Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91977 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

System slow, sometimes freezes [Solved]


  • This topic is locked This topic is locked
29 replies to this topic

#1 Formybro55

Formybro55

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 19 July 2014 - 11:16 PM

My brother asked me to help him figure out what (if anything) is wrong with his system, aside from being due for replacement.  (He does intend to replace it with something more up to date as soon as possible, but for a variety of reasons that won't be happening in the near future, anyway.  He understands that his now "unsupported" OS, Win XP, may be part of the problem at this point, but that's what we presently have to work with.)  According to him, his computer had been running noticeably more slowly of late, and has been subject to occasionally freezing altogether.  Clearing some unused software to free more disk space seems to have helped... a bit... but hasn't alleviated the problem completely.  I installed and ran SpyBot for him, and it found and "fixed" a couple instances of something called Montera toolbar (?) but I thought it would be for the best to come here for a nice "expert" clean bill of health.

 

As per the posted guidelines, I downloaded OTL and ran the scan.  Posted below are the contents of the two text files generated by the scan.

 

OTL.txt:

 

OTL logfile created on: 7/20/2014 12:31:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1021.98 Mb Total Physical Memory | 424.38 Mb Available Physical Memory | 41.52% Memory free
1.65 Gb Paging File | 1.07 Gb Available in Paging File | 64.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 119.96 Gb Free Space | 78.21% Space Free | Partition Type: NTFS
 
Computer Name: DAN-92068453A36 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Dan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f254328a10638e87223d401b39197c91\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (0231531405630367mcinstcleanup) -- C:\WINDOWS\TEMP\023153~1.EXE File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd.)
SRV - (ZAPrivacyService) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (WUSB54GSCV2) -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys (Broadcom Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 3A 2D B6 39 A0 CF 01  [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {D70EA29E-B4FF-4111-B5D2-18FE4FBE6570}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D70EA29E-B4FF-4111-B5D2-18FE4FBE6570}: "URL" = http://search.zoneal...tsId=&ver=&&r=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014/07/19 23:59:58 | 000,000,000 | ---D | M]
 
[2014/07/15 09:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2014/07/18 02:42:57 | 000,450,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1074143504875 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2704BE71-EFDA-45AF-AAD4-0E74BC03A457}: DhcpNameServer = 207.172.3.8 207.172.3.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7704771F-3385-4AB3-98B3-E1A1405CEB0A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/15 06:11:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/20 00:25:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2014/07/17 17:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/07/17 17:45:26 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/07/17 17:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/07/17 17:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/07/17 17:09:56 | 000,000,000 | ---D | C] -- C:\Downloads
[2014/07/16 23:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2014/07/16 23:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Yahoo!
[2014/07/16 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Microsoft Office
[2014/07/16 16:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Adobe
[2014/07/16 16:09:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/07/16 16:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\HP
[2014/07/16 15:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\HP
[2014/07/16 15:47:56 | 000,729,088 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwwiax4.dll
[2014/07/16 15:47:56 | 000,593,920 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpwtscl3.dll
[2014/07/16 15:47:56 | 000,294,912 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2014/07/16 15:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2014/07/16 15:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2014/07/16 15:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2014/07/16 15:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2014/07/16 15:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2014/07/16 15:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2014/07/16 15:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/07/16 15:40:53 | 001,373,528 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\hpzshl01.exe
[2014/07/16 15:40:53 | 001,140,056 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\hpzmsi01.exe
[2014/07/16 15:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\yellowtail
[2014/07/16 15:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/07/16 15:40:03 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2014/07/16 15:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2014/07/16 15:36:33 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5mu.dll
[2014/07/16 15:36:32 | 000,271,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2014/07/16 15:35:30 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2014/07/16 15:35:29 | 000,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2014/07/16 15:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Template
[2014/07/16 15:09:40 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2014/07/15 12:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\dan
[2014/07/15 12:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Sun
[2014/07/15 12:37:24 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2014/07/15 12:37:22 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2014/07/15 12:37:19 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2014/07/15 12:37:16 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2014/07/15 12:37:13 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2014/07/15 12:37:11 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2014/07/15 12:37:10 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2014/07/15 12:37:08 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2014/07/15 12:37:00 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2014/07/15 12:37:00 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2014/07/15 12:36:59 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2014/07/15 12:36:59 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2014/07/15 12:35:19 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2014/07/15 12:35:19 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll
[2014/07/15 12:35:19 | 000,003,744 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smsens.sys
[2014/07/15 12:02:09 | 000,000,000 | ---D | C] -- C:\audio
[2014/07/15 11:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Macromedia
[2014/07/15 11:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/15 11:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/07/15 11:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2014/07/15 11:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Adobe
[2014/07/15 11:46:26 | 000,699,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/07/15 11:46:26 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/07/15 11:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2014/07/15 11:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/07/15 11:42:10 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/07/15 11:42:10 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/07/15 11:42:02 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/07/15 11:42:02 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/07/15 11:42:02 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/07/15 11:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/07/15 11:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/07/15 11:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Sun
[2014/07/15 11:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory
[2014/07/15 11:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/07/15 11:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2014/07/15 11:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2014/07/15 11:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2014/07/15 11:35:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2014/07/15 11:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2014/07/15 09:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\DoNotTrackPlus
[2014/07/15 09:42:54 | 000,135,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2014/07/15 09:42:50 | 000,483,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2014/07/15 09:42:50 | 000,074,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys
[2014/07/15 09:42:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2014/07/15 09:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2014/07/15 09:39:46 | 000,000,000 | ---D | C] -- C:\3752b17b0f94d0e296e1829f472d7fb7
[2014/07/15 09:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD
[2014/07/15 09:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/07/15 09:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Check Point Software Technologies LTD
[2014/07/15 09:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2014/07/15 09:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2014/07/15 09:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2014/07/15 09:30:50 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2014/07/15 09:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2014/07/15 09:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2014/07/15 09:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/07/15 09:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/07/15 09:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2014/07/15 09:26:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2014/07/15 09:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft Help
[2014/07/15 09:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/07/15 09:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2014/07/15 09:25:21 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/07/15 09:20:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\IECompatCache
[2014/07/15 09:20:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\PrivacIE
[2014/07/15 09:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2014/07/15 09:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2014/07/15 09:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/07/15 09:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\U3
[2014/07/15 08:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Business-in-a-Box Files
[2014/07/15 08:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Downloads
[2014/07/15 08:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Dan's Documents
[2014/07/15 08:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\My Downloads
[2014/07/15 08:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\My Received Files
[2014/07/15 08:56:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Videos
[2014/07/15 08:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\My Scans
[2014/07/15 08:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Updater5
[2014/07/15 08:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\ShiScoopi Info
[2014/07/15 08:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\desktop
[2014/07/15 08:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\dan7-14
[2014/07/15 08:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Identities
[2014/07/15 08:44:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Music
[2014/07/15 08:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Pictures
[2014/07/15 08:44:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\IETldCache
[2014/07/15 08:44:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dan\Application Data\Microsoft
[2014/07/15 08:44:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Application Data
[2014/07/15 08:44:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Favorites
[2014/07/15 08:44:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\Cookies
[2014/07/15 08:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop
[2014/07/15 08:44:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\SendTo
[2014/07/15 08:44:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Recent
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Accessories
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\Templates
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\PrintHood
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\NetHood
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\Local Settings
[2014/07/15 08:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft
[2014/07/14 17:58:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2014/07/14 17:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/07/14 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/07/14 17:57:33 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2014/07/14 17:57:33 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2014/07/14 17:57:33 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2014/07/14 17:57:33 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2014/07/14 17:57:32 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2014/07/14 17:57:32 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2014/07/14 17:57:32 | 000,000,000 | ---D | C] -- C:\ab769ef904ddb1378b28d8b2
[2014/07/14 17:54:20 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2014/07/14 17:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2014/07/14 17:53:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2014/07/14 17:53:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2014/07/14 17:52:00 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2014/07/14 17:51:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2014/07/14 17:51:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2014/07/14 17:19:21 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2014/07/14 17:12:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/07/14 17:07:35 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/07/14 17:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/07/14 17:07:01 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/07/14 17:07:01 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/07/14 17:07:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/07/14 17:07:00 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/07/14 17:07:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/07/14 17:06:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2014/07/14 17:06:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/07/14 16:56:43 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2014/07/14 16:56:41 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2014/07/14 16:56:39 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2014/07/14 16:56:34 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2014/07/14 16:56:34 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2014/07/14 16:56:34 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2014/07/14 16:56:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2014/07/14 16:56:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2014/07/14 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2014/07/14 16:55:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/07/14 16:55:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/07/14 16:54:08 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/07/14 16:54:08 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2014/07/14 16:54:06 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/07/14 16:54:06 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2014/07/14 16:54:06 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/07/14 16:54:06 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2014/07/14 16:53:08 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2014/07/14 16:49:45 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2014/07/14 16:43:15 | 002,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2014/07/14 16:43:15 | 002,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2014/07/14 16:43:14 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2014/07/14 16:42:39 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2014/07/14 16:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/07/14 16:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2014/07/14 16:36:24 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2014/07/14 16:36:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/20 00:25:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2014/07/20 00:01:11 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/20 00:00:18 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/20 00:00:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/07/20 00:00:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/07/18 03:02:16 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\wklnhst.dat
[2014/07/18 02:42:57 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/07/17 17:45:51 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/17 17:45:51 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/07/17 17:45:32 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/07/16 21:13:25 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Internet.lnk
[2014/07/16 15:55:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dan\Ÿ9Ÿ9
[2014/07/16 15:55:44 | 000,176,716 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2014/07/16 15:46:43 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2014/07/16 15:46:11 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2014/07/16 15:45:05 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2014/07/16 15:44:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ŸÐŸÐ
[2014/07/16 15:44:02 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2014/07/16 15:42:59 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/07/16 15:32:59 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Works.LNK
[2014/07/15 12:40:45 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/07/15 11:56:33 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/07/15 11:46:26 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/07/15 11:46:26 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/07/15 11:41:15 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/07/15 11:41:14 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/07/15 11:41:14 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/07/15 11:41:14 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/07/15 11:41:14 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/07/15 11:32:10 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Office Word 2007.lnk
[2014/07/15 09:56:39 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/07/15 09:56:39 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/07/15 09:55:13 | 000,431,135 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/07/15 09:41:56 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/07/15 08:44:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/07/15 08:44:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/07/14 18:35:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/07/14 18:05:51 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/14 17:54:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/07/14 17:54:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/07/14 17:53:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/17 17:45:50 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/17 17:45:50 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/07/17 17:45:49 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/17 17:45:32 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/07/17 17:45:32 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/07/16 21:15:05 | 000,002,527 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Office Word 2007.lnk
[2014/07/16 21:13:25 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Internet.lnk
[2014/07/16 15:55:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan\Ÿ9Ÿ9
[2014/07/16 15:46:43 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2014/07/16 15:46:11 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2014/07/16 15:45:41 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/07/16 15:45:05 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2014/07/16 15:44:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ŸÐŸÐ
[2014/07/16 15:44:02 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2014/07/16 15:42:59 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/07/16 15:40:53 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2014/07/16 15:36:56 | 000,176,716 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2014/07/16 15:36:56 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2014/07/16 15:32:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Works.LNK
[2014/07/16 15:16:35 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\wklnhst.dat
[2014/07/15 11:56:33 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/07/15 11:56:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2014/07/15 11:27:05 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2014/07/15 11:27:05 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2014/07/15 09:43:01 | 000,431,135 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/07/15 09:41:56 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/07/15 09:40:58 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/07/15 08:56:41 | 000,794,112 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\decluttering.wps
[2014/07/15 08:56:41 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\ADHD TIPS.wps
[2014/07/15 08:56:41 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Dick Clark - Well Played Myans.wps
[2014/07/15 08:56:41 | 000,108,313 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Sample resume - restaurant manager.pdf
[2014/07/15 08:56:41 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\dog biscuit ingredients.wps
[2014/07/15 08:56:41 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Copy of Real Estate - Pointers for faster sales.wps
[2014/07/15 08:56:41 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Waverly Charge Dispute 10-15-09.wps
[2014/07/15 08:56:41 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\RapePublicans want to ###### America.wps
[2014/07/15 08:56:41 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Ibuzz Pro selling points.wps
[2014/07/15 08:56:41 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Ten tips to prepare for your agent or editor meeting.wps
[2014/07/15 08:56:41 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\I Love You So Much 02-14-09.wps
[2014/07/15 08:56:41 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\My Sharing Folders.lnk
[2014/07/15 08:56:41 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Shortcut to ShiScoopi Info.lnk
[2014/07/15 08:44:46 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/07/15 08:44:46 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Internet Explorer.lnk
[2014/07/15 08:44:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/07/15 08:44:39 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Outlook Express.lnk
[2014/07/15 08:44:33 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Remote Assistance.lnk
[2014/07/15 08:44:33 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Windows Media Player.lnk
[2014/07/14 17:53:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2014/07/14 17:19:11 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/14 17:19:09 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/14 16:51:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/07/14 16:51:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
 
========== ZeroAccess Check ==========
 
[2014/07/14 17:52:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/24 23:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/07/15 09:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2014/07/15 09:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Check Point Software Technologies LTD
[2014/07/16 15:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Template
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2014/06/24 10:42:02 | 004,818,848 | ---- | M] (Safer-Networking Ltd.) MD5=280C014187E24860A7C860329513208F -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: EXPLORER.EXE-082F38A9.PF  >
[2014/07/18 03:09:50 | 000,105,664 | ---- | M] () MD5=19BB645098EDD4B88B64F893415CDA0C -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
 
< MD5 for: EXPLORER.SCF  >
[2008/04/14 08:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
 
< MD5 for: EXPLORER.ZIP  >
[2006/03/06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
 
< MD5 for: IEXPLORE.CHM  >
[2009/02/21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2008/04/14 08:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm
 
< MD5 for: IEXPLORE.EXE  >
[2008/04/14 08:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-27122324.PF  >
[2014/07/20 00:04:10 | 000,104,216 | ---- | M] () MD5=82B5FFAC7CDCEB5ED420884B037FA690 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
 
< MD5 for: IEXPLORE.HLP  >
[2008/04/14 08:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
 
< MD5 for: SERVICES  >
[2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.CFG  >
[2014/05/08 09:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
 
< MD5 for: SERVICES.LNK  >
[2004/01/15 06:11:41 | 000,001,602 | ---- | M] () MD5=7F9E8D25B6043EBF83AE0433076580EC -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MSC  >
[2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 00:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011/03/01 03:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs
 
< MD5 for: SERVICES.SBS-20110301.CAB  >
[2011/05/10 12:00:00 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< %SYSTEMDRIVE%\*.* >
[2004/01/15 06:11:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/01/15 06:05:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2004/01/15 06:11:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/01/15 06:11:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/01/15 06:11:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/07/20 00:00:00 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2004/01/15 06:11:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/11/05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 44B4-C22E
 Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
07/15/2014  09:39 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
07/15/2014  09:38 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               2 Dir(s)  128,777,617,408 bytes free
 
< %systemroot%\System32\config\*.sav >
[2004/01/15 00:47:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/01/15 00:47:04 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/01/15 00:47:04 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/01/15 06:11:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2014/07/15 08:44:45 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2014/07/15 08:44:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
 
< %USERPROFILE%\Desktop\*.exe >
[2014/07/20 00:25:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

 

-----------------------------------------------------------------------------------------------

 

Extras.txt:

 

OTL Extras logfile created on: 7/20/2014 12:31:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1021.98 Mb Total Physical Memory | 424.38 Mb Available Physical Memory | 41.52% Memory free
1.65 Gb Paging File | 1.07 Gb Available in Paging File | 64.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 119.96 Gb Free Space | 78.21% Space Free | Partition Type: NTFS
 
Computer Name: DAN-92068453A36 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe" = C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe:*:Enabled:True Vector -- (Check Point Software Technologies Ltd.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe" = C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe:*:Enabled:True Vector -- (Check Point Software Technologies Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7677CB3A-6524-45C1-A49B-276952242519}" = ZoneAlarm Security
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B817104A-2B65-4E24-A53A-9144DFFA0383}" = ZoneAlarm Antivirus
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FDCC4123-4583-4C2C-99FC-567C0C4C0448}" = ZoneAlarm Firewall
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"zonealarm" = ZoneAlarm Security Toolbar
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"zonealarm" = ZoneAlarm Security Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/15/2004 1:11:31 AM | Computer Name = DAN-92068453A36 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 1/15/2004 1:11:31 AM | Computer Name = DAN-92068453A36 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 1/15/2004 1:11:31 AM | Computer Name = DAN-92068453A36 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 7/16/2014 3:44:05 PM | Computer Name = DAN-92068453A36 | Source = MsiInstaller | ID = 11904
Description = Product: SolutionCenter -- Error 1904. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
 failed to register.  HRESULT -2147220473.  Contact your support personnel.
 
Error - 7/16/2014 3:46:12 PM | Computer Name = DAN-92068453A36 | Source = MsiInstaller | ID = 11904
Description = Product: DocMgr -- Error 1904. Module C:\Program Files\HP\Digital
Imaging\help\hpqdummy.dll failed to register.  HRESULT -2147220473.  Contact your
 support personnel.
 
Error - 7/16/2014 9:37:59 PM | Computer Name = DAN-92068453A36 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/16/2014 9:38:09 PM | Computer Name = DAN-92068453A36 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
 
Error - 7/16/2014 10:59:16 PM | Computer Name = DAN-92068453A36 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module mshtml.dll, version 8.0.6001.23588, fault address 0x00269dc1.
 
Error - 7/16/2014 11:06:07 PM | Computer Name = DAN-92068453A36 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/16/2014 11:14:58 PM | Computer Name = DAN-92068453A36 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 7/16/2014 9:01:12 PM | Computer Name = DAN-92068453A36 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 7/17/2014 10:12:04 AM | Computer Name = DAN-92068453A36 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 7/17/2014 4:52:19 PM | Computer Name = DAN-92068453A36 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 7/17/2014 5:45:46 PM | Computer Name = DAN-92068453A36 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
 Center Service service to connect.
 
Error - 7/17/2014 5:45:47 PM | Computer Name = DAN-92068453A36 | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
Error - 7/20/2014 12:01:15 AM | Computer Name = DAN-92068453A36 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner
Service service to connect.
 
Error - 7/20/2014 12:01:15 AM | Computer Name = DAN-92068453A36 | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
 following error:   %%1053
 
Error - 7/20/2014 12:01:15 AM | Computer Name = DAN-92068453A36 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
 Center Service service to connect.
 
Error - 7/20/2014 12:01:15 AM | Computer Name = DAN-92068453A36 | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
Error - 7/20/2014 12:02:40 AM | Computer Name = DAN-92068453A36 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
 
< End of report >

 

-----------------------------------------------------------------

 

Thanks in advance for any assistance you can provide!
 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 July 2014 - 12:13 PM

Hi Formybro55,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:


  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • AdwCleaner[S0].txt
  • JRT.txt
  • Fresh OTL.txt
  • Any change in performance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 Formybro55

Formybro55

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 21 July 2014 - 07:32 PM

OCD - I've just downloaded the programs you recommended, and will post again when I have the scan results.

 

Thank you for such a prompt response!



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 July 2014 - 07:20 PM

:thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 Formybro55

Formybro55

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 23 July 2014 - 11:10 PM

Quick update:

 

I didn't want you to think I'd just forgotten about this.  I had some unexpected things to take care of, so I'm running a bit behind where I thought I'd be at this moment.  I should be able to get everything done and post a full response hopefully by tomorrow night.  Thanks for your patience!



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 24 July 2014 - 07:34 PM

:thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 Formybro55

Formybro55

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 25 July 2014 - 01:33 AM

OK.  Here we go.  The good news is that I pretty much had all the scans run the other day., I wanted my brother to have a chance to get on his computer and see how it was doing, so he could give me (and I could then give you) a more accurate idea of whether there had been any noticeable improvement in performance so far.  The "bad" news, such as it is, is that he says it seems to be running about the same.

 

Anyway, here are the results you requested from the various scans.

 

checkup.txt:

 

 Results of screen317's Security Check version 0.99.86 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
ZoneAlarm Antivirus  
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 McAfee SiteAdvisor   
 Java 7 Update 60 
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 CheckPoint ZoneAlarm vsmon.exe 
 CheckPoint ZoneAlarm zatray.exe 
 CheckPoint ZoneAlarm ZAPrivacyService.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
 

=========================================================

 

aswMBR.txt:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-21 21:45:43
-----------------------------
21:45:43.812    OS Version: Windows 5.1.2600 Service Pack 3
21:45:43.812    Number of processors: 1 586 0x209
21:45:43.812    ComputerName: DAN-92068453A36  UserName: Dan
21:45:44.390    Initialize success
21:45:44.453    VM: initialized successfully
21:45:44.515    VM: Intel CPU virtualization not supported
22:04:55.453    AVAST engine defs: 14072101
22:06:48.640    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:06:48.640    Disk 0 Vendor: HDS722516VLAT20 V34OA61A Size: 157065MB BusType: 3
22:06:48.796    Disk 0 MBR read successfully
22:06:48.796    Disk 0 MBR scan
22:06:48.937    Disk 0 Windows XP default MBR code
22:06:48.937    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       157057 MB offset 63
22:06:48.968    Disk 0 default boot code
22:06:48.984    Disk 0 scanning sectors +321653430
22:06:49.234    Disk 0 scanning C:\WINDOWS\system32\drivers
22:07:02.281    Service scanning
22:07:28.203    Modules scanning
22:07:38.921    Disk 0 trace - called modules:
22:07:38.937    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
22:07:38.937    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fdbab8]
22:07:38.937    3 CLASSPNP.SYS[f77b5fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f95b00]
22:07:39.531    AVAST engine scan C:\WINDOWS
22:07:50.375    AVAST engine scan C:\WINDOWS\system32
22:11:07.593    AVAST engine scan C:\WINDOWS\system32\drivers
22:11:22.500    AVAST engine scan C:\Documents and Settings\Dan
22:18:34.281    AVAST engine scan C:\Documents and Settings\All Users
22:19:01.015    Scan finished successfully
22:19:37.421    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dan\Desktop\MBR.dat"
22:19:37.421    The log file has been saved successfully to "C:\Documents and Settings\Dan\Desktop\aswMBR.txt"

 

=========================================================

 

MBR.zip - see attached

 

=========================================================

 

AdwCleaner[S0].txt:

 

# AdwCleaner v3.216 - Report created 21/07/2014 at 22:29:23
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dan - DAN-92068453A36
# Running from : C:\Documents and Settings\Dan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [3648 octets] - [21/07/2014 22:25:51]
AdwCleaner[S0].txt - [3637 octets] - [21/07/2014 22:29:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3697 octets] ##########

 

=========================================================

 

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Dan on Mon 07/21/2014 at 22:48:39.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/21/2014 at 22:57:30.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

=========================================================

 

and the latest OTL.txt:

 

OTL logfile created on: 7/22/2014 1:10:28 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1021.98 Mb Total Physical Memory | 592.61 Mb Available Physical Memory | 57.99% Memory free
1.65 Gb Paging File | 1.26 Gb Available in Paging File | 76.13% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 119.74 Gb Free Space | 78.07% Space Free | Partition Type: NTFS
 
Computer Name: DAN-92068453A36 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Dan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f254328a10638e87223d401b39197c91\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll ()
MOD - \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (0231531405630367mcinstcleanup) -- C:\WINDOWS\TEMP\023153~1.EXE File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd.)
SRV - (ZAPrivacyService) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (WUSB54GSCV2) -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys (Broadcom Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 3A 2D B6 39 A0 CF 01  [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D70EA29E-B4FF-4111-B5D2-18FE4FBE6570}: "URL" = http://search.zoneal...tsId=&ver=&&r=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014/07/19 23:59:58 | 000,000,000 | ---D | M]
 
[2014/07/15 09:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2014/07/18 02:42:57 | 000,450,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1074143504875 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2704BE71-EFDA-45AF-AAD4-0E74BC03A457}: DhcpNameServer = 207.172.3.8 207.172.3.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7704771F-3385-4AB3-98B3-E1A1405CEB0A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/15 06:11:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/21 22:48:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/07/21 22:25:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/21 21:25:02 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Dan\Desktop\JRT.exe
[2014/07/21 21:20:48 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan\Desktop\aswMBR.exe
[2014/07/20 00:25:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2014/07/17 17:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/07/17 17:45:26 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/07/17 17:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/07/17 17:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/07/17 17:09:56 | 000,000,000 | ---D | C] -- C:\Downloads
[2014/07/16 23:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2014/07/16 23:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Yahoo!
[2014/07/16 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Microsoft Office
[2014/07/16 16:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Adobe
[2014/07/16 16:09:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/07/16 16:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\HP
[2014/07/16 15:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\HP
[2014/07/16 15:47:56 | 000,729,088 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwwiax4.dll
[2014/07/16 15:47:56 | 000,593,920 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpwtscl3.dll
[2014/07/16 15:47:56 | 000,294,912 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2014/07/16 15:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2014/07/16 15:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2014/07/16 15:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2014/07/16 15:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2014/07/16 15:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2014/07/16 15:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2014/07/16 15:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/07/16 15:40:53 | 001,373,528 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\hpzshl01.exe
[2014/07/16 15:40:53 | 001,140,056 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\hpzmsi01.exe
[2014/07/16 15:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\yellowtail
[2014/07/16 15:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/07/16 15:40:03 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2014/07/16 15:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2014/07/16 15:36:33 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5mu.dll
[2014/07/16 15:36:32 | 000,271,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2014/07/16 15:35:30 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2014/07/16 15:35:29 | 000,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2014/07/16 15:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Template
[2014/07/16 15:09:40 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2014/07/15 12:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\dan
[2014/07/15 12:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Sun
[2014/07/15 12:37:24 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2014/07/15 12:37:22 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2014/07/15 12:37:19 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2014/07/15 12:37:16 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2014/07/15 12:37:13 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2014/07/15 12:37:11 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2014/07/15 12:37:10 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2014/07/15 12:37:08 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2014/07/15 12:37:00 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2014/07/15 12:37:00 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2014/07/15 12:36:59 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2014/07/15 12:36:59 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2014/07/15 12:35:19 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2014/07/15 12:35:19 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll
[2014/07/15 12:35:19 | 000,003,744 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smsens.sys
[2014/07/15 12:02:09 | 000,000,000 | ---D | C] -- C:\audio
[2014/07/15 11:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Macromedia
[2014/07/15 11:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/15 11:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/07/15 11:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2014/07/15 11:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Adobe
[2014/07/15 11:46:26 | 000,699,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/07/15 11:46:26 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/07/15 11:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2014/07/15 11:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/07/15 11:42:10 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/07/15 11:42:10 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/07/15 11:42:02 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/07/15 11:42:02 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/07/15 11:42:02 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/07/15 11:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/07/15 11:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/07/15 11:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Sun
[2014/07/15 11:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory
[2014/07/15 11:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/07/15 11:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2014/07/15 11:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2014/07/15 11:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2014/07/15 11:35:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2014/07/15 11:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2014/07/15 09:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\DoNotTrackPlus
[2014/07/15 09:42:54 | 000,135,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2014/07/15 09:42:50 | 000,483,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2014/07/15 09:42:50 | 000,074,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys
[2014/07/15 09:42:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2014/07/15 09:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2014/07/15 09:39:46 | 000,000,000 | ---D | C] -- C:\3752b17b0f94d0e296e1829f472d7fb7
[2014/07/15 09:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD
[2014/07/15 09:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/07/15 09:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Check Point Software Technologies LTD
[2014/07/15 09:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2014/07/15 09:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2014/07/15 09:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2014/07/15 09:30:50 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2014/07/15 09:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2014/07/15 09:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2014/07/15 09:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/07/15 09:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/07/15 09:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2014/07/15 09:26:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2014/07/15 09:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft Help
[2014/07/15 09:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/07/15 09:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2014/07/15 09:25:21 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/07/15 09:20:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\IECompatCache
[2014/07/15 09:20:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\PrivacIE
[2014/07/15 09:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2014/07/15 09:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2014/07/15 09:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/07/15 09:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\U3
[2014/07/15 08:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Business-in-a-Box Files
[2014/07/15 08:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Downloads
[2014/07/15 08:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Dan's Documents
[2014/07/15 08:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\My Downloads
[2014/07/15 08:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\My Received Files
[2014/07/15 08:56:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Videos
[2014/07/15 08:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\My Scans
[2014/07/15 08:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Updater5
[2014/07/15 08:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\ShiScoopi Info
[2014/07/15 08:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\desktop
[2014/07/15 08:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\dan7-14
[2014/07/15 08:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Identities
[2014/07/15 08:44:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Music
[2014/07/15 08:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Pictures
[2014/07/15 08:44:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\IETldCache
[2014/07/15 08:44:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dan\Application Data\Microsoft
[2014/07/15 08:44:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Application Data
[2014/07/15 08:44:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Favorites
[2014/07/15 08:44:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\Cookies
[2014/07/15 08:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop
[2014/07/15 08:44:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\SendTo
[2014/07/15 08:44:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Recent
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Accessories
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\Templates
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\PrintHood
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\NetHood
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\Local Settings
[2014/07/15 08:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft
[2014/07/14 17:58:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2014/07/14 17:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/07/14 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/07/14 17:57:33 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2014/07/14 17:57:33 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2014/07/14 17:57:33 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2014/07/14 17:57:33 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2014/07/14 17:57:32 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2014/07/14 17:57:32 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2014/07/14 17:57:32 | 000,000,000 | ---D | C] -- C:\ab769ef904ddb1378b28d8b2
[2014/07/14 17:54:20 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2014/07/14 17:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2014/07/14 17:53:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2014/07/14 17:53:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2014/07/14 17:52:00 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2014/07/14 17:51:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2014/07/14 17:51:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2014/07/14 17:19:21 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2014/07/14 17:12:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/07/14 17:07:35 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/07/14 17:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/07/14 17:07:01 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/07/14 17:07:01 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/07/14 17:07:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/07/14 17:07:00 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/07/14 17:07:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/07/14 17:06:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2014/07/14 17:06:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/07/14 16:56:43 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2014/07/14 16:56:41 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2014/07/14 16:56:39 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2014/07/14 16:56:34 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2014/07/14 16:56:34 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2014/07/14 16:56:34 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2014/07/14 16:56:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2014/07/14 16:56:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2014/07/14 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2014/07/14 16:55:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/07/14 16:55:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/07/14 16:54:08 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/07/14 16:54:08 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2014/07/14 16:54:06 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/07/14 16:54:06 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2014/07/14 16:54:06 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/07/14 16:54:06 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2014/07/14 16:53:08 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2014/07/14 16:49:45 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2014/07/14 16:43:15 | 002,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2014/07/14 16:43:15 | 002,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2014/07/14 16:43:14 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2014/07/14 16:42:39 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2014/07/14 16:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/07/14 16:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2014/07/14 16:36:24 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2014/07/14 16:36:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/21 22:32:04 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/21 22:31:31 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/21 22:31:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/07/21 22:21:43 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\MBR.zip
[2014/07/21 22:19:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2014/07/21 21:25:11 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Dan\Desktop\JRT.exe
[2014/07/21 21:24:05 | 001,354,223 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\AdwCleaner.exe
[2014/07/21 21:20:48 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan\Desktop\aswMBR.exe
[2014/07/21 21:19:37 | 000,854,390 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\SecurityCheck.exe
[2014/07/21 21:07:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/07/20 00:25:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2014/07/18 03:02:16 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\wklnhst.dat
[2014/07/18 02:42:57 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/07/17 17:45:51 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/17 17:45:51 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/07/17 17:45:32 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/07/16 21:13:25 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Internet.lnk
[2014/07/16 15:55:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dan\Ÿ9Ÿ9
[2014/07/16 15:55:44 | 000,176,716 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2014/07/16 15:46:43 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2014/07/16 15:46:11 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2014/07/16 15:45:05 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2014/07/16 15:44:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ŸÐŸÐ
[2014/07/16 15:44:02 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2014/07/16 15:42:59 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/07/16 15:32:59 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Works.LNK
[2014/07/15 12:40:45 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/07/15 11:56:33 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/07/15 11:46:26 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/07/15 11:46:26 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/07/15 11:41:15 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/07/15 11:41:14 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/07/15 11:41:14 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/07/15 11:41:14 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/07/15 11:41:14 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/07/15 11:32:10 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Office Word 2007.lnk
[2014/07/15 09:56:39 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/07/15 09:56:39 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/07/15 09:55:13 | 000,431,135 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/07/15 09:41:56 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/07/15 08:44:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/07/15 08:44:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/07/14 18:35:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/07/14 18:05:51 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/14 17:54:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/07/14 17:54:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/07/14 17:53:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/21 22:21:43 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\MBR.zip
[2014/07/21 22:19:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2014/07/21 21:23:54 | 001,354,223 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\AdwCleaner.exe
[2014/07/21 21:19:26 | 000,854,390 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\SecurityCheck.exe
[2014/07/17 17:45:50 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/17 17:45:50 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/07/17 17:45:49 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/17 17:45:32 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/07/17 17:45:32 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/07/16 21:15:05 | 000,002,527 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Office Word 2007.lnk
[2014/07/16 21:13:25 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Internet.lnk
[2014/07/16 15:55:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan\Ÿ9Ÿ9
[2014/07/16 15:46:43 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2014/07/16 15:46:11 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2014/07/16 15:45:41 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/07/16 15:45:05 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2014/07/16 15:44:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ŸÐŸÐ
[2014/07/16 15:44:02 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2014/07/16 15:42:59 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/07/16 15:40:53 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2014/07/16 15:36:56 | 000,176,716 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2014/07/16 15:36:56 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2014/07/16 15:32:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Works.LNK
[2014/07/16 15:16:35 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\wklnhst.dat
[2014/07/15 11:56:33 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/07/15 11:56:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2014/07/15 11:27:05 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2014/07/15 11:27:05 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2014/07/15 09:43:01 | 000,431,135 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/07/15 09:41:56 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/07/15 09:40:58 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/07/15 08:56:41 | 000,794,112 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\decluttering.wps
[2014/07/15 08:56:41 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\ADHD TIPS.wps
[2014/07/15 08:56:41 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Dick Clark - Well Played Myans.wps
[2014/07/15 08:56:41 | 000,108,313 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Sample resume - restaurant manager.pdf
[2014/07/15 08:56:41 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\dog biscuit ingredients.wps
[2014/07/15 08:56:41 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Copy of Real Estate - Pointers for faster sales.wps
[2014/07/15 08:56:41 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Waverly Charge Dispute 10-15-09.wps
[2014/07/15 08:56:41 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\RapePublicans want to ###### America.wps
[2014/07/15 08:56:41 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Ibuzz Pro selling points.wps
[2014/07/15 08:56:41 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Ten tips to prepare for your agent or editor meeting.wps
[2014/07/15 08:56:41 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\I Love You So Much 02-14-09.wps
[2014/07/15 08:56:41 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\My Sharing Folders.lnk
[2014/07/15 08:56:41 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Shortcut to ShiScoopi Info.lnk
[2014/07/15 08:44:46 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/07/15 08:44:46 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Internet Explorer.lnk
[2014/07/15 08:44:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/07/15 08:44:39 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Outlook Express.lnk
[2014/07/15 08:44:33 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Remote Assistance.lnk
[2014/07/15 08:44:33 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Windows Media Player.lnk
[2014/07/14 17:53:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2014/07/14 17:19:11 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/14 17:19:09 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/14 16:51:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/07/14 16:51:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
 
========== ZeroAccess Check ==========
 
[2014/07/14 17:52:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/24 23:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

=========================================================

 

Once again, my apologies for the delays.  Your assistance is greatly appreciated, believe me.  What do we need to do next?

Attached Files

  • Attached File  MBR.zip   499bytes   53 downloads


#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 July 2014 - 08:40 AM

Hi Formybro55,

Your logs are looking good, please continue.

Part of the "slowness" can probably be attrubute to the ammount of RAM (Random Access Memory) you have installed (1021.98). Not a lot compared to newer computers.

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\WINDOWS\TEMP\023153~1.EXE
    
    :Services
    0231531405630367mcinstcleanup
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

bullseye_zpse9eaf36e.gif How to display Hidden Files & Folders XP

  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a check mark in the check box labeled "Display the contents of system folders".
  • Under the Hidden files and folders section select the radio button labeled "Show hidden files and folders".
  • Remove the check mark from the check box labeled "Hide file extensions for known file types".
  • Remove the check mark from the check box labeled "Hide protected operating system files".
  • Press the Apply button and then the OK button and shutdown My Computer.

=========================

Locate the following folders and let me know if anything is contained within them.

C:\Documents and Settings\Dan\Ÿ9Ÿ9
C:\WINDOWS\System32\ŸÐŸÐ

 
=========================

Re-hide the Files and Folders when you are done.

In your next post please provide the following:

  • OTL fix log
  • Fresh OTL.txt
  • Answer about the files listed

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 Formybro55

Formybro55

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 25 July 2014 - 09:55 PM

Well, I hope I didn't mess anything up too badly - I realized only after I'd run the scans you advised that I'd forgotten to disable the resident antimalware programs first.  Woops.  :smack:

 

Following are the results of the scans as I ran them - let me know if I need to redo these steps.

 

The OTL "fix log", 07252014_231620.txt:

 

All processes killed
========== FILES ==========
File\Folder C:\WINDOWS\TEMP\023153~1.EXE not found.
========== SERVICES/DRIVERS ==========
Error: No service named 0231531405630367mcinstcleanup was found to stop!
Service\Driver key 0231531405630367mcinstcleanup not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 199022338 bytes
->Temporary Internet Files folder emptied: 7885316 bytes
 
User: All Users
 
User: Dan
->Temp folder emptied: 130578574 bytes
->Temporary Internet Files folder emptied: 52702205 bytes
->Flash cache emptied: 1712 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 158502 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78458 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 393320 bytes
 
Total Files Cleaned = 375.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07252014_231620

Files\Folders moved on Reboot...
C:\Documents and Settings\Dan\Local Settings\Temp\~DF58E5.tmp moved successfully.
File\Folder C:\WINDOWS\temp\obu18.tmp not found!
File\Folder C:\WINDOWS\temp\obu19.tmp not found!
File\Folder C:\WINDOWS\temp\obu1A.tmp not found!
File\Folder C:\WINDOWS\temp\obu1B.tmp not found!
File\Folder C:\WINDOWS\temp\obu1C.tmp not found!
File\Folder C:\WINDOWS\temp\obu1D.tmp not found!
File\Folder C:\WINDOWS\temp\ZLT06b69.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

=========================================================

 

The latest OTL.txt:

 

OTL logfile created on: 7/25/2014 11:22:57 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1021.98 Mb Total Physical Memory | 419.53 Mb Available Physical Memory | 41.05% Memory free
1.65 Gb Paging File | 1.12 Gb Available in Paging File | 67.79% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 120.97 Gb Free Space | 78.87% Space Free | Partition Type: NTFS
 
Computer Name: DAN-92068453A36 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\Dan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f254328a10638e87223d401b39197c91\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd.)
SRV - (ZAPrivacyService) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (WUSB54GSCV2) -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys (Broadcom Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 3A 2D B6 39 A0 CF 01  [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {D70EA29E-B4FF-4111-B5D2-18FE4FBE6570}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D70EA29E-B4FF-4111-B5D2-18FE4FBE6570}: "URL" = http://search.zoneal...tsId=&ver=&&r=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014/07/25 03:09:21 | 000,000,000 | ---D | M]
 
[2014/07/15 09:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2014/07/18 02:42:57 | 000,450,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1074143504875 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2704BE71-EFDA-45AF-AAD4-0E74BC03A457}: DhcpNameServer = 207.172.3.8 207.172.3.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7704771F-3385-4AB3-98B3-E1A1405CEB0A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/15 06:11:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/25 23:16:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/22 01:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\ProcAlyzer Dumps
[2014/07/21 22:48:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/07/21 22:25:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/21 21:25:02 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Dan\Desktop\JRT.exe
[2014/07/21 21:20:48 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan\Desktop\aswMBR.exe
[2014/07/20 00:25:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2014/07/17 17:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/07/17 17:45:26 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/07/17 17:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/07/17 17:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/07/17 17:09:56 | 000,000,000 | ---D | C] -- C:\Downloads
[2014/07/16 23:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2014/07/16 23:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Yahoo!
[2014/07/16 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Microsoft Office
[2014/07/16 16:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Adobe
[2014/07/16 16:09:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/07/16 16:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\HP
[2014/07/16 15:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\HP
[2014/07/16 15:47:56 | 000,729,088 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwwiax4.dll
[2014/07/16 15:47:56 | 000,593,920 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpwtscl3.dll
[2014/07/16 15:47:56 | 000,294,912 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2014/07/16 15:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2014/07/16 15:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2014/07/16 15:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2014/07/16 15:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2014/07/16 15:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2014/07/16 15:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2014/07/16 15:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/07/16 15:40:53 | 001,373,528 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\hpzshl01.exe
[2014/07/16 15:40:53 | 001,140,056 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\hpzmsi01.exe
[2014/07/16 15:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\yellowtail
[2014/07/16 15:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/07/16 15:40:03 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2014/07/16 15:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2014/07/16 15:36:33 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5mu.dll
[2014/07/16 15:36:32 | 000,271,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2014/07/16 15:35:30 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2014/07/16 15:35:29 | 000,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2014/07/16 15:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Template
[2014/07/16 15:09:40 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2014/07/15 12:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\dan
[2014/07/15 12:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Sun
[2014/07/15 12:37:24 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2014/07/15 12:37:22 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2014/07/15 12:37:19 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2014/07/15 12:37:16 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2014/07/15 12:37:13 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2014/07/15 12:37:11 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2014/07/15 12:37:10 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2014/07/15 12:37:08 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2014/07/15 12:37:00 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2014/07/15 12:37:00 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2014/07/15 12:36:59 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2014/07/15 12:36:59 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2014/07/15 12:35:19 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2014/07/15 12:35:19 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll
[2014/07/15 12:35:19 | 000,003,744 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smsens.sys
[2014/07/15 12:02:09 | 000,000,000 | ---D | C] -- C:\audio
[2014/07/15 11:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Macromedia
[2014/07/15 11:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/15 11:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/07/15 11:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2014/07/15 11:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Adobe
[2014/07/15 11:46:26 | 000,699,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/07/15 11:46:26 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/07/15 11:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2014/07/15 11:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/07/15 11:42:10 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/07/15 11:42:10 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/07/15 11:42:02 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/07/15 11:42:02 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/07/15 11:42:02 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/07/15 11:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/07/15 11:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/07/15 11:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Sun
[2014/07/15 11:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory
[2014/07/15 11:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/07/15 11:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2014/07/15 11:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2014/07/15 11:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2014/07/15 11:35:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2014/07/15 11:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2014/07/15 09:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\DoNotTrackPlus
[2014/07/15 09:42:54 | 000,135,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2014/07/15 09:42:50 | 000,483,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2014/07/15 09:42:50 | 000,074,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys
[2014/07/15 09:42:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2014/07/15 09:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2014/07/15 09:39:46 | 000,000,000 | ---D | C] -- C:\3752b17b0f94d0e296e1829f472d7fb7
[2014/07/15 09:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD
[2014/07/15 09:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/07/15 09:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Check Point Software Technologies LTD
[2014/07/15 09:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2014/07/15 09:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2014/07/15 09:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2014/07/15 09:30:50 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2014/07/15 09:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2014/07/15 09:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2014/07/15 09:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/07/15 09:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/07/15 09:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2014/07/15 09:26:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2014/07/15 09:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft Help
[2014/07/15 09:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/07/15 09:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2014/07/15 09:25:21 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/07/15 09:20:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\IECompatCache
[2014/07/15 09:20:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\PrivacIE
[2014/07/15 09:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2014/07/15 09:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2014/07/15 09:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/07/15 09:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\U3
[2014/07/15 08:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Business-in-a-Box Files
[2014/07/15 08:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Downloads
[2014/07/15 08:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Dan's Documents
[2014/07/15 08:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\My Downloads
[2014/07/15 08:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\My Received Files
[2014/07/15 08:56:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Videos
[2014/07/15 08:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\My Scans
[2014/07/15 08:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Updater5
[2014/07/15 08:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\ShiScoopi Info
[2014/07/15 08:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\desktop
[2014/07/15 08:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\dan7-14
[2014/07/15 08:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Identities
[2014/07/15 08:44:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Music
[2014/07/15 08:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Pictures
[2014/07/15 08:44:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\IETldCache
[2014/07/15 08:44:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dan\Application Data\Microsoft
[2014/07/15 08:44:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Application Data
[2014/07/15 08:44:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Favorites
[2014/07/15 08:44:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\Cookies
[2014/07/15 08:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop
[2014/07/15 08:44:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\SendTo
[2014/07/15 08:44:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Recent
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents
[2014/07/15 08:44:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Accessories
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\Templates
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\PrintHood
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\NetHood
[2014/07/15 08:44:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\Local Settings
[2014/07/15 08:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft
[2014/07/14 17:58:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2014/07/14 17:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/07/14 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/07/14 17:57:33 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2014/07/14 17:57:33 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2014/07/14 17:57:33 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2014/07/14 17:57:33 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2014/07/14 17:57:32 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2014/07/14 17:57:32 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2014/07/14 17:57:32 | 000,000,000 | ---D | C] -- C:\ab769ef904ddb1378b28d8b2
[2014/07/14 17:54:20 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2014/07/14 17:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2014/07/14 17:53:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2014/07/14 17:53:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2014/07/14 17:52:00 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2014/07/14 17:51:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2014/07/14 17:51:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2014/07/14 17:19:21 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2014/07/14 17:12:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/07/14 17:07:35 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/07/14 17:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/07/14 17:07:01 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/07/14 17:07:01 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/07/14 17:07:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/07/14 17:07:00 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/07/14 17:07:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/07/14 17:06:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2014/07/14 17:06:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/07/14 16:56:43 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2014/07/14 16:56:41 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2014/07/14 16:56:39 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2014/07/14 16:56:34 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2014/07/14 16:56:34 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2014/07/14 16:56:34 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2014/07/14 16:56:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2014/07/14 16:56:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2014/07/14 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2014/07/14 16:55:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/07/14 16:55:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/07/14 16:54:08 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/07/14 16:54:08 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2014/07/14 16:54:06 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/07/14 16:54:06 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2014/07/14 16:54:06 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/07/14 16:54:06 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2014/07/14 16:53:08 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2014/07/14 16:49:45 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2014/07/14 16:43:15 | 002,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2014/07/14 16:43:15 | 002,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2014/07/14 16:43:14 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2014/07/14 16:42:39 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2014/07/14 16:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/07/14 16:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2014/07/14 16:36:24 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2014/07/14 16:36:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/25 23:20:26 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/25 23:19:20 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/25 23:19:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/07/24 23:41:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/07/22 01:25:43 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2014/07/21 22:21:43 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\MBR.zip
[2014/07/21 22:19:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2014/07/21 21:25:11 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Dan\Desktop\JRT.exe
[2014/07/21 21:24:05 | 001,354,223 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\AdwCleaner.exe
[2014/07/21 21:20:48 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan\Desktop\aswMBR.exe
[2014/07/21 21:19:37 | 000,854,390 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\SecurityCheck.exe
[2014/07/20 00:25:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2014/07/18 03:02:16 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\wklnhst.dat
[2014/07/18 02:42:57 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/07/17 17:45:51 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/17 17:45:51 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/07/17 17:45:32 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/07/16 21:13:25 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Internet.lnk
[2014/07/16 15:55:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dan\Ÿ9Ÿ9
[2014/07/16 15:55:44 | 000,176,716 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2014/07/16 15:46:43 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2014/07/16 15:46:11 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2014/07/16 15:45:05 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2014/07/16 15:44:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ŸÐŸÐ
[2014/07/16 15:44:02 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2014/07/16 15:42:59 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/07/16 15:32:59 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Works.LNK
[2014/07/15 12:40:45 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/07/15 11:56:33 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/07/15 11:46:26 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/07/15 11:46:26 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/07/15 11:41:15 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/07/15 11:41:14 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/07/15 11:41:14 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/07/15 11:41:14 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/07/15 11:41:14 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/07/15 11:32:10 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Office Word 2007.lnk
[2014/07/15 09:56:39 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/07/15 09:56:39 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/07/15 09:55:13 | 000,431,135 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/07/15 09:41:56 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/07/15 08:44:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/07/15 08:44:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/07/14 18:35:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/07/14 18:05:51 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/14 17:54:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/07/14 17:54:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/07/14 17:53:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2014/07/21 22:21:43 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\MBR.zip
[2014/07/21 22:19:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2014/07/21 21:23:54 | 001,354,223 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\AdwCleaner.exe
[2014/07/21 21:19:26 | 000,854,390 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\SecurityCheck.exe
[2014/07/17 17:45:50 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/17 17:45:50 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/07/17 17:45:49 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/17 17:45:32 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/07/17 17:45:32 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/07/16 21:15:05 | 000,002,527 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Office Word 2007.lnk
[2014/07/16 21:13:25 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Internet.lnk
[2014/07/16 15:55:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan\Ÿ9Ÿ9
[2014/07/16 15:46:43 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2014/07/16 15:46:11 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2014/07/16 15:45:41 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/07/16 15:45:05 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2014/07/16 15:44:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ŸÐŸÐ
[2014/07/16 15:44:02 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2014/07/16 15:42:59 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/07/16 15:40:53 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2014/07/16 15:36:56 | 000,176,716 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2014/07/16 15:36:56 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2014/07/16 15:32:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Works.LNK
[2014/07/16 15:16:35 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\wklnhst.dat
[2014/07/15 11:56:33 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/07/15 11:56:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2014/07/15 11:27:05 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2014/07/15 11:27:05 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2014/07/15 09:43:01 | 000,431,135 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/07/15 09:41:56 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/07/15 09:40:58 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/07/15 08:56:41 | 000,794,112 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\decluttering.wps
[2014/07/15 08:56:41 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\ADHD TIPS.wps
[2014/07/15 08:56:41 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Dick Clark - Well Played Myans.wps
[2014/07/15 08:56:41 | 000,108,313 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Sample resume - restaurant manager.pdf
[2014/07/15 08:56:41 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\dog biscuit ingredients.wps
[2014/07/15 08:56:41 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Copy of Real Estate - Pointers for faster sales.wps
[2014/07/15 08:56:41 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Waverly Charge Dispute 10-15-09.wps
[2014/07/15 08:56:41 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\RapePublicans want to ###### America.wps
[2014/07/15 08:56:41 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Ibuzz Pro selling points.wps
[2014/07/15 08:56:41 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Ten tips to prepare for your agent or editor meeting.wps
[2014/07/15 08:56:41 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\I Love You So Much 02-14-09.wps
[2014/07/15 08:56:41 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\My Sharing Folders.lnk
[2014/07/15 08:56:41 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Shortcut to ShiScoopi Info.lnk
[2014/07/15 08:44:46 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/07/15 08:44:46 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Internet Explorer.lnk
[2014/07/15 08:44:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/07/15 08:44:39 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Outlook Express.lnk
[2014/07/15 08:44:33 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Remote Assistance.lnk
[2014/07/15 08:44:33 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Windows Media Player.lnk
[2014/07/14 17:53:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2014/07/14 17:19:11 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/14 17:19:09 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/14 16:51:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/07/14 16:51:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
 
========== ZeroAccess Check ==========
 
[2014/07/14 17:52:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/24 23:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

=========================================================

 

The results of my search for the folders/files you listed:  they're both there, but the files appear to be "0 bytes" in size.

 

=========================================================

 

Sorry about the mix-up; thanks again for all your help!



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 July 2014 - 11:50 PM

Hi Formybro55,

Thanks, the log looks good and you're doing just fine. :thumbup:

Go ahead and delete these folders.

C:\Documents and Settings\Dan\Ÿ9Ÿ9
C:\WINDOWS\System32\ŸÐŸÐ


=========================

bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:

  • AdwCleaner[S1].txt
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 Formybro55

Formybro55

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 27 July 2014 - 06:37 PM

I've had some problems following your instructions this time around.  :wall:

 

First, you said to go ahead and "delete these folders".  I assumed you meant the two individually referenced files in the folders, not the entire folders themselves.  Then, when I went to do the file deletion, I was only able to delete the second one listed: C:\WINDOWS\System32\ŸÐŸÐ

When I tried to delete the first, C:\Documents and Settings\Dan\Ÿ9Ÿ9, I got the following error message:

Cannot delete [filename]: It is being used by another person or program.  Close any programs that might be using the file and try again. 

 

 

You then instructed me to run AdwCleaner.  When I double-clicked on the program icon, I got this message:

 

You are currently running an outdated version of AdwCleaner.  Please click [OK] in order to open AdwCleaner's download page in which you can get the latest version.

 

I suspect that it was probably legitimate, however, mindful of your previous caution not to download or install anything unless specifically instructed to do so, I clicked on "cancel" and the existing (outdated?) version of the program started.  I ran the scan with that for now.

 

MBAM downloaded and installed without any issue, and found a few items which it quarantined.  At the end of this entire process, will any quarantined items be completely removed from the system?  My brother has indicated that he is not especially comforatable with leaving them there.  If nothing else, he sees no reason to use "any bytes" storing malware on his computer. :)

 

The biggest problem, though, came when I went to run the ESET online scanner.  You indicated that the browser should be run from the "Administrator" account - but that account requires a password to start the browser and my brother doesn't know what it is.

 

Unable to log on: Logon failure: user account restriction.  Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.

 

Should I try to run the scan anyway, using the browser as normally started?

 

In the meantime, here are the requested logfiles from the other scans:

 

From AdwCleaner[S1].txt:

 

# AdwCleaner v3.216 - Report created 27/07/2014 at 19:26:08
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dan - DAN-92068453A36
# Running from : C:\Documents and Settings\Dan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R1].txt - [653 octets] - [27/07/2014 19:24:24]
AdwCleaner[S1].txt - [575 octets] - [27/07/2014 19:26:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [634 octets] ##########

 

 

=========================================================

 

and, from MBAM log.txt:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/27/2014
Scan Time: 7:42:23 PM
Logfile: mbam log .txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.27.10
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Dan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296971
Time Elapsed: 9 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[99edaff5a3d8082e26508d2470949769]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[63238321c5b615213146228f2dd77090]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[c8be6440ff7c26106216dbd6f50f6b95]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

=========================================================

 

Thanks as always for all your help.



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 27 July 2014 - 07:17 PM

Hi Formybro55,
 

I suspect that it was probably legitimate, however, mindful of your previous caution not to download or install anything unless specifically instructed to do so, I clicked on "cancel" and the existing (outdated?) version of the program started. I ran the scan with that for now.

Generally speaking, if a program I ask you to run prompts you to update then it is OK to update the software. Some programs we use have their malware definitions updated daily.

=========================

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\Documents and Settings\Dan\Ÿ9Ÿ9
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

=========================
 

At the end of this entire process, will any quarantined items be completely removed from the system? My brother has indicated that he is not especially comforatable with leaving them there.


That's not a problem, we can address that when we finish cleaning the computer of malware.

=========================
 

The biggest problem, though, came when I went to run the ESET online scanner. You indicated that the browser should be run from the "Administrator" account - but that account requires a password to start the browser and my brother doesn't know what it is.


Did you do the step outlined in RED below? You need to do this step before opening your browser window.

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

Important: You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================


In your next post please provide the following:

  • ESET's log.txt
  • How's the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 Formybro55

Formybro55

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 28 July 2014 - 09:04 PM

OCD - I can't adequately express how much both my brother and I are grateful to you for all your help, and the promptness of your replies.  I ran the OTL fix you provided and rebooted the system.  However, it seems I wasn't quite clear enough in my previous post: doing the step you have outlined in red is precisely the point with which I'm having a problem. :wall: 

 

Right-clicking on the desktop icon for the shortcut to Internet Explorer brings up the following menu:

 

Browse the Internet
Browse Without Add-ons
-------
Internet Properties
-------
Send To ->
-------
Cut
Copy
-------
Create Shortcut
Delete
Rename
-------
Properties

 

Right-clicking on the icon(s) in the launch tray on the bottom bar or in Windows Explorer brings up the following only slightly different menu:

 

Open
Run as...
ZoneAlarm ->
Pin to Start Menu
-------
Send To ->
-------
Cut
Copy
-------
Create Shortcut
Delete
Rename
-------
Properties

 

From there, choosing "Run as..." leads to the following submenu:

 

Which user account do you want to use to run this program?

  • Current user _[current user's name filled in here]__

 [ ] Protect my computer and data from unauthorized program activity
          This option can prevent computer viruses from harming your
          computer or personal data, but selecting it might cause the program
          to function improperly

 

  • The following user:

User name: [drop down list includes the current user and "Administrator"]
Password: [THIS FIELD IS BLANK]

 

OK/Cancel

 

Choosing "Administrator" from that menu doesn't seem to do any good; that's the point at which I get the error message I described in my previous post:

 

Unable to log on: Logon failure: user account restriction.  Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced. 

 

Any suggestions?  For now, the computer seems (for better or worse) to be running about the same.  I suspect that you're correct in surmising that the biggest obstacle to faster and smoother performance is the age (and other limitations) of the hardware installed, though clearing off any "bad guys" that have been lurking in the system can only help.  Meanwhile, in case you needed to see it, here are the contents of the most recent log file from the OTL fix:

 

07282014_221512.txt:

 

All processes killed
========== FILES ==========
C:\Documents and Settings\Dan\Ÿ9Ÿ9 moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Dan
->Temp folder emptied: 1017572 bytes
->Temporary Internet Files folder emptied: 11534508 bytes
->Flash cache emptied: 492 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32680 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 12.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07282014_221512

Files\Folders moved on Reboot...
C:\Documents and Settings\Dan\Local Settings\Temp\~DF4C36.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT023bb.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

=========================================================

 

Thanks again!



#14 Formybro55

Formybro55

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 28 July 2014 - 09:11 PM

Quick follow-up to my latest response (from a few minutes ago) - I just noticed that the file I thought was being deleted by the OTL fix,

 

C:\Documents and Settings\Dan\Ÿ9Ÿ9

 

still appears in Windows Explorer.  And, once again when I try to delete it manually, I get the same error message:

 

Cannot delete [filename]: It is being used by another person or program.  Close any programs that might be using the file and try again.

 

Now what? :unsure:

 

Thanks...



#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 July 2014 - 10:28 PM

Hi Formybro55,

You are quite welcome. Thank you for the detailed description of the menu options you outlined. I'm sorry you seem to be having difficulty running ESET. Let's try this other online scanner that doesn't require Administrator privileges.

bullseye_zpse9eaf36e.gif TrendMicro HouseCall Online Scanner

  • Go to http://housecall.trendmicro.com/
  • Download HouseCall - Free Online Scanner
  • Select get HouseCall Now, save the file to your computer.
  • Double-click to launch HouseCall
  • Click Yes for the UAC
  • Click the Scan Now button
  • Fix any problems found
  • Copy and paste the results in your next reply

=========================

The OTL fix log shows the file was moved successfully.

All processes killed
========== FILES ==========
C:\Documents and Settings\Dan\Ÿ9Ÿ9 moved successfully.
========== COMMANDS ==========


Did you reboot after the OTL fix? If not try rebooting and see if the files still remains.

=========================

In your next post please provide the following:

  • HouseCall results

Edited by OCD, 28 July 2014 - 10:29 PM.
spelling correction

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users