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\phology
[2010/07/11 19:25:39 | 000,213,176 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SQLCEToolsForVS2007_MSI1C1D.txt
[2010/07/11 19:25:31 | 000,679,618 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SSCERuntime_64_MSI1C03.txt
[2010/07/11 19:25:10 | 001,146,886 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SSCERuntime_MSI1BBE.txt
[2010/07/11 19:23:03 | 012,772,154 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VSMsiLog1A20.txt
[2010/07/11 19:22:50 | 000,340,028 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vc_runtime_x64_msi19F5.txt
[2010/07/11 17:12:55 | 000,337,126 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_HelpSetup_MSI3686.txt
[2010/07/11 17:11:53 | 000,969,068 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI35BB.txt
[2010/07/11 17:11:22 | 002,740,422 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SharedManagementObjects_MSI3556.txt
[2010/07/11 17:11:08 | 000,861,220 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SQLSysClrTypes_msi3528.txt
[2010/07/11 17:10:51 | 001,474,364 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_silverlight_sdk.msi34F1.txt
[2010/07/11 17:10:36 | 000,322,586 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SqlPubWiz_14_msi34C0.txt
[2010/07/11 17:10:31 | 000,126,992 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_AspNetMVC2.msi34B0.txt
[2010/07/11 17:09:28 | 000,441,668 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VWD2010ToolsMVC2.msi33E2.txt
[2010/07/11 17:09:13 | 000,503,996 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_WebDeploy_x64_en-US.msi33B1.txt
[2010/07/11 17:04:17 | 017,755,288 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VSMsiLog2FEA.txt
[2010/07/11 17:03:43 | 001,540,812 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_netfx_dtp2F7B.txt
[2010/07/11 17:03:16 | 001,293,344 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vsexpbsln64_1002F23.txt
[2010/07/11 17:02:30 | 000,451,994 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VC_Red_MSI2E8D.txt
[2010/07/11 17:02:20 | 000,340,276 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vc_runtime_x86_msi2E6C.txt
[2010/07/11 16:55:39 | 000,166,543 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_depcheck_VNS_EXP_100.txt
[2010/07/11 16:55:35 | 000,000,002 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_error_vns_xcor_100.txt
[2010/07/11 16:55:33 | 000,547,972 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_install_vns_xcor_100.txt
[2010/07/09 18:12:41 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/27 19:53:45 | 008,424,206 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\VSMsiLog6BBF.txt
[2010/06/27 19:46:08 | 000,483,124 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vsexpbsln64_10065EE.txt
[2010/06/27 19:45:44 | 001,091,176 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_netfx_dtp659C.txt
[2010/06/27 19:43:25 | 007,705,190 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VSMsiLog63D9.txt
[2010/06/27 19:43:04 | 000,143,080 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SQLCEToolsForVS2007_MSI6395.txt
[2010/06/27 19:42:23 | 000,649,872 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI630C.txt
[2010/06/27 19:42:12 | 000,346,552 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_HelpSetup_MSI62E8.txt
[2010/06/27 19:39:29 | 000,022,160 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_depcheck_VCS_EXP_100.txt
[2010/06/27 19:39:23 | 000,097,700 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_install_vcs_xcor_100.txt
[2010/06/27 19:39:23 | 000,001,396 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_error_vcs_xcor_100.txt
[2010/06/15 03:03:15 | 000,417,650 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistMSI3CC1.txt
[2010/06/15 03:03:15 | 000,011,496 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistUI3CC1.txt
[2010/04/04 19:35:12 | 000,435,974 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistMSI3A60.txt
[2010/04/04 19:35:11 | 000,011,410 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vcredistUI3A60.txt
[2010/02/16 23:08:32 | 000,000,700 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/01/23 22:13:25 | 000,000,000 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\prvlcl.dat
[2009/11/01 12:23:18 | 000,361,312 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_HelpSetup_MSI6F59.txt
[2009/11/01 12:22:55 | 000,897,748 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI6F0D.txt
[2009/11/01 12:14:12 | 001,603,692 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SharedManagementObjects_MSI6862.txt
[2009/11/01 12:13:55 | 000,509,194 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SQLSysClrTypes_msi682A.txt
[2009/11/01 12:13:49 | 000,198,352 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SQLCEToolsForVS2007_MSI6816.txt
[2009/11/01 12:13:35 | 000,701,794 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_SSCERuntime_MSI67E9.txt
[2009/11/01 12:10:44 | 014,014,814 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VSMsiLog65BA.txt
[2009/11/01 12:10:00 | 001,906,848 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_netfx_dtp652B.txt
[2009/11/01 12:09:32 | 001,198,108 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_vsexpbsln64_10064CF.txt
[2009/11/01 05:37:37 | 000,440,892 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VC_Red_MSI38D9.txt
[2009/11/01 05:15:00 | 000,352,899 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_depcheck_VB_EXP_100.txt
[2009/11/01 05:14:52 | 001,533,500 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_install_vb_xcor_100.txt
[2009/11/01 05:14:52 | 000,000,002 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_error_vb_xcor_100.txt
[2009/09/17 06:33:15 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 06:32:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/08 17:14:48 | 010,034,222 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\VSMsiLog5D26.txt
[2009/08/08 17:14:32 | 000,186,326 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI5CF2.txt
[2009/08/08 17:14:28 | 000,200,274 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_WinSDK_ExpTools_x64_MSI5CE1.txt
[2009/08/08 17:13:47 | 001,785,270 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_NET_Framework35_x64_MSI5C5F.txt
[2009/08/08 17:10:55 | 000,329,032 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VC_Red_MSI5A2D.txt
[2009/08/03 20:21:38 | 000,000,033 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\pcouffin.log
[2009/08/03 20:21:14 | 000,099,384 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\inst.exe
[2009/08/03 20:21:14 | 000,007,859 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\pcouffin.cat
[2009/08/03 20:21:14 | 000,001,167 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\pcouffin.inf
[2009/07/24 17:48:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/14 22:17:14 | 000,048,507 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/14 02:42:41 | 000,048,507 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/10 01:05:03 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2009/06/10 01:05:03 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2009/05/24 14:33:33 | 007,349,744 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe
[2009/04/17 20:01:01 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/02/13 23:23:39 | 000,000,097 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\fusioncache.dat
[2009/02/13 22:02:51 | 000,938,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/02/01 22:35:51 | 011,231,892 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\VSMsiLog71DB.txt
[2009/02/01 22:35:42 | 000,201,402 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI71C1.txt
[2009/02/01 22:35:36 | 000,214,522 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_WinSDK_ExpTools_x64_MSI71AD.txt
[2009/02/01 22:35:27 | 001,202,510 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_ExpRemoteDbg_x64_MSI7190.txt
[2009/02/01 22:33:40 | 002,484,758 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_NET_Framework35_x64_MSI7032.txt
[2009/02/01 22:19:21 | 000,396,661 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/02/01 22:19:18 | 000,443,934 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_dotnetfx35install.txt
[2009/02/01 22:19:18 | 000,000,002 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_dotnetfx35error.txt
[2009/02/01 22:18:54 | 000,422,874 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_VC_Red_MSI64E5.txt
[2009/02/01 22:12:30 | 000,521,986 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_depcheck_VB_EXP_90.txt
[2009/02/01 22:12:26 | 001,178,324 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_install_vb_xcor_90.txt
[2009/02/01 22:12:26 | 000,403,300 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\uxeventlog.txt
[2009/02/01 22:12:26 | 000,000,002 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\dd_error_vb_xcor_90.txt
[2008/12/02 00:07:23 | 000,000,680 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\d3d9caps.dat
[2008/11/30 18:18:48 | 000,124,432 | ---- | C] () -- C:\Windows\SysWow64\PanInstaller.dll
[2008/11/30 18:18:46 | 000,083,480 | ---- | C] () -- C:\Windows\SysWow64\FirstLoad.dll
[2008/09/03 04:06:24 | 000,000,128 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/02 01:14:42 | 000,011,320 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\wklnhst.dat
[2008/09/02 01:11:18 | 000,027,070 | ---- | C] () -- C:\Users\Jim Grice\AppData\Roaming\UserTile.png
[2008/09/01 23:30:23 | 000,090,112 | ---- | C] () -- C:\Users\Jim Grice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/09 16:31:50 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/09 16:31:50 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll

========== LOP Check ==========

[2009/02/13 21:13:04 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\.BitTornado
[2009/04/24 04:58:12 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Amphetype
[2009/03/21 23:31:47 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Azureus
[2009/06/04 02:25:30 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Badongo Toolbar
[2009/06/04 02:11:32 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\BitZipper
[2009/11/08 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\BNeReader
[2009/10/17 16:15:19 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\CBS Interactive
[2009/02/22 13:53:24 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/09 10:39:43 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/09/27 00:21:37 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\CometPlayer
[2010/06/12 21:28:20 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\COWON
[2008/09/04 03:53:33 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\DreamNavigator
[2010/06/15 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\enchant
[2008/09/02 19:20:32 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\FDRLab
[2009/06/01 23:24:52 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\FFSJ
[2010/05/20 22:23:14 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\foobar2000
[2010/10/19 17:37:50 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\FreshDiagnose
[2010/10/13 21:31:04 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\FreshHTML
[2010/10/22 22:43:05 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\FrostWire
[2010/01/07 03:05:49 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\GlarySoft
[2009/07/29 22:11:45 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\gtk-2.0
[2010/10/21 01:27:58 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\IObit
[2009/02/03 22:29:55 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\iWin
[2010/04/04 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Leadertech
[2009/04/17 19:49:09 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Megaupload
[2010/05/20 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\MiguMusic
[2010/03/18 10:42:42 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\OpenCandy
[2010/03/22 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\OpenOffice.org
[2009/09/28 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Paltalk
[2009/05/13 15:05:47 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\PandoraTV
[2009/07/28 23:58:04 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Participatory Culture Foundation
[2008/09/02 01:11:18 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\PeerNetworking
[2010/09/27 03:04:51 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\PhotoScape
[2010/05/20 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\PPLive
[2010/08/28 00:38:25 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Spider Player
[2009/12/26 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\StarOffice8
[2008/09/02 01:17:16 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Template
[2010/08/12 04:52:57 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\TheSage
[2010/09/27 00:21:31 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\TigerPlayer
[2010/05/21 06:53:56 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Transparent
[2010/07/21 03:46:58 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\TreeSheetsdbs
[2010/10/09 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\TweakNow PowerPack 2010
[2010/06/12 21:24:36 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\uTorrent
[2009/08/07 22:43:03 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Vso
[2009/06/04 20:52:15 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\WeatherBug
[2008/09/02 00:13:52 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\WildTangent
[2008/09/09 17:32:42 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\WinBatch
[2010/07/28 03:43:52 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\Windows Live Writer
[2010/06/15 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\WordWeb
[2010/09/19 16:44:57 | 000,000,000 | ---D | M] -- C:\Users\Jim Grice\AppData\Roaming\ZiggyTV
[2010/10/23 10:55:20 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/10/23 10:55:21 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2010/10/23 09:40:28 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 PM

Posted 24 October 2010 - 11:44 AM

Okay, Jim, let's see what the reboot brings.

Reboot and let me know what symptoms remain. :thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users