Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

possible redirect infection with loss of some admin privilages

Started by thewlfmnsbro , Oct 09 2010 09:30 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 thewlfmnsbro

thewlfmnsbro

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 09 October 2010 - 09:30 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:25 PM, on 10/9/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Family\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25430
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files (x86)\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\windows\system32\dlcxcoms.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7135 bytes

    Advertisements

Register to Remove

#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 11 October 2010 - 06:34 AM

Download OTL and save it to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download scan.txt and save it to your Desktop. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#3 thewlfmnsbro

thewlfmnsbro

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 11 October 2010 - 05:45 PM

Thank you for your help. the files are as follows

OTL logfile created on: 10/11/2010 7:31:19 PM - Run 1
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Users\Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 766.26 Gb Free Space | 82.27% Space Free | Partition Type: NTFS
Drive F: | 111.79 Gb Total Space | 12.43 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
PRC - C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Family\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\winsta.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msiltcfg.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\drprov.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\davhlpr.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV:64bit: - (dlcx_device) -- C:\windows\SysNative\dlcxcoms.exe ( )
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IS360service) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (dlcx_device) -- C:\windows\SysWow64\dlcxcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 7A AE 49 02 68 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25430



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\windows\SysNative\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)


SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/11 19:19:01 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Family\Desktop\OTL.exe
[2010/10/09 22:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/10/09 19:48:13 | 000,000,000 | ---D | C] -- C:\Users\Family\Documents\my games
[2010/10/08 18:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/08 18:35:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/08 09:57:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMBEGPNHSTS
[2010/10/08 09:57:49 | 000,000,000 | -HSD | C] -- C:\Users\Family\AppData\Roaming\Smart Security
[2010/10/08 09:57:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\f7d5a2
[2010/10/03 13:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barbie® idesign™ Ultimate Stylist™
[2010/09/22 15:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2010/09/20 17:40:14 | 000,000,000 | ---D | C] -- C:\Users\Family\.thumbnails
[2010/09/20 17:38:33 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\gtk-2.0
[2010/09/20 17:33:13 | 000,000,000 | ---D | C] -- C:\Users\Family\Documents\gegl-0.0
[2010/09/20 17:33:13 | 000,000,000 | ---D | C] -- C:\Users\Family\.gimp-2.6
[2010/09/20 17:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2010/09/14 20:40:44 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\inkscape
[2010/09/14 20:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2010/09/13 21:21:11 | 034,662,316 | ---- | C] (inkscape.org) -- C:\Users\Family\Documents\Inkscape-0.48.0-1.exe
[2010/09/12 20:57:00 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Reward_Tracker
[2010/09/08 21:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/08 21:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/08 21:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/08 21:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/08 14:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Online Entertainment
[2010/09/08 13:53:52 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\iWin
[2010/09/07 10:12:09 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\SulusGames
[2010/09/06 10:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/09/04 23:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze Ultra Accelerator
[2010/09/01 17:25:44 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Merscom
[2010/09/01 17:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Merscom
[2010/09/01 09:59:26 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\PlayFirst
[2010/09/01 09:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2010/08/28 19:33:58 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\IObit
[2010/08/28 19:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/08/17 23:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2010/08/17 23:12:59 | 000,000,000 | ---D | C] -- C:\Users\Family\Documents\ConvertXToDVD
[2010/08/14 22:50:57 | 000,082,816 | ---- | C] (VSO Software) -- C:\windows\SysNative\drivers\pcouffin.sys
[2010/08/14 22:50:57 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Family\AppData\Roaming\pcouffin.sys
[2010/08/14 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Vso
[2010/08/14 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Family\Documents\PcSetup
[2010/08/14 22:50:53 | 000,626,688 | ---- | C] (On2.com) -- C:\windows\SysWow64\vp7vfw.dll
[2010/08/14 22:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2010/08/14 22:46:12 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\WinRAR
[2010/08/14 22:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/14 21:13:24 | 000,000,000 | ---D | C] -- C:\Users\Family\Documents\Vuze Downloads
[2010/08/14 21:09:30 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Azureus
[2010/08/14 21:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/07/24 17:16:52 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\GamesCafe
[2010/07/16 17:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2010/05/23 11:56:56 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxinpa.dll
[2010/05/23 11:56:55 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxpmui.dll
[2010/05/23 11:56:55 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxiesc.dll
[2010/05/23 11:56:54 | 000,991,232 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxusb1.dll
[2010/05/23 11:56:53 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxserv.dll
[2010/05/23 11:56:53 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxlmpm.dll
[2010/05/23 11:56:53 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxprox.dll
[2010/05/23 11:56:53 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxpplc.dll
[2010/05/23 11:56:52 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxhbn3.dll
[2010/05/23 11:56:52 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxcomc.dll
[2010/05/23 11:56:52 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxcomm.dll

========== Files - Modified Within 90 Days ==========

[2010/10/11 19:31:21 | 004,456,448 | -HS- | M] () -- C:\Users\Family\NTUSER.DAT
[2010/10/11 19:19:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Desktop\OTL.exe
[2010/10/11 19:09:25 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/10/11 10:29:45 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 10:29:45 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 10:27:07 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/10/11 10:27:07 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/10/11 10:27:07 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/10/11 10:22:24 | 000,000,396 | ---- | M] () -- C:\windows\tasks\AWC Startup.job
[2010/10/11 10:22:23 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/10/11 10:22:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/10/11 10:22:10 | 334,843,903 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/10 15:12:58 | 005,803,742 | -H-- | M] () -- C:\Users\Family\AppData\Local\IconCache.db
[2010/10/10 15:11:03 | 000,655,360 | ---- | M] () -- C:\Users\Family\Documents\NEW bill matrix.xls
[2010/10/09 22:37:45 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/10/09 20:11:12 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/10/09 20:11:12 | 000,001,854 | ---- | M] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/10/08 18:35:26 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 19:31:22 | 000,004,276 | ---- | M] () -- C:\Users\Family\.recently-used.xbel
[2010/10/05 21:23:29 | 000,089,088 | ---- | M] () -- C:\Users\Family\Documents\Trevor Resume.doc
[2010/10/04 19:52:22 | 000,062,976 | ---- | M] () -- C:\Users\Family\Documents\jennifer resume.doc
[2010/10/03 13:37:27 | 000,002,815 | ---- | M] () -- C:\Users\Public\Desktop\Barbie® idesign™ Ultimate Stylist™.lnk
[2010/09/27 17:36:56 | 000,001,057 | ---- | M] () -- C:\Users\Family\AppData\Roaming\vso_ts_preview.xml
[2010/09/20 17:33:10 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/09/16 21:39:09 | 082,954,790 | ---- | M] () -- C:\Users\Family\New document 1.2010_09_16_21_38_59.0.svg
[2010/09/15 22:23:23 | 000,051,200 | ---- | M] () -- C:\Users\Family\Documents\10th anniversary decal design.doc
[2010/09/15 03:02:08 | 000,000,499 | ---- | M] () -- C:\windows\win.ini
[2010/09/14 20:40:18 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2010/09/13 21:21:11 | 034,662,316 | ---- | M] (inkscape.org) -- C:\Users\Family\Documents\Inkscape-0.48.0-1.exe
[2010/09/12 19:02:00 | 000,610,816 | ---- | M] () -- C:\Users\Family\Documents\8718C500
[2010/09/12 18:59:40 | 000,610,816 | ---- | M] () -- C:\Users\Family\Documents\23F5C500
[2010/09/09 20:22:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2010/09/08 21:53:34 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2010/09/07 10:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2010/09/07 10:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2010/09/07 10:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2010/09/07 10:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2010/09/06 10:23:34 | 000,051,057 | ---- | M] () -- C:\Users\Family\Documents\TS030005688.doc
[2010/09/06 10:01:23 | 000,051,057 | ---- | M] () -- C:\Users\Family\Documents\TS030005688.dotx
[2010/09/06 10:00:38 | 000,310,635 | ---- | M] () -- C:\Users\Family\Documents\TS010357047.dotx
[2010/09/04 23:02:21 | 000,001,205 | ---- | M] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze Ultra Accelerator.lnk
[2010/09/04 23:02:21 | 000,001,181 | ---- | M] () -- C:\Users\Public\Desktop\Vuze Ultra Accelerator.lnk
[2010/08/31 16:54:43 | 000,608,256 | ---- | M] () -- C:\Users\Family\Documents\A9DC0200
[2010/08/28 19:34:00 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/08/14 22:50:57 | 000,099,384 | ---- | M] () -- C:\Users\Family\AppData\Roaming\inst.exe
[2010/08/14 22:50:57 | 000,082,816 | ---- | M] (VSO Software) -- C:\windows\SysNative\drivers\pcouffin.sys
[2010/08/14 22:50:57 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Family\AppData\Roaming\pcouffin.sys
[2010/08/14 22:50:57 | 000,007,859 | ---- | M] () -- C:\Users\Family\AppData\Roaming\pcouffin.cat
[2010/08/14 22:50:57 | 000,001,167 | ---- | M] () -- C:\Users\Family\AppData\Roaming\pcouffin.inf
[2010/08/14 22:50:56 | 000,001,234 | ---- | M] () -- C:\Users\Family\Desktop\ConvertXtoDVD 4.lnk
[2010/08/11 03:20:12 | 000,412,400 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2010/08/03 17:17:53 | 000,026,423 | ---- | M] () -- C:\Users\Family\Documents\EOB 1-27-10.pdf

========== Files Created - No Company Name ==========

[2010/10/09 22:37:45 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/10/09 20:11:12 | 000,001,854 | ---- | C] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/10/08 18:35:26 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 19:31:22 | 000,004,276 | ---- | C] () -- C:\Users\Family\.recently-used.xbel
[2010/10/05 18:28:44 | 000,089,088 | ---- | C] () -- C:\Users\Family\Documents\Trevor Resume.doc
[2010/10/04 19:19:12 | 000,062,976 | ---- | C] () -- C:\Users\Family\Documents\jennifer resume.doc
[2010/10/03 13:37:27 | 000,002,815 | ---- | C] () -- C:\Users\Public\Desktop\Barbie® idesign™ Ultimate Stylist™.lnk
[2010/09/20 17:33:10 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/09/16 21:38:59 | 082,954,790 | ---- | C] () -- C:\Users\Family\New document 1.2010_09_16_21_38_59.0.svg
[2010/09/14 20:40:18 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2010/09/13 22:03:36 | 000,051,200 | ---- | C] () -- C:\Users\Family\Documents\10th anniversary decal design.doc
[2010/09/08 21:53:34 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/06 10:23:33 | 000,051,057 | ---- | C] () -- C:\Users\Family\Documents\TS030005688.doc
[2010/09/06 10:01:22 | 000,051,057 | ---- | C] () -- C:\Users\Family\Documents\TS030005688.dotx
[2010/09/06 10:00:37 | 000,310,635 | ---- | C] () -- C:\Users\Family\Documents\TS010357047.dotx
[2010/09/04 23:02:21 | 000,001,205 | ---- | C] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze Ultra Accelerator.lnk
[2010/09/04 23:02:21 | 000,001,181 | ---- | C] () -- C:\Users\Public\Desktop\Vuze Ultra Accelerator.lnk
[2010/08/28 19:34:03 | 000,000,396 | ---- | C] () -- C:\windows\tasks\AWC Startup.job
[2010/08/28 19:34:00 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/08/16 23:43:23 | 000,001,057 | ---- | C] () -- C:\Users\Family\AppData\Roaming\vso_ts_preview.xml
[2010/08/14 22:50:57 | 000,099,384 | ---- | C] () -- C:\Users\Family\AppData\Roaming\inst.exe
[2010/08/14 22:50:57 | 000,007,859 | ---- | C] () -- C:\Users\Family\AppData\Roaming\pcouffin.cat
[2010/08/14 22:50:57 | 000,001,167 | ---- | C] () -- C:\Users\Family\AppData\Roaming\pcouffin.inf
[2010/08/14 22:50:56 | 000,001,234 | ---- | C] () -- C:\Users\Family\Desktop\ConvertXtoDVD 4.lnk
[2010/08/14 21:08:23 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/08/03 17:17:40 | 000,026,423 | ---- | C] () -- C:\Users\Family\Documents\EOB 1-27-10.pdf
[2010/06/08 19:53:32 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2010/06/08 19:53:32 | 000,000,547 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll.manifest
[2010/05/23 11:56:56 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\dlcxinst.dll
[2010/05/23 11:56:55 | 000,454,656 | ---- | C] () -- C:\windows\SysWow64\dlcxutil.dll
[2010/05/23 11:56:55 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\dlcxjswr.dll
[2010/05/23 11:56:55 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\dlcxinsr.dll
[2010/05/23 11:56:55 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\dlcxcur.dll
[2010/05/23 11:56:54 | 000,176,128 | ---- | C] () -- C:\windows\SysWow64\dlcxinsb.dll
[2010/05/23 11:56:54 | 000,176,128 | ---- | C] () -- C:\windows\SysWow64\dlcxins.dll
[2010/05/23 11:56:54 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\dlcxcub.dll
[2010/05/23 11:56:54 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\dlcxcu.dll
[2010/05/23 11:56:51 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\DLCXcfg.dll
[2010/05/22 22:37:20 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2008/12/01 21:32:32 | 000,362,029 | ---- | C] () -- C:\windows\SysWow64\sqlite3.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/10/09 21:08:35 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Azureus
[2010/07/24 17:16:52 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\GamesCafe
[2010/09/20 18:20:26 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\gtk-2.0
[2010/10/08 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\inkscape
[2010/10/09 22:37:45 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\IObit
[2010/06/08 19:54:21 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\iPodtoComputer
[2010/09/08 13:53:52 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\iWin
[2010/07/01 01:42:52 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Magic Academy
[2010/09/01 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Merscom
[2010/09/01 09:59:26 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\PlayFirst
[2010/09/12 20:57:00 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Reward_Tracker
[2010/10/08 09:57:51 | 000,000,000 | -HSD | M] -- C:\Users\Family\AppData\Roaming\Smart Security
[2010/09/07 10:12:09 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\SulusGames
[2010/09/27 17:36:57 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Vso
[2010/06/30 20:49:42 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\WildTangent
[2010/10/11 10:22:24 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2009/07/14 01:08:49 | 000,027,092 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/11 19:09:25 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/10/11 10:22:10 | 334,843,903 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/08 20:10:29 | 001,251,724 | ---- | M] () -- C:\ituneslib.itl
[2010/10/11 10:22:12 | 1878,118,399 | -HS- | M] () -- C:\pagefile.sys
[2010/04/09 18:26:35 | 000,000,057 | -H-- | M] () -- C:\splash.idx
[2009/07/07 01:03:24 | 000,009,392 | -H-- | M] () -- C:\version

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/22 22:40:28 | 000,000,221 | -HS- | M] () -- C:\Users\Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/11 19:19:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/06/30 20:47:58 | 000,001,232 | ---- | M] () -- C:\Users\Family\Favorites\Acer Games.lnk
[2010/08/03 17:14:16 | 000,000,402 | -HS- | M] () -- C:\Users\Family\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2009/06/10 17:17:19 | 000,116,288 | ---- | M] () -- C:\Windows\SysWOW64\PerfCenterCpl.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/11 19:33:21 | 004,456,448 | -HS- | M] () -- C:\Users\Family\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >
[2009/07/13 16:29:26 | 000,000,714 | ---- | M] () -- C:\Windows\SysWOW64\RestartManager.mof
[2009/07/13 16:29:26 | 000,000,176 | ---- | M] () -- C:\Windows\SysWOW64\RestartManagerUninstall.mof

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2010/05/23 11:59:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
[2010/09/25 10:36:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acer Games
[2010/10/08 18:35:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/06/08 19:08:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/10/03 13:37:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Barbie® idesign™ Ultimate Stylist™
[2010/06/24 13:52:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/10/08 18:35:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/06/20 17:21:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Coupons
[2010/06/08 19:53:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cucusoft
[2010/10/08 20:28:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell PC Fax
[2010/07/08 12:05:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Photo AIO Printer 926
[2010/03/02 18:48:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Downloaded Installations
[2010/09/20 17:33:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0
[2010/10/08 20:28:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Inkscape
[2010/03/02 18:46:20 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/29 03:16:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/10/09 22:37:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IObit
[2010/09/08 21:53:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/05/29 20:21:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/22 22:36:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/09/06 10:20:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/09/29 03:17:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/05/22 22:36:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/05/22 22:46:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/25 03:02:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/09/06 10:20:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2010/09/08 21:52:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/03/02 18:42:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/03/02 18:42:40 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/14 00:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/06/12 20:22:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Unity
[2010/03/02 18:46:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VIA
[2010/08/14 22:50:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VSO
[2010/10/09 20:11:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2010/09/04 23:02:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze Ultra Accelerator
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/05/22 22:18:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/04/09 18:32:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %ProgramFiles%\Microsoft Office\OFFICE11\*.* >
[2007/03/22 19:07:56 | 000,091,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\ADDRPARS.DLL
[2007/04/19 14:10:18 | 000,045,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\AUTHZAX.DLL
[2007/03/22 19:29:56 | 000,099,160 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\AW.DLL
[2002/07/29 15:32:10 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\BIDI32.DLL
[2007/04/19 14:07:38 | 000,066,400 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\BLNMGR.DLL
[2007/04/19 14:07:34 | 000,052,064 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\BLNMGRPS.DLL
[2007/03/22 19:06:08 | 000,355,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\CDLMSO.DLL
[1997/08/19 01:37:00 | 000,031,497 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\CGMIMP32.HLP
[1999/01/15 14:20:40 | 000,112,351 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\CLIPPIT.ACG
[1999/01/15 14:20:42 | 002,904,417 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\CLIPPIT.ACS
[2000/11/13 20:59:00 | 000,116,591 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\DESIGNER.XML
[2008/08/11 12:52:46 | 000,080,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\DLGSETP.DLL
[1999/01/15 14:20:14 | 000,032,191 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\DOT.ACG
[1999/01/15 14:20:14 | 000,555,163 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\DOT.ACS
[2007/03/22 19:23:32 | 000,019,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\DSITF.DLL
[2007/05/10 13:44:02 | 000,121,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\DSSM.EXE
[2001/01/12 17:15:36 | 000,468,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\EEFONTS.DLL
[2008/01/14 21:51:06 | 000,137,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\ENVELOPE.DLL
[2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
[2003/03/19 23:23:56 | 000,001,652 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.PIP
[2005/03/01 14:27:48 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCHCSP.DLL
[2009/12/11 12:50:58 | 000,079,660 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\EXLPRTID.XML
[2009/06/15 16:43:00 | 000,350,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\EXSEC32.DLL
[1999/01/15 14:20:42 | 000,162,709 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\F1.ACG
[1999/01/15 14:20:42 | 002,554,070 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\F1.ACS
[2007/03/22 19:06:34 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\FINDER.EXE
[2007/06/06 12:46:12 | 001,961,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\FPCUTL.DLL
[2007/04/19 14:15:26 | 000,192,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\FPDTC.DLL
[2009/06/22 21:14:58 | 001,700,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\GDIPLUS.DLL
[2007/04/19 13:57:32 | 002,152,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\GRAPH.EXE
[1998/12/08 19:53:54 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\HLP95EN.DLL
[2010/07/20 17:04:42 | 000,189,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\IEAWSDC.DLL
[2008/02/06 21:33:38 | 000,127,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\IMPMAIL.DLL
[2007/03/20 18:35:08 | 000,000,619 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\INTLBAND.HTM
[2007/03/22 19:25:44 | 000,067,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\INTLDATE.DLL
[1999/01/15 14:20:46 | 000,127,537 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\LOGO.ACG
[1999/01/15 14:20:46 | 001,030,546 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\LOGO.ACS
[2007/04/19 14:00:16 | 000,103,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MCPS.DLL
[2007/12/14 19:46:54 | 000,182,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MIMEDIR.DLL
[2007/03/22 19:06:46 | 000,033,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MLSHEXT.DLL
[1999/01/15 14:20:46 | 000,104,616 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MNATURE.ACG
[1999/01/15 14:20:46 | 001,530,968 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MNATURE.ACS
[2007/04/19 14:00:48 | 000,476,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MODHELP.DLL
[2007/04/19 14:00:36 | 000,043,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSE7.EXE
[2000/04/03 13:13:40 | 000,003,638 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSN.ICO
[2007/04/19 14:10:34 | 000,127,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOAUTH.DLL
[2007/03/22 19:04:52 | 000,109,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOCF.DLL
[2007/03/22 19:04:52 | 000,130,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOCFU.DLL
[2007/03/22 19:29:22 | 000,031,072 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSODCW.DLL
[2003/07/14 22:52:58 | 000,067,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOHEV.DLL
[2007/04/19 14:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOHTMED.EXE
[2007/03/22 19:16:44 | 000,057,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOMSE.DLL
[2007/04/19 14:07:24 | 000,036,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOSTYLE.DLL
[2007/04/19 14:07:34 | 000,058,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOSVABW.DLL
[2007/04/19 14:07:32 | 000,045,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOSVFBR.DLL
[2007/03/22 19:08:34 | 000,203,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOUTL.OLB
[2003/04/09 16:20:56 | 000,001,900 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOUTLO.PIP
[2000/11/09 10:49:16 | 001,200,177 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOWCW.DLL
[2007/03/22 19:05:32 | 000,251,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSPPT.OLB
[2007/04/19 14:03:54 | 000,648,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSQRY32.EXE
[2007/04/19 14:00:30 | 000,637,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSTORDB.EXE
[2007/04/19 14:00:22 | 000,130,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSTORE.EXE
[2007/04/19 14:00:30 | 000,489,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSTORES.DLL
[2001/01/23 12:41:10 | 000,831,562 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSUSP.DLL
[2007/04/19 14:09:02 | 000,157,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSWEBCAP.DLL
[2007/03/22 19:05:50 | 000,668,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MSWORD.OLB
[2003/03/04 16:57:20 | 000,141,952 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MULTIMGR.DLL
[2001/01/29 20:03:26 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\MULTIQ.DLL
[2007/04/19 14:10:26 | 000,080,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NAME.DLL
[2001/01/23 11:15:48 | 000,001,696 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISECHS.TXT
[2001/01/23 11:15:48 | 000,001,696 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISECHT.TXT
[2001/01/23 11:15:50 | 000,149,848 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISEDEU.TXT
[2001/01/23 11:15:50 | 000,000,755 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISEENG.TXT
[2001/01/23 11:15:50 | 000,000,755 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISEENU.TXT
[2001/01/23 11:15:50 | 000,019,684 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISEESN.TXT
[2001/01/23 11:15:50 | 000,049,196 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISEFRA.TXT
[2001/01/23 11:15:50 | 000,019,618 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISEITA.TXT
[2001/01/23 11:15:50 | 000,002,060 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISEJPN.TXT
[2001/01/23 11:15:50 | 000,001,486 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISEKOR.TXT
[2001/01/23 11:15:50 | 000,000,745 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISENEU.TXT
[2001/01/23 11:15:50 | 000,013,256 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISENLD.TXT
[2001/01/23 11:15:50 | 000,013,730 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISESVE.TXT
[2001/01/23 11:15:50 | 000,000,697 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NOISETHA.TXT
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\NPOFFICE.DLL
[1999/01/15 14:20:46 | 000,136,869 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OFFCAT.ACG
[1999/01/15 14:20:46 | 002,071,708 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OFFCAT.ACS
[2007/03/22 19:06:22 | 000,287,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OIS.EXE
[2003/04/25 17:27:54 | 000,000,420 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OIS.PIP
[2007/04/19 13:50:52 | 000,837,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OISAPP.DLL
[2007/03/22 19:06:08 | 000,046,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\oisctrl.dll
[2007/03/22 19:06:22 | 000,245,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OISGRAPH.DLL
[2007/11/19 20:38:52 | 000,236,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OLKFSTUB.DLL
[2009/12/11 12:50:58 | 000,079,692 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OLKPRTID.XML
[2007/04/19 14:09:46 | 001,061,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OMFC.DLL
[2003/07/12 03:59:46 | 000,016,504 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OPW11USR.INI
[2007/03/22 19:30:30 | 000,099,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OSA.EXE
[2007/04/19 13:52:16 | 000,030,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLACCT.DLL
[2009/08/05 10:45:04 | 000,106,312 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLCTL.DLL
[2010/07/29 12:29:38 | 003,609,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLFLTR.DAT
[2005/11/04 13:36:46 | 000,307,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLFLTR.DLL
[2010/05/20 15:19:18 | 007,627,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLLIB.DLL
[2009/04/10 16:47:34 | 000,102,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLMIME.DLL
[2010/05/20 15:19:06 | 000,196,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
[2007/11/19 20:38:32 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLPH.DLL
[2009/02/09 21:28:22 | 000,066,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLRPC.DLL
[2007/04/19 13:52:54 | 000,050,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLVBS.DLL
[2007/03/22 19:07:28 | 000,052,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLWAB.DLL
[2007/04/19 14:10:32 | 000,648,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OWSCLT.DLL
[2007/04/19 14:10:18 | 000,099,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OWSSUPP.DLL
[2010/04/17 00:14:14 | 006,418,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\POWERPNT.EXE
[2003/03/19 23:23:38 | 000,001,532 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\POWERPOI.PIP
[2009/12/11 12:50:58 | 000,079,716 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\PPTPRTID.XML
[2010/01/14 16:48:00 | 001,790,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\PPTVIEW.EXE
[2007/03/22 19:18:32 | 000,116,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\PROFLWIZ.EXE
[2007/03/22 19:07:10 | 000,041,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\RECALL.DLL
[2003/03/25 11:45:28 | 000,005,974 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\REFBAR.ICO
[2003/03/25 11:45:28 | 000,005,974 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\REFBARH.ICO
[2007/06/06 12:07:40 | 000,100,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\REFEDIT.DLL
[2007/04/19 14:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL
[2003/02/19 13:05:30 | 000,108,800 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\REMINDER.WAV
[2002/12/13 23:30:44 | 000,002,664 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\RESETO11.OPS
[1999/01/15 14:20:14 | 000,123,149 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\ROCKY.ACG
[1999/01/15 14:20:14 | 003,006,178 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\ROCKY.ACS
[2007/03/22 19:09:02 | 000,394,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\RTFHTML.DLL
[2007/03/22 19:25:58 | 000,218,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\SAEXT.DLL
[2007/04/19 14:10:44 | 000,355,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\SELFCERT.EXE
[2007/03/22 19:07:40 | 000,069,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\SENDTO.DLL
[2007/04/19 14:10:20 | 000,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\SEQCHK10.DLL
[2007/04/19 14:04:10 | 000,390,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\SETLANG.EXE
[2003/06/02 12:58:08 | 000,262,216 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\SMSW.CHM
[2007/05/10 13:42:52 | 002,839,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\STSLIST.DLL
[2007/04/19 14:10:28 | 000,185,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\STSUPLD.DLL
[2007/03/22 19:25:44 | 000,079,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\UCSCRIBE.DLL
[2007/04/19 14:10:22 | 000,071,008 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\UNBIND.EXE
[2002/10/30 12:21:18 | 000,246,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\UNICOWS.DLL
[2001/01/23 11:46:56 | 000,013,576 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\USPDAT10.XML
[2001/01/23 11:46:58 | 000,113,911 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\USPMAP.XML
[2001/01/23 11:46:56 | 000,167,035 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\USPTYPES.XML
[2000/09/11 18:36:38 | 000,038,375 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\VIEWSSPT.XML
[2000/08/07 15:31:38 | 000,039,514 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\VIEWSSRC.XML
[2000/11/29 15:51:30 | 000,005,828 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\VISUALUI.TTF
[2003/04/02 11:21:12 | 000,111,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WAVTOASF.EXE
[2003/01/13 15:04:18 | 000,092,752 | ---- | M] (Indicus Pvt. Ltd for Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WDBIMP.DLL
[2010/06/23 17:07:02 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
[2003/06/06 11:25:46 | 000,001,764 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WORD.PIP
[2002/12/02 15:54:08 | 000,001,532 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WORDMAIL.PIP
[2009/12/11 12:51:00 | 000,079,676 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WRDPRTID.XML
[2000/09/27 11:27:48 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WWPAB.CNV
[2000/03/07 22:45:34 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\XL5EN32.OLB
[1999/12/09 21:21:30 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\XLCALL32.DLL
[2003/05/29 12:22:08 | 000,010,217 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\OFFICE11\XML2WORD.XSL

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

_______________________________________******************----------



OTL Extras logfile created on: 10/11/2010 7:31:19 PM - Run 1
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Users\Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 766.26 Gb Free Space | 82.27% Space Free | Partition Type: NTFS
Drive F: | 111.79 Gb Total Space | 12.43 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CFA90C29-43CE-DA57-ADB1-66896590754B}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{36FED898-68B7-4A00-824F-EB2136E17D6A}" = Barbie® idesign™ Ultimate Stylist™
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"8461-7759-5462-8226" = Vuze
"Acer Game Console" = Acer Game Console
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Inkscape" = Inkscape 0.48.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"UnityWebPlayer" = Unity Web Player
"Vuze Ultra Accelerator" = Vuze Ultra Accelerator
"WildTangent acer Master Uninstall" = Acer Games
"WinGimp-2.0_is1" = GIMP 2.6.10
"WT077635" = Family Feud
"WT077781" = Wheel of Fortune 2
"WT078319" = Sally's Salon
"WT080023" = Family Feud 3
"WT080425" = Chocolatier
"WT080450" = Coffee Tycoon
"WT080484" = Cute Knight
"WT080651" = Digby's Donuts
"WT080684" = Family Feud Holiday
"WT080686" = Family Feud Hollywood Edition
"WT080990" = Magic Academy
"WT081230" = Roller Rush
"WT084171" = Nanny 911
"WTA-1bfbc45f-b9f5-4bec-8d24-1603fb69b59d" = Fishdom™ 2
"WTA-3268bb7c-dea8-4e31-a9eb-23447e5c721d" = Flower Paradise
"WTA-54eeb269-d6cf-4a06-8176-a4d0bc4542de" = Wedding Dash ® 4-Ever
"WTA-79fe150f-b484-4488-ac6b-fbf467a95ca3" = Pizza Chef 2
"WTA-7c43a39f-d09c-4dc9-a6c0-ef655549c7c9" = Family Feud 2
"WTA-b5e63f65-6810-4e5b-baca-75d0638ff32f" = Sally's Studio Premium Edition
"WTA-ce6ff179-7862-458e-859e-e4574533e3f9" = Burger Bustle

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2010 6:01:39 AM | Computer Name = Family-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/4/2010 12:30:09 AM | Computer Name = Family-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/5/2010 12:40:26 AM | Computer Name = Family-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/7/2010 12:30:38 AM | Computer Name = Family-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/7/2010 10:09:13 AM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/7/2010 10:10:07 AM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/7/2010 10:11:51 AM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/7/2010 10:12:49 AM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/7/2010 10:13:48 AM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/7/2010 10:14:41 AM | Computer Name = Family-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 9/9/2010 8:23:09 PM | Computer Name = Family-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9/9/2010 8:29:08 PM | Computer Name = Family-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 9/11/2010 11:15:46 PM | Computer Name = Family-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9/11/2010 11:15:50 PM | Computer Name = Family-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9/12/2010 12:02:15 PM | Computer Name = Family-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9/12/2010 12:02:22 PM | Computer Name = Family-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:00:11 PM on ?9/?12/?2010 was unexpected.

Error - 9/12/2010 12:02:18 PM | Computer Name = Family-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9/12/2010 12:16:13 PM | Computer Name = Family-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9/12/2010 12:16:19 PM | Computer Name = Family-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:13:16 PM on ?9/?12/?2010 was unexpected.

Error - 9/12/2010 12:16:16 PM | Computer Name = Family-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!


< End of report >

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 11 October 2010 - 06:37 PM

Hi

Please do the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25430
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010/10/08 09:57:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMBEGPNHSTS
[2010/10/08 09:57:49 | 000,000,000 | -HSD | C] -- C:\Users\Family\AppData\Roaming\Smart Security
[2010/10/08 09:57:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\f7d5a2

:Commands
[resethosts]
[emptyflash]
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log



NEXT

Are you familiar with these folders and their content? Are they something you have created yourself?



C:\Users\Family\Documents\A9DC0200
C:\Users\Family\Documents\8718C500
C:\Users\Family\Documents\23F5C500



NEXT

Show hidden files and folders

  • Close all programs so that you are at your desktop.
  • Open the Control Panel switch to classic view, then click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and exit My Computer.
  • Now your computer is configured to show all hidden files.

Now do the following


submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file C:\dvmexp.idx
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#5 thewlfmnsbro

thewlfmnsbro

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 11 October 2010 - 07:12 PM

Hi,
Im sorry. I dont know if i did something wrong or not but i didnot get a new OTL log after running the fix.

As for the three files that were listed in the second part of your reply, I do not recognize those or the other files that are named by some sort of letter/number combination in that folder. Should i delete these?

The link to the results for the VT scan is:
http://www.virustota...9aa3-1286845329

Thank you for your time, again.

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 11 October 2010 - 08:17 PM

Let's have a look in them first

please do the following:

Open Notepad (first - right click it and Run as Administrator) and copy/paste the entire contents of the codebox below into Notepad:

@echo off
dir /a /s "C:\Users\Family\Documents\A9DC0200" >log.txt
dir /a /s "C:\Users\Family\Documents\8718C500" >>log.txt
dir /a /s "C:\Users\Family\Documents\23F5C500" >>log.txt
notepad log.txt
del peek.bat

Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this: Posted Image

Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents of that file in your next reply.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#7 thewlfmnsbro

thewlfmnsbro

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 12 October 2010 - 08:29 PM

Hello, Sorry for the late reply. Ive had a busy day. The results are as follows: Volume in drive C is OS Volume Serial Number is 2EEF-6053 Directory of C:\Users\Family\Documents 08/31/2010 04:54 PM 608,256 A9DC0200 1 File(s) 608,256 bytes Total Files Listed: 1 File(s) 608,256 bytes 0 Dir(s) 825,749,581,824 bytes free Volume in drive C is OS Volume Serial Number is 2EEF-6053 Directory of C:\Users\Family\Documents 09/12/2010 07:02 PM 610,816 8718C500 1 File(s) 610,816 bytes Total Files Listed: 1 File(s) 610,816 bytes 0 Dir(s) 825,749,581,824 bytes free Volume in drive C is OS Volume Serial Number is 2EEF-6053 Directory of C:\Users\Family\Documents 09/12/2010 06:59 PM 610,816 23F5C500 1 File(s) 610,816 bytes Total Files Listed: 1 File(s) 610,816 bytes 0 Dir(s) 825,749,467,136 bytes free

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 12 October 2010 - 09:03 PM

Hi

Those are files, not folders, so lets get them analyzed

please do the following:


submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file C:\Users\Family\Documents\A9DC0200
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Do the same for the following files:

C:\Users\Family\Documents\8718C500
C:\Users\Family\Documents\23F5C500

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#9 thewlfmnsbro

thewlfmnsbro

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 13 October 2010 - 04:07 PM

Hi,

I dont know it it pertains to this matter or not, but each morning when i wake up i have to hold the power button down on my computer because nothing on the desktop will work, but after it restarts it works again. the links for the referenced files are below.

A9DC0200 results: http://www.virustota...3d9d-1287006981


8718C500 results: http://www.virustota...70fc-1287007451

23F5C500 results: http://www.virustota...117e-1287007558

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 13 October 2010 - 06:59 PM

Hi

You said there were other similarly named files in that folder?

let's get a look

Please do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
C:\Users\Family\Documents /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

NEXT

I'd like to see those files

please do the following:

Please upload the following file(s) to
this submission channel for analysis. You can just paste the path into the box then click Send File.
Leave a link back to this topic.

C:\Users\Family\Documents\A9DC0200
C:\Users\Family\Documents\8718C500
C:\Users\Family\Documents\23F5C500

how long has your computer not responded when coming out of hibernation?

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#11 thewlfmnsbro

thewlfmnsbro

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 13 October 2010 - 09:44 PM

Hello, The issue with the desktop icons not responding just started about 3 days ago. When I double click on an icon the mouse changes like the computer is working then it stops and nothing happens. I can open the start menu but i cannot click anything in the list or use the shutdown button. I can click in the search box but the keyboard is unresponsive so i cannot type anything or use ctrl+alt+del. That is why I have been using the manual power switch to reboot. After the restart all seems to be ok. I uploaded all 8 (eight) of the suspicious files to the submission site you provided. The systemlook.txt file ended up being 4.85 MB. I tried to copy and paste the contents and IE became unresponsive. I wasnt sure if that was too large to post via copy and paste. Please advise.

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 13 October 2010 - 10:48 PM

I'm not sure what program is creating those files, they seem to be transaction summaries of some sort, certainly not malicious. Perhaps a back-up of an online session of some type. I'm really not sure what their purpose is. Check with others in your household, see if they recognize them, they will open with notepad and you can make out some of the text amongst the code. As for the non response issue, I'll have to research that a little more, it doesn't appear to be malware related at this point, but malware may have effected something, so bare with me.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#13 thewlfmnsbro

thewlfmnsbro

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 14 October 2010 - 04:09 PM

i did figure out what those files are. They are backups of a shared document that allows changes by multiple users at the same time. they are not important anymore. i will delete. thanks.

#14 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 14 October 2010 - 04:36 PM

Try this for the issue with your computer not responding from stand-by 1.Click Start – Control Panel – System and Security – Power Options 2.Click “Change Plan Settings” on the “Balanced (recomended)” 3.Click “Change Advanced power settings” 4.Under the “Turn Off Hard Disk after” option change the timing to “0″ which should set it to Never. Click Apply and OK.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#15 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 24 October 2010 - 03:28 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·