Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet another (or the same) redirect virus


  • This topic is locked This topic is locked
42 replies to this topic

#1 pacotheus

pacotheus

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:06:58 AM

Posted 29 March 2011 - 11:34 AM

I also have a google redirect virus going on. I also cannot go to the eset.com or malwarebytes.com webpages and suspect this is the doing of the virus(es). In fact, when I run gmer I also get an error message that closes it. Here is the DDS file produced just now:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dr. Gorski at 10:38:59.12 on Tue 03/29/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2687 [GMT -5:00]
.
AV: Bsecure AntiVirus 1.1 *Enabled/Outdated* {BBA75CBF-065F-45F0-AAFA-2AD00C61EED9}
AV: *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Bsecure Firewall 1.1 *Disabled*
FW: *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Secunia\PSI\PSI_TRAY.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2D4.tmp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Dr. Gorski\Local Settings\Temporary Internet Files\Content.IE5\IVJVOYEW\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.obgdoc.com/
uDefault_Page_URL = hxxp://www.msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlusUninst_Adobe.exe" /Get1noarp
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: bitdefender.com
Trusted Zone: microsoft.com\support
Trusted Zone: symantec.com\www
Trusted Zone: trendmicro.com\www
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://12.71.199.20/program/SonySncRz25View.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ingenix.webex.com/client/T25L10NSP41EP7/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.165.174,93.188.160.234
TCP: {9A428404-34A1-4914-92F3-6AFE99F384AA} = 93.188.165.174,93.188.160.234
Notify: AutorunsDisabled - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth
.


ADDENDUM: OK, got GMER to run finally, and it comes up witha warning box: "WARNING !!! GMER has found system modification caused by ROOTKIT activity." - and this is after I ran MBAM which found a bunch of things which I OK'ed it to eliminate and then could not connect to the internet - so I had to do a system restore from before running MBAM. And, interetingly, there were no system restore points from before all my problems started - did the malware get rid of those too?! Anyway, GMER said: (attached)

Attached Files


Edited by pacotheus, 29 March 2011 - 04:25 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:58 AM

Posted 29 March 2011 - 04:46 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 pacotheus

pacotheus
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:06:58 AM

Posted 30 March 2011 - 07:11 AM

First of all, THANK YOU SO VERY MUCH for helping me!!!!

I ran TDSSKiller - it found a threat and I clicked to continue and it wanted to reboot and I rebooted. When the machine came back on, Skyope opened up on its own. I closed it. I came back here and clicked to open the OTL mirror download site given in your message. A new window opened for http://oldtimer.geekstogo.com/OTL.exe but then it went to an ad/spam website. When I clicked back it gave me an error message "Internet Explorer cannot display the webpage." I happened to have OTL on my desktop already (but, obviously, not the latest version) so I ran that. Here is what it returned:

OTL logfile created on: 3/30/2011 7:06:15 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Dr. Gorski\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.03 Gb Total Space | 0.50 Gb Free Space | 0.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.38 Gb Total Space | 4.08 Gb Free Space | 93.01% Space Free | Partition Type: UDF2.00
Drive F: | 931.51 Gb Total Space | 0.66 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
Drive G: | 1862.96 Gb Total Space | 850.22 Gb Free Space | 45.64% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PHYSICIAN
Current User Name: Dr. Gorski
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2011/01/31 01:36:36 | 000,038,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/11/29 08:51:01 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/08/28 11:56:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Gorski\Desktop\OTL.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2006/08/14 01:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/08/10 12:10:14 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/10 11:38:54 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/07/31 09:00:00 | 001,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/06/12 10:01:14 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
PRC - [2006/05/16 12:35:08 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2006/05/15 19:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe
PRC - [2006/04/26 07:39:18 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/04/26 07:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/20 15:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/01/30 17:11:48 | 000,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/29 08:51:21 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/28 11:56:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Gorski\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
MOD - [2008/04/14 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/16 12:34:22 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2006/05/16 12:33:06 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wbem\svchost.exe -- (svchost32)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/02/03 10:05:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/16 11:12:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2006/06/12 10:01:14 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/05/15 19:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2006/04/26 07:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel®
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/22 11:01:09 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/14 07:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 07:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 07:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 07:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 07:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 07:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 07:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 07:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 07:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 07:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 07:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 07:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 07:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 07:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 07:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2007/06/04 01:35:06 | 000,029,184 | ---- | M] (ARK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arkusbcam.sys -- (arkusbcam)
DRV - [2006/08/09 04:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 09:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 09:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 09:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 09:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 09:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 09:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 09:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 09:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/04 08:37:28 | 000,099,208 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2006/08/01 20:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 20:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/01 19:46:34 | 000,051,800 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/05/01 07:09:32 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/26 05:23:52 | 000,250,880 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/03/20 15:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/07 17:55:36 | 001,480,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/09 15:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/05/17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [1998/08/18 07:03:20 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HPFECP16.SYS -- (HPFECP16)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.obgdoc.com/
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.obgdoc.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.7
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/29 08:51:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 10:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/30 07:01:20 | 000,000,000 | ---D | M]

[2010/03/26 10:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Gorski\Application Data\Mozilla\Extensions
[2010/08/23 10:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Gorski\Application Data\Mozilla\Firefox\Profiles\1y74fi5e.default\extensions
[2010/07/29 18:02:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dr. Gorski\Application Data\Mozilla\Firefox\Profiles\1y74fi5e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/29 18:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Gorski\Application Data\Mozilla\Firefox\Profiles\1y74fi5e.default\extensions\artur.dubovoy@gmail.com
[2011/03/29 10:35:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 13:22:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2010/06/19 12:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32(2).dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/08/29 14:25:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..Trusted Domains: bitdefender.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..Trusted Domains: symantec.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..Trusted Domains: trendmicro.com ([www] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} http://12.71.199.20/program/SonySncRz25View.cab (Sony SNC-RZ25 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ingenix.webex.com/client/T25L10NSP41EP7/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.174,93.188.160.234
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/30 13:48:32 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/17 17:05:05 | 000,000,000 | ---D | M] - F:\Auto Focus (Ita-Eng-Spa) -- [ NTFS ]
O32 - AutoRun File - [2010/08/30 13:48:33 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{9db228c1-c2c8-11dc-9bd4-00188b8aa8d3}\Shell\AutoRun\command - "" = G:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{9db228c1-c2c8-11dc-9bd4-00188b8aa8d3}\Shell\Flip Video for PC\command - "" = G:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d00ece92-d7b1-11df-9c9c-00188b8aa8d3}\Shell\AutoRun\command - "" = J:\MI.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 06:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\Desktop\tdsskiller
[2011/03/29 10:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/03/29 10:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\Secunia PSI
[2011/03/29 10:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/03/05 17:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\My Documents\FLV2WMV
[2011/03/05 17:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\Application Data\FLV2WMV
[2011/03/05 17:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Flv to Wmv Converter
[2011/03/05 17:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\WMTools Downloaded Files
[2011/03/02 17:13:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/03/01 17:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\Deployment
[2006/07/11 14:29:00 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 30 Days ==========

[2011/03/30 07:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 07:01:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1404071232-436751193-1796547498-1006.job
[2011/03/30 07:01:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/30 07:01:17 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1404071232-436751193-1796547498-1006.job
[2011/03/30 07:01:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/30 06:58:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/03/30 06:58:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/30 06:56:29 | 011,104,256 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\ntuser.dat
[2011/03/30 06:56:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dr. Gorski\ntuser.ini
[2011/03/30 06:55:59 | 002,108,860 | -H-- | M] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\IconCache.db
[2011/03/30 06:53:13 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Desktop\tdsskiller.zip
[2011/03/29 17:55:15 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 11:33:28 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Desktop\Attach.zip
[2011/03/29 11:23:14 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Desktop\gmer.zip
[2011/03/29 10:35:48 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/29 10:33:50 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/29 10:23:05 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/29 10:13:47 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/03/26 08:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/25 19:34:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/25 19:07:39 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/16 08:43:32 | 000,530,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/03/16 08:43:32 | 000,446,804 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/16 08:43:32 | 000,073,416 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/16 03:00:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/11 20:30:05 | 032,853,168 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\rx_image.Cache
[2011/03/11 20:30:05 | 002,108,000 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\rx_audio.Cache
[2011/03/07 22:21:16 | 014,396,350 | ---- | M] () -- C:\DR000017.mp3

========== Files Created - No Company Name ==========

[2011/03/30 06:53:10 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Desktop\tdsskiller.zip
[2011/03/29 11:33:28 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Desktop\Attach.zip
[2011/03/29 10:33:50 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/29 10:13:47 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/03/28 05:32:10 | 011,104,256 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\ntuser.dat
[2011/03/07 22:20:12 | 014,396,350 | ---- | C] () -- C:\DR000017.mp3
[2011/01/12 19:03:37 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2011/01/12 19:03:36 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/14 20:09:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\housecall.guid.cache
[2010/07/12 18:53:30 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SonySNCRZ25.ini
[2009/11/06 17:03:21 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\drivers\uninstall.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/11 20:04:59 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/15 15:28:29 | 000,000,119 | ---- | C] () -- C:\WINDOWS\System32\msremoval.ini
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 16:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 16:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/22 10:20:20 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\winetframework.dll
[2007/11/06 12:28:18 | 000,000,078 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/07/16 10:28:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2007/07/14 17:47:33 | 000,000,237 | ---- | C] () -- C:\WINDOWS\HPFTBX16.INI
[2007/06/17 11:03:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/06/01 22:45:06 | 000,861,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\FaceDll.sys
[2007/05/04 21:02:45 | 002,108,000 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\rx_audio.Cache
[2007/04/23 20:53:24 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Application Data\DMX.bmk
[2007/04/15 14:52:29 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2007/04/15 14:51:42 | 032,853,168 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\rx_image.Cache
[2007/04/15 12:26:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/02/18 08:56:20 | 001,024,000 | ---- | C] () -- C:\WINDOWS\System32\ewmpegco.dll
[2007/01/02 10:40:16 | 001,483,776 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2007/01/02 10:39:31 | 000,187,392 | ---- | C] () -- C:\WINDOWS\LTANN62N.DLL
[2007/01/02 10:39:31 | 000,076,288 | ---- | C] () -- C:\WINDOWS\LTIMG62N.DLL
[2007/01/02 10:39:31 | 000,047,616 | ---- | C] () -- C:\WINDOWS\LFTIF62N.DLL
[2007/01/02 10:39:31 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL62N.DLL
[2007/01/02 10:39:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\LTWND62N.DLL
[2007/01/02 10:39:31 | 000,027,136 | ---- | C] () -- C:\WINDOWS\LFLMA62N.DLL
[2007/01/02 10:39:31 | 000,024,064 | ---- | C] () -- C:\WINDOWS\LTTWN62N.DLL
[2007/01/02 10:39:31 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX62N.DLL
[2007/01/02 10:39:31 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFLMB62N.DLL
[2007/01/02 10:39:31 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFPCT62N.DLL
[2007/01/02 10:39:31 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFBMP62N.DLL
[2007/01/02 10:39:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD62N.DLL
[2007/01/02 10:39:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFWMF62N.DLL
[2007/01/02 10:39:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA62N.DLL
[2007/01/02 10:39:31 | 000,019,456 | ---- | C] () -- C:\WINDOWS\LFWPG62N.DLL
[2007/01/02 10:39:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS62N.DLL
[2007/01/02 10:39:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFMSP62N.DLL
[2007/01/02 10:39:31 | 000,017,920 | ---- | C] () -- C:\WINDOWS\LFMAC62N.DLL
[2007/01/02 10:39:31 | 000,017,408 | ---- | C] () -- C:\WINDOWS\LFWFX62N.DLL
[2007/01/02 10:39:30 | 000,175,616 | ---- | C] () -- C:\WINDOWS\LFFAX62N.DLL
[2007/01/02 10:39:30 | 000,158,720 | ---- | C] () -- C:\WINDOWS\LFCMP62N.DLL
[2007/01/02 10:39:30 | 000,116,736 | ---- | C] () -- C:\WINDOWS\PCDLIB32.DLL
[2007/01/02 10:39:30 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG62N.DLL
[2007/01/02 10:39:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\LFICA62N.DLL
[2007/01/02 10:39:30 | 000,022,528 | ---- | C] () -- C:\WINDOWS\LFEPS62N.DLL
[2007/01/02 10:39:30 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF62N.DLL
[2007/01/02 10:39:30 | 000,018,944 | ---- | C] () -- C:\WINDOWS\LFIMG62N.DLL
[2007/01/02 10:39:30 | 000,017,920 | ---- | C] () -- C:\WINDOWS\LFCAL62N.DLL
[2007/01/02 10:39:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/01/02 10:38:54 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll
[2006/12/06 21:47:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/16 23:23:23 | 000,002,627 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/11 06:21:33 | 000,158,720 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/10 21:05:00 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\fusioncache.dat
[2006/10/27 08:45:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/27 08:42:56 | 000,000,393 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/27 08:39:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/27 08:36:13 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/10/27 08:36:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/10/27 08:20:11 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/15 14:54:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/09 04:19:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/08/09 04:19:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/09 01:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2006/05/22 08:37:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/05/22 08:32:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/05/22 08:32:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/05/22 08:32:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/05/22 08:31:52 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/05/22 08:31:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/05/22 08:31:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/05/22 08:31:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/05/22 08:31:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/05/22 08:31:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/05/22 08:31:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/05/16 12:34:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/05/16 12:33:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/05/15 19:08:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/05/15 18:52:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/05/15 18:52:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/05/15 18:51:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/05/15 18:51:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/05/15 18:51:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/05/15 18:51:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/05/15 18:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/05/15 18:51:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/05/15 18:50:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/05/15 18:50:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2005/12/01 14:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/09/20 13:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/11 17:24:19 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/21 15:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 14:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/03/18 18:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/01/27 07:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[1998/08/18 07:52:28 | 000,003,782 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk16.ini
[1998/08/18 07:32:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl16.dll
[1998/08/18 07:32:50 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl16.dll
[1998/08/18 07:32:44 | 000,291,840 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl16.dll
[1998/08/18 07:32:40 | 001,145,344 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl16.dll
[1998/08/18 07:28:04 | 000,193,536 | ---- | C] () -- C:\WINDOWS\System32\HPFcps16.dll
[1998/08/18 07:27:34 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r16.dll
[1998/08/18 07:26:24 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst16.dll
[1998/08/18 07:24:42 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HPFpcl16.dll
[1998/08/18 07:17:46 | 000,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui16.dll
[1998/08/18 07:11:30 | 000,266,752 | ---- | C] () -- C:\WINDOWS\System32\HPFwin16.dll
[1998/08/18 07:07:50 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon16.dll
[1998/08/18 07:07:10 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl16.dll
[1998/08/18 07:05:10 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFnet16.dll
[1998/08/18 07:04:58 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop16.dll
[1998/08/18 07:04:46 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml16.dll
[1998/08/18 07:04:40 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc16.dll
[1998/08/18 07:04:34 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem16.dll
[1998/08/18 07:04:28 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm16.dll
[1998/08/18 07:04:18 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom16.dll
[1998/08/18 07:03:20 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp16.sys
[1998/08/18 07:02:32 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu16.dll
[1998/08/18 07:02:02 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa16.dll
[1998/08/18 06:57:32 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg16.dll
[1998/08/18 06:54:10 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Dr. Gorski\My Documents\Production 1.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Dr. Gorski\My Documents\My Videos:Roxio EMC Stream
< End of report >

Edited by pacotheus, 30 March 2011 - 07:13 AM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:58 AM

Posted 30 March 2011 - 09:38 AM

Good Morning pacotheus,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.174,93.188.160.234
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Please check to see if you're now able to download the latest version of OTL from the previous link provided to you before.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 pacotheus

pacotheus
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:06:58 AM

Posted 30 March 2011 - 10:10 AM

Still unable to DL the latest OTL. If I can get to another computer would it make sense to DL it to a thumbdrive and get it on my computer that way?

Here is the logfile after I put that code into the OTL I have and it rebooted:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dr. Gorski\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dr. Gorski\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Dr. Gorski
->Temp folder emptied: 948078451 bytes
->Temporary Internet Files folder emptied: 293508292 bytes
->Java cache emptied: 7325383 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 5958948 bytes
->Flash cache emptied: 200954 bytes

User: DR980A~1~GOR

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 66551 bytes

User: NetworkService
->Temp folder emptied: 494666 bytes
->Temporary Internet Files folder emptied: 46813923 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63547909 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13708292 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,316.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Dr. Gorski
->Flash cache emptied: 0 bytes

User: DR980A~1~GOR

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 03302011_095804

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:58 AM

Posted 30 March 2011 - 10:13 AM

What is happening when you attempt to download OTL to your computer? Is it still being redirected?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 pacotheus

pacotheus
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:06:58 AM

Posted 30 March 2011 - 10:21 AM

I get this error message when trying to connect to http://oldtimer.geekstogo.com/OTL.exe or http://oldtimer.geekstogo.com/


Internet Explorer cannot display the webpage

What you can try:
Diagnose Connection Problems

More information

This problem can be caused by a variety of issues, including:
Internet connectivity has been lost.The website is temporarily unavailable.The Domain Name Server (DNS) is not reachable.The Domain Name Server (DNS) does not have a listing for the website's domain.There might be a typing error in the address.If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
For offline users
You can still view subscribed feeds and some recently viewed webpages.
To view subscribed feeds
Click the Favorites Center button , click Feeds, and then click the feed you want to view.
To view recently visited webpages (might not work on all pages)
Click Tools , and then click Work Offline.Click the Favorites Center button , click History, and then click the page you want to view.




just like with trying to connect to malwarebytes.org

trying to go to eset.com (I'm not running these other programs, just noting that I can't get to them) gives me a "The webpage cannot be found" error.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:58 AM

Posted 30 March 2011 - 10:22 AM

Can you try accessing them in Firefox?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 pacotheus

pacotheus
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:06:58 AM

Posted 30 March 2011 - 10:27 AM

Firefox returns this error:

Server not found
Firefox can't find the server at oldtimer.geekstogo.com.
* Check the address for typing errors such as
ww.example.com instead of
www.example.com
* If you are unable to load any pages, check your computer's network
connection.
* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.


Would it work to DL from another computer and email it to myself from there?

Also, apparently I have the 3.6.14 version of Firefox on this machine - should I upgrade to 4 and try again?

Edited by pacotheus, 30 March 2011 - 10:29 AM.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:58 AM

Posted 30 March 2011 - 10:28 AM

Would it work to DL from another computer and email it to myself from there?

Yeah, that should work.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 pacotheus

pacotheus
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:06:58 AM

Posted 30 March 2011 - 10:54 AM

My goodness - when I opened the email in my outlook express the option to save the OTL.exe was greyed-out ! I was able to get to that email from a web-based app and saved it to my desktop. Now have run that and get:

OTL logfile created on: 3/30/2011 10:39:04 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dr. Gorski\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.03 Gb Total Space | 1.75 Gb Free Space | 0.59% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.08 Gb Free Space | 93.01% Space Free | Partition Type: UDF2.00
Drive F: | 931.51 Gb Total Space | 0.66 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
Drive G: | 1862.96 Gb Total Space | 850.22 Gb Free Space | 45.64% Space Free | Partition Type: NTFS

Computer Name: PHYSICIAN | User Name: Dr. Gorski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 10:38:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Gorski\Desktop\OTL.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/11/29 08:51:01 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2006/08/14 01:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/08/10 12:10:14 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/10 11:38:54 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/07/31 09:00:00 | 001,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/06/12 10:01:14 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
PRC - [2006/05/16 12:35:08 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2006/05/15 19:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe
PRC - [2006/04/26 07:39:18 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/04/26 07:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/20 15:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/01/30 17:11:48 | 000,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe


========== Modules (SafeList) ==========

MOD - [2011/03/30 10:38:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Gorski\Desktop\OTL.exe
MOD - [2010/11/29 08:51:21 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
MOD - [2006/05/16 12:34:22 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2006/05/16 12:33:06 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (svchost32)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/02/03 10:05:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/16 11:12:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2006/06/12 10:01:14 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/05/15 19:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2006/04/26 07:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel®
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2007/06/04 01:35:06 | 000,029,184 | ---- | M] (ARK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arkusbcam.sys -- (arkusbcam)
DRV - [2006/08/09 04:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 09:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 09:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 09:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 09:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 09:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 09:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 09:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 09:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 20:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 20:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/05/01 07:09:32 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/20 15:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/07 17:55:36 | 001,480,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/09 15:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [1998/08/18 07:03:20 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HPFECP16.SYS -- (HPFECP16)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.obgdoc.com/
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.obgdoc.com/"
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.7
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/29 08:51:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 10:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/30 07:01:20 | 000,000,000 | ---D | M]

[2010/03/26 10:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dr. Gorski\Application Data\Mozilla\Extensions
[2011/03/30 10:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dr. Gorski\Application Data\Mozilla\Firefox\Profiles\1y74fi5e.default\extensions
[2010/07/29 18:02:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dr. Gorski\Application Data\Mozilla\Firefox\Profiles\1y74fi5e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/29 18:02:08 | 000,000,000 | ---D | M] ("Flash Video Downloader (Youtube Downloader)") -- C:\Documents and Settings\Dr. Gorski\Application Data\Mozilla\Firefox\Profiles\1y74fi5e.default\extensions\artur.dubovoy@gmail.com
[2011/03/30 10:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 13:22:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/29 08:51:21 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/05/08 07:59:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\DR. GORSKI\APPLICATION DATA\MOVE NETWORKS
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2010/06/19 12:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32(2).dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2011/03/30 09:58:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..Trusted Domains: bitdefender.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..Trusted Domains: symantec.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..Trusted Domains: trendmicro.com ([www] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} http://12.71.199.20/program/SonySncRz25View.cab (Sony SNC-RZ25 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ingenix.webex.com/client/T25L10NSP41EP7/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/30 13:48:32 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/17 17:05:05 | 000,000,000 | ---D | M] - F:\Auto Focus (Ita-Eng-Spa) -- [ NTFS ]
O32 - AutoRun File - [2010/08/30 13:48:33 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{9db228c1-c2c8-11dc-9bd4-00188b8aa8d3}\Shell\AutoRun\command - "" = G:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{9db228c1-c2c8-11dc-9bd4-00188b8aa8d3}\Shell\Flip Video for PC\command - "" = G:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{d00ece92-d7b1-11df-9c9c-00188b8aa8d3}\Shell\AutoRun\command - "" = J:\MI.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 06:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\Desktop\tdsskiller
[2011/03/29 10:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/03/29 10:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/03/29 10:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\Secunia PSI
[2011/03/29 10:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/03/05 17:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\My Documents\FLV2WMV
[2011/03/05 17:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\Application Data\FLV2WMV
[2011/03/05 17:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Flv to Wmv Converter
[2011/03/05 17:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\WMTools Downloaded Files
[2011/03/02 17:13:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/03/01 17:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\Deployment
[2006/07/11 14:29:00 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 30 Days ==========

[2011/03/30 10:38:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Gorski\Desktop\OTL.exe
[2011/03/30 10:36:17 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1404071232-436751193-1796547498-1006.job
[2011/03/30 10:36:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1404071232-436751193-1796547498-1006.job
[2011/03/30 10:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 10:04:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/30 10:04:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/30 10:03:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/30 09:58:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/30 08:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/30 06:53:13 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Desktop\tdsskiller.zip
[2011/03/29 17:55:15 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 11:33:28 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Desktop\Attach.zip
[2011/03/29 11:23:14 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Desktop\gmer.zip
[2011/03/29 10:35:48 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/29 10:33:50 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/29 10:23:05 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/29 10:13:47 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/03/25 19:34:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/25 19:07:39 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/16 08:43:32 | 000,446,804 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/16 08:43:32 | 000,073,416 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/16 03:00:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/11 20:30:05 | 032,853,168 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\rx_image.Cache
[2011/03/11 20:30:05 | 002,108,000 | ---- | M] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\rx_audio.Cache
[2011/03/07 22:21:16 | 014,396,350 | ---- | M] () -- C:\DR000017.mp3

========== Files Created - No Company Name ==========

[2011/03/30 06:53:10 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Desktop\tdsskiller.zip
[2011/03/29 11:33:28 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Desktop\Attach.zip
[2011/03/29 10:33:50 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/29 10:33:50 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/29 10:13:47 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/03/29 10:13:47 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/03/07 22:20:12 | 014,396,350 | ---- | C] () -- C:\DR000017.mp3
[2011/01/12 19:03:36 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/14 20:09:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\housecall.guid.cache
[2010/07/12 18:53:30 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SonySNCRZ25.ini
[2010/03/17 21:07:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/12 17:40:11 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\VideoConverter_sysquict.dat
[2009/11/06 17:22:05 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\uninstall.exe
[2009/11/06 17:03:21 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\drivers\uninstall.ini
[2009/10/19 20:17:24 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/11 20:04:59 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/16 09:59:18 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/02/07 09:49:38 | 000,002,709 | ---- | C] () -- C:\WINDOWS\System32\coshedllwin.dat
[2008/12/15 15:28:29 | 000,000,119 | ---- | C] () -- C:\WINDOWS\System32\msremoval.ini
[2008/09/29 12:59:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/28 18:49:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\msremoval.dat
[2007/11/22 10:20:20 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\winetframework.dll
[2007/11/06 12:28:18 | 000,000,078 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/07/16 10:28:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2007/07/14 17:47:33 | 000,000,237 | ---- | C] () -- C:\WINDOWS\HPFTBX16.INI
[2007/06/17 11:03:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/06/01 22:45:06 | 000,861,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\FaceDll.sys
[2007/05/30 04:20:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\Ark3188Reg.exe
[2007/05/04 21:02:45 | 002,108,000 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\rx_audio.Cache
[2007/04/23 20:53:24 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Application Data\DMX.bmk
[2007/04/15 14:51:42 | 032,853,168 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\rx_image.Cache
[2007/04/15 12:26:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/03/01 13:39:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\pnxetkey.dat
[2007/02/18 08:56:20 | 001,024,000 | ---- | C] () -- C:\WINDOWS\System32\ewmpegco.dll
[2007/01/02 10:40:16 | 001,483,776 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2007/01/02 10:39:31 | 000,187,392 | ---- | C] () -- C:\WINDOWS\LTANN62N.DLL
[2007/01/02 10:39:31 | 000,076,288 | ---- | C] () -- C:\WINDOWS\LTIMG62N.DLL
[2007/01/02 10:39:31 | 000,047,616 | ---- | C] () -- C:\WINDOWS\LFTIF62N.DLL
[2007/01/02 10:39:31 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL62N.DLL
[2007/01/02 10:39:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\LTWND62N.DLL
[2007/01/02 10:39:31 | 000,027,136 | ---- | C] () -- C:\WINDOWS\LFLMA62N.DLL
[2007/01/02 10:39:31 | 000,024,064 | ---- | C] () -- C:\WINDOWS\LTTWN62N.DLL
[2007/01/02 10:39:31 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX62N.DLL
[2007/01/02 10:39:31 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFLMB62N.DLL
[2007/01/02 10:39:31 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFPCT62N.DLL
[2007/01/02 10:39:31 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFBMP62N.DLL
[2007/01/02 10:39:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD62N.DLL
[2007/01/02 10:39:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFWMF62N.DLL
[2007/01/02 10:39:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA62N.DLL
[2007/01/02 10:39:31 | 000,019,456 | ---- | C] () -- C:\WINDOWS\LFWPG62N.DLL
[2007/01/02 10:39:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS62N.DLL
[2007/01/02 10:39:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFMSP62N.DLL
[2007/01/02 10:39:31 | 000,017,920 | ---- | C] () -- C:\WINDOWS\LFMAC62N.DLL
[2007/01/02 10:39:31 | 000,017,408 | ---- | C] () -- C:\WINDOWS\LFWFX62N.DLL
[2007/01/02 10:39:30 | 000,175,616 | ---- | C] () -- C:\WINDOWS\LFFAX62N.DLL
[2007/01/02 10:39:30 | 000,158,720 | ---- | C] () -- C:\WINDOWS\LFCMP62N.DLL
[2007/01/02 10:39:30 | 000,116,736 | ---- | C] () -- C:\WINDOWS\PCDLIB32.DLL
[2007/01/02 10:39:30 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG62N.DLL
[2007/01/02 10:39:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\LFICA62N.DLL
[2007/01/02 10:39:30 | 000,022,528 | ---- | C] () -- C:\WINDOWS\LFEPS62N.DLL
[2007/01/02 10:39:30 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF62N.DLL
[2007/01/02 10:39:30 | 000,018,944 | ---- | C] () -- C:\WINDOWS\LFIMG62N.DLL
[2007/01/02 10:39:30 | 000,017,920 | ---- | C] () -- C:\WINDOWS\LFCAL62N.DLL
[2007/01/02 10:39:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/01/02 10:38:54 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll
[2006/12/06 21:47:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/16 23:23:23 | 000,002,627 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/13 13:03:21 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2006/11/11 06:21:33 | 000,158,720 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/10 21:05:00 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Dr. Gorski\Local Settings\Application Data\fusioncache.dat
[2006/10/27 08:45:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/27 08:42:56 | 000,000,393 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/27 08:39:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/27 08:36:13 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/10/27 08:36:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/10/27 08:20:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/10/27 08:20:50 | 000,121,994 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/10/27 08:20:11 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/15 14:54:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/09 04:19:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/08/09 04:19:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/09 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2006/08/09 01:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2006/06/12 10:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2006/05/25 02:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2006/05/22 08:37:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/05/22 08:32:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/05/22 08:32:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/05/22 08:32:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/05/22 08:31:52 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/05/22 08:31:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/05/22 08:31:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/05/22 08:31:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/05/22 08:31:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/05/22 08:31:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/05/22 08:31:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/05/16 12:34:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/05/16 12:33:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/05/15 19:08:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/05/15 18:52:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/05/15 18:52:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/05/15 18:51:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/05/15 18:51:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/05/15 18:51:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/05/15 18:51:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/05/15 18:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/05/15 18:51:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/05/15 18:50:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/05/15 18:50:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2005/12/01 14:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/09/20 13:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/04/15 11:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 11:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/11 17:24:19 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 002,250,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:28 | 000,446,804 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,073,416 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/21 15:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 14:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/03/18 18:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/01/27 07:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[1998/11/02 01:26:17 | 000,036,352 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[1998/08/18 07:53:00 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\HPFcfg16.exe
[1998/08/18 07:52:28 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk16.exe
[1998/08/18 07:52:28 | 000,003,782 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk16.ini
[1998/08/18 07:50:20 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\HPFtbx16.exe
[1998/08/18 07:46:46 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFhid16.exe
[1998/08/18 07:32:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl16.dll
[1998/08/18 07:32:50 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl16.dll
[1998/08/18 07:32:44 | 000,291,840 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl16.dll
[1998/08/18 07:32:40 | 001,145,344 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl16.dll
[1998/08/18 07:28:04 | 000,193,536 | ---- | C] () -- C:\WINDOWS\System32\HPFcps16.dll
[1998/08/18 07:27:34 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r16.dll
[1998/08/18 07:26:24 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst16.dll
[1998/08/18 07:24:42 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HPFpcl16.dll
[1998/08/18 07:17:46 | 000,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui16.dll
[1998/08/18 07:11:30 | 000,266,752 | ---- | C] () -- C:\WINDOWS\System32\HPFwin16.dll
[1998/08/18 07:07:50 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon16.dll
[1998/08/18 07:07:10 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl16.dll
[1998/08/18 07:05:10 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFnet16.dll
[1998/08/18 07:04:58 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop16.dll
[1998/08/18 07:04:46 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml16.dll
[1998/08/18 07:04:40 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc16.dll
[1998/08/18 07:04:34 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem16.dll
[1998/08/18 07:04:28 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm16.dll
[1998/08/18 07:04:18 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom16.dll
[1998/08/18 07:03:20 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp16.sys
[1998/08/18 07:02:32 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu16.dll
[1998/08/18 07:02:02 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa16.dll
[1998/08/18 06:57:32 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg16.dll
[1998/08/18 06:54:10 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Dr. Gorski\My Documents\Production 1.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Dr. Gorski\My Documents\My Videos:Roxio EMC Stream

< End of report >

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:58 AM

Posted 30 March 2011 - 11:02 AM

Hello,

Do you recognize this file?

C:\DR000017.mp3

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (svchost32)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    IE - HKU\S-1-5-21-1404071232-436751193-1796547498-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O33 - MountPoints2\{9db228c1-c2c8-11dc-9bd4-00188b8aa8d3}\Shell\AutoRun\command - "" = G:\system\viewer\FlipVideoforPC.exe
    O33 - MountPoints2\{9db228c1-c2c8-11dc-9bd4-00188b8aa8d3}\Shell\Flip Video for PC\command - "" = G:\system\viewer\FlipVideoforPC.exe
    O33 - MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\Shell - "" = AutoRun
    O33 - MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{d00ece92-d7b1-11df-9c9c-00188b8aa8d3}\Shell\AutoRun\command - "" = J:\MI.exe
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launch.exe
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 pacotheus

pacotheus
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:06:58 AM

Posted 30 March 2011 - 11:13 AM

yes, that mp3 is an audio file that I made using my TASCAM DR-07

Should I still run the fix using that code?

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:58 AM

Posted 30 March 2011 - 11:18 AM

Should I still run the fix using that code?

Yes

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 pacotheus

pacotheus
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:06:58 AM

Posted 30 March 2011 - 11:23 AM

OK, done - and here is what it came back with:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service svchost32 stopped successfully!
Service svchost32 deleted successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Registry value HKEY_USERS\S-1-5-21-1404071232-436751193-1796547498-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9db228c1-c2c8-11dc-9bd4-00188b8aa8d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9db228c1-c2c8-11dc-9bd4-00188b8aa8d3}\ not found.
File G:\system\viewer\FlipVideoforPC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9db228c1-c2c8-11dc-9bd4-00188b8aa8d3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9db228c1-c2c8-11dc-9bd4-00188b8aa8d3}\ not found.
File G:\system\viewer\FlipVideoforPC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55f443e-a7c7-11df-9c91-00188b8aa8d3}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d00ece92-d7b1-11df-9c9c-00188b8aa8d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d00ece92-d7b1-11df-9c9c-00188b8aa8d3}\ not found.
File J:\MI.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
File F:\Launch.exe not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dr. Gorski\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dr. Gorski\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dr. Gorski
->Temp folder emptied: 390144 bytes
->Temporary Internet Files folder emptied: 3053038 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4151574 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: DR980A~1~GOR

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Dr. Gorski
->Flash cache emptied: 0 bytes

User: DR980A~1~GOR

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03302011_111857

Files\Folders moved on Reboot...
C:\Documents and Settings\Dr. Gorski\Local Settings\Temporary Internet Files\Content.IE5\UIBK5H9Y\page__gopid__2187930[1].txt moved successfully.
File\Folder C:\Documents and Settings\Dr. Gorski\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users