win32/olmarik aj. trojan

Status
Not open for further replies.
Hi arash,

It's important that combofix is located directly on our desktop. Please move it from the download folder and place it on your desktop.

I see your homepage and search engine have been changed to jzip. Was this intentional?

You have a questionalable toolbar installed, AskToolbar, Do you acually use it?

Download OTL to your desktop.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

:Files
c:\documents and settings\All Users\Application Data\iJ09200JmDbG09200

:Commands
[creatrestorepoint]
[emptytemp]
[emptyflash]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.


How's the computer?

Thanks
 
Hi arash,

I do'n't see a log attached. Please copy and paste the logs directly into your replies. D not attach them unless specifically requested (it's eaier to work with them), :)

Open Windows explorer (right click your start button and click explore) Navigat to this folder C:\Qoobox. In the right hand column locate Add-Remove-Programs.txt. Please post it's contents.

Thanks
 
thanks

2007 Microsoft Office Suite Service Pack 2 (SP2)
Accounts
Adobe Acrobat 9 Pro - English, Fran็ais, Deutsch
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.1
Adobe Shockwave Player
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Attansic Giga Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
Attribute Changer 6.10a
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software Updater
BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone
Bonjour
BT Billing Analyst
BTC CT Solution Express 2010 (v3.5.08)
BTC PM Solution 2011 (v3.3.04)
BulkSMS Desktop Messenger
BulkSMS Text Messenger
Bullzip PDF Printer 6.0.0.865
Business Plan Pro 15th Anniversary Edition
C4USelfUpdater
CameraHelperMsi
CCleaner
center
Click to Call with Skype
CorelDRAW Graphics Suite X3
CutePDF Writer 2.7
DB CIF Cam
DYMO Label Software
EN
EPSON Printer Software
erLT
ESET Smart Security
essentials
EuroTalk Junior Language Challenge
EuroTalk Talk Now!
Express Burn
FileZilla Client 3.3.2.1
Final Media Player 2010
FontNav
Foxit PDF Editor
getPlus(R) for Adobe
Google Chrome
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPL Ghostscript 8.63
GPL Ghostscript Lite 8.64
Hotfix for Windows XP (KB954708)
iTunes
Java 2 Runtime Environment, SE v1.4.1_07
Java Web Start
Java(TM) 6 Update 11
Junk Mail filter update
jZip
Kodak AIO Printer
KODAK AiO Software
ksDIP
Livedrive
Logitech Vid HD
Logitech Webcam Software
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Moneysoft Money Manager 6 Business Edition
Moneysoft Payroll Manager
Moneysoft Payroll Manager Update
Mozilla Firefox (3.5.11)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Notation Player 2.1.2
NVIDIA Drivers
ocr
OpenOffice.org 3.2
Photodex Presenter
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Video Driver
PMB
PreReq
PriceGong 2.1.0
Primo
ProShow Gold
QuickTime
QuickTime Alternative 2.7.0
Rapport
Realtek High Definition Audio Driver
Runtime
Sage 50 Accounts 2011
Sage Instant Accounts v14
Sage WinForecast Professional v4.06
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127)
Segoe UI
SiSoftware Sandra Lite XII.SP1
Skype? 5.5
Software Update for Web Folders
Spybot - Search & Destroy
SupportSoft Assisted Service
SweetIM for Messenger 3.4
SweetIM Toolbar for Internet Explorer 4.1
TallStick TS-AudioToMIDI 3.30 (remove only)
Universal Document Converter
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update Manager
VBA
Visual Studio 2005 Tools for Office Second Edition Runtime
VNC Personal Edition P4.3.2
VT Accounts
VT Accounts (C:\Program Files\VT Accounts\)
VT Accounts (C:\Program Files\VT Accounts\) #10
VT Accounts (C:\Program Files\VT Accounts\) #3
VT Accounts (C:\Program Files\VT Accounts\) #4
VT Accounts (C:\Program Files\VT Accounts\) #5
VT Accounts (C:\Program Files\VT Accounts\) #6
VT Accounts (C:\Program Files\VT Accounts\) #7
VT Accounts (C:\Program Files\VT Accounts\) #8
VT Accounts (C:\Program Files\VT Accounts\) #9
VT Transaction+
WavePad Sound Editor
WinAce Archiver
Windows 7 Upgrade Advisor
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows jZip Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
 
Hi asrash,

Click your start button > Control Panel > Add ? Remove programs and uninstall

Java 2 Runtime Environment, SE v1.4.1_07
jZip
PriceGong 2.1.0
Windows jZip Toolbar


Reboot your computer.

After the reboot rerun OTL
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check Scan All users
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad windows, OTL.Txt no Extras.Txt this time.

Please post back with
  • OTL log
Thanks

No need for a Hijackthis log this time.
 
Hi arash,

Can you zip it then attach it?

To zip the log, right click on it, click Send To>Compressed (zipped) folder
 
Hi arash,

The next 2 post will be just me posting the OTL log. It's easier to work with them when they are posted.

The fix will be in the post following the log.

OTL logfile created on: 01/10/2011 20:40:44 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 65.13% Memory free
4.85 Gb Paging File | 3.24 Gb Available in Paging File | 66.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 50.14 Gb Free Space | 33.64% Space Free | Partition Type: NTFS
Drive D: | 189.92 Gb Total Space | 124.34 Gb Free Space | 65.47% Space Free | Partition Type: NTFS
Drive T: | 88.86 Gb Total Space | 50.53 Gb Free Space | 56.86% Space Free | Partition Type: NTFS
Drive Z: | 88.86 Gb Total Space | 50.53 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: ASHOME | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/01 20:40:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2011/10/01 00:38:03 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/09/25 18:59:56 | 001,636,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/08/23 15:30:52 | 003,623,936 | ---- | M] (Moneysoft Ltd.) -- C:\Program Files\Moneysoft\Payroll Manager\PM3.EXE
PRC - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/06/20 14:35:10 | 001,700,352 | ---- | M] (Livedrive Internet Ltd) -- C:\Program Files\Livedrive\Livedrive.exe
PRC - [2011/06/16 17:53:22 | 002,510,848 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2011/06/05 17:28:54 | 001,546,648 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/29 21:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/12/16 20:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/15 11:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/03 16:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/01 09:42:54 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\temp\{346a106f-eee7-43f1-b38c-98b0a30841ef}\Livedrive.Native.dll
MOD - [2011/10/01 00:38:02 | 000,412,728 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppgooglenaclpluginchrome.dll
MOD - [2011/10/01 00:38:00 | 003,696,184 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
MOD - [2011/10/01 00:36:54 | 000,309,816 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\Locales\en-GB.dll
MOD - [2011/10/01 00:36:24 | 000,142,568 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\avutil-51.dll
MOD - [2011/10/01 00:36:23 | 000,253,320 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\avformat-53.dll
MOD - [2011/10/01 00:36:22 | 002,403,240 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\avcodec-53.dll
MOD - [2011/09/19 20:38:08 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/12 17:37:21 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\1c1c395e64afc7ca12b9ce9f09070129\Inkjet.Automation.ni.dll
MOD - [2011/09/12 17:37:18 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\ea126d2918dd56f05b7ef76584aece62\Inkjet.DeviceSettings.ni.dll
MOD - [2011/09/12 17:37:15 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\2471a7f4260fb4eace29e329de48c8a9\Inkjet.Localization.ni.dll
MOD - [2011/09/12 17:37:15 | 000,131,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\9697ea0f655fdd4b40342c480d1efe42\Inkjet.Diagnostics.ni.dll
MOD - [2011/09/12 17:37:14 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\b6a1e3e41d148cf9dc2c8972d32d93f3\Inkjet.Utilities.ni.dll
MOD - [2011/09/12 17:37:13 | 000,856,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\6e01aa05227649ee6d43cdfa73ead323\Inkjet.Hardware.ni.dll
MOD - [2011/09/12 17:37:12 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\3d339e37ed96d337a950508fed817625\Inkjet.Configuration.ni.dll
MOD - [2011/09/12 17:37:11 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\e91d35ecb551282d1e5c5bc0e072b04b\Inkjet.Statistics.ni.dll
MOD - [2011/08/07 13:59:13 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/06/20 14:34:24 | 000,582,144 | ---- | M] () -- C:\Program Files\Livedrive\Livedrive.Localisation.dll
MOD - [2011/05/03 14:29:52 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Common.Web.Server\1.0.0.0__c59b718b5ca510a8\Sage.Common.Web.Server.dll
MOD - [2011/05/03 14:29:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server.Model\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.Model.dll
MOD - [2011/05/03 14:29:52 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server.Feeds\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.Feeds.dll
MOD - [2011/05/03 14:29:51 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Common.Syndication\1.0.0.0__c59b718b5ca510a8\Sage.Common.Syndication.dll
MOD - [2011/05/03 14:29:51 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.dll
MOD - [2011/05/03 14:29:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Utilities\1.0.0.0__c59b718b5ca510a8\Sage.Utilities.dll
MOD - [2011/05/03 14:29:51 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Diagnostics\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Diagnostics.dll
MOD - [2011/04/08 09:34:30 | 000,815,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
MOD - [2010/11/10 03:45:18 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2010/10/29 21:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 21:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/06/25 10:22:58 | 000,904,704 | ---- | M] () -- C:\Program Files\Livedrive\System.Data.SQLite.DLL
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/03/21 19:19:50 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/01 13:16:28 | 000,260,608 | ---- | M] () -- C:\Program Files\Livedrive\AlphaFS.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2009/02/14 05:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/06/11 23:32:28 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2008/04/14 06:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 06:42:04 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/17 17:43:03 | 001,986,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
MOD - [2008/03/17 17:42:52 | 012,509,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
MOD - [2008/03/17 17:42:41 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
MOD - [2008/03/17 17:42:37 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
MOD - [2008/03/17 17:42:26 | 001,064,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192327cf3999961560bf3a3995c6\System.Management.ni.dll
MOD - [2008/03/17 17:42:18 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
MOD - [2008/03/17 17:42:15 | 000,659,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
MOD - [2008/03/17 17:42:11 | 001,224,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
MOD - [2008/03/17 17:42:06 | 001,011,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
MOD - [2008/03/16 22:40:03 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
MOD - [2008/03/16 22:39:57 | 013,193,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
MOD - [2008/03/16 22:39:45 | 001,667,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
MOD - [2008/03/16 22:39:28 | 007,049,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
MOD - [2008/03/16 22:38:26 | 008,265,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
MOD - [2008/03/16 22:38:11 | 011,722,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
MOD - [2008/03/16 21:48:38 | 000,261,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/03/16 21:48:30 | 003,036,160 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/07/12 23:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/02/14 06:32:06 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2001/07/31 05:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WudfSvc)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/12/16 20:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2009/12/16 19:22:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/15 11:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/01/12 13:26:42 | 000,181,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/12/12 18:32:20 | 001,253,568 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/12/12 18:31:58 | 000,213,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/03 08:17:05 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2010/11/10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/16 13:44:18 | 000,146,904 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs.sys -- (CbFs)
DRV - [2009/05/14 15:49:26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/05/14 15:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 15:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/04/03 09:18:44 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/07/24 18:46:08 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/06/10 21:15:40 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2008/04/14 01:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/21 10:08:54 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt9052.sys -- (SQTECH9052)
DRV - [2007/05/18 11:41:30 | 000,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2006/12/16 16:00:46 | 000,033,280 | ---- | M] (JMicron) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\jahci.sys -- (jahci)
DRV - [2006/11/15 23:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/31 20:10:06 | 000,035,840 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/01/19 12:01:26 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/13 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 22:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 22:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://search.jzip.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..browser.search.order.1: "Search Results"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/03/12 12:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/18 12:59:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/26 21:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/09/07 21:17:33 | 000,000,000 | ---D | M]

[2011/09/21 13:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/05/15 21:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/09/30 23:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\extensions
[2011/04/22 09:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/01/09 23:16:30 | 000,002,038 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\searchplugins\MyStart Search.xml
[2011/09/21 13:22:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\searchplugins\SearchResults.xml
[2011/04/21 09:46:37 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\searchplugins\SweetIM Search.xml
[2011/09/21 13:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/21 19:12:22 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009/06/17 19:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011/03/12 12:04:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C}
[2009/05/15 21:45:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/01/12 18:07:00 | 002,633,728 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2007/03/09 12:35:00 | 000,365,056 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npupd62.dll
[2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2007/08/06 12:07:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2007/07/18 14:54:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2010/01/18 21:33:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/18 21:33:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/18 21:33:22 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/21 13:22:43 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2010/01/18 21:33:22 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\User\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: LogMeIn, Inc. Remote Access Components 1.0.0.406 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
CHR - plugin: WindizUpdate Plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npupd62.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Click to call with Skype = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\

O1 HOSTS File: ([2011/09/24 13:32:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Foxit Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\Livedrive\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Foxit Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [Livedrive] C:\Program Files\Livedrive\Livedrive.exe (Livedrive Internet Ltd)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: logmein.com ([server00008b-geyzvugtbf.app109] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/2517...d.akamai.com/25175/citrix/icaweb-20070115.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1263078527406 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1263078519953 (MUWebControl Class)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://82.69.87.87/bl_camera.cab (Bl_camera Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Key error. (Java Plug-in 1.6.0_11)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://camaras.costablanca.org/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab? (Photo Upload Plugin Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F695B426-E0A0-45EB-911B-CD0CBD4677C0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/27 02:22:03 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 21:39:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/27 21:39:42 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/09/26 21:46:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/26 21:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/09/26 21:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/09/26 21:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/26 21:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/26 21:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/09/24 13:48:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/22 19:19:25 | 001,403,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/09/21 18:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\jzipband
[2011/09/21 18:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\AppData
[2011/09/21 13:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/21 13:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows jZip Toolbar
[2011/09/19 17:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/19 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/18 13:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2011/09/18 13:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2011/09/18 13:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(2)
[2011/09/18 12:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2011/09/15 08:27:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/12 20:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/12 20:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/12 17:33:55 | 000,425,984 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJ5000MON.dll
[2011/09/12 17:33:55 | 000,131,072 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJCOINST12.dll
[2010/02/09 11:32:16 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[2006/12/12 11:59:08 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSXML2.dll

========== Files - Modified Within 30 Days ==========

[2011/10/01 20:27:08 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1383384898-839522115-1003UA.job
[2011/10/01 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/01 19:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/01 17:42:32 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ASHOME_User.job
[2011/10/01 16:13:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/10/01 15:57:04 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/10/01 15:39:45 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/01 09:37:38 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/01 09:36:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/01 09:35:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/01 09:35:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/30 23:26:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1383384898-839522115-1003Core.job
[2011/09/29 23:18:54 | 000,007,741 | ---- | M] () -- C:\Documents and Settings\User\Desktop\download.jpg
[2011/09/27 21:39:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/09/26 21:15:16 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/26 21:11:27 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/26 21:09:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/26 20:29:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\User\Desktop\VT Final Accounts Help Topics.lnk
[2011/09/26 20:29:37 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\User\Desktop\VT Fact Viewer.lnk
[2011/09/26 20:29:37 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\User\Desktop\VT Transaction+.lnk
[2011/09/26 20:29:37 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\User\Desktop\VT Cash Book.lnk
[2011/09/26 20:27:34 | 000,360,448 | ---- | M] (VT Software Limited) -- C:\WINDOWS\Setup1.exe
[2011/09/26 20:27:33 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2011/09/26 20:00:53 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2011/09/25 21:19:00 | 000,002,524 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2011/09/25 21:19:00 | 000,000,135 | ---- | M] () -- C:\WINDOWS\System32\SageInformer50.ssf
[2011/09/25 21:03:25 | 000,002,826 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2011/09/25 21:02:51 | 000,000,432 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/09/25 21:02:50 | 000,004,785 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/25 20:44:00 | 000,013,150 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Elms 2915 - 010811.pdf
[2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/09/24 13:32:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/21 18:39:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2011/09/20 08:54:14 | 001,403,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/09/19 18:34:59 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Payroll Manager.lnk
[2011/09/13 19:00:13 | 000,003,766 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/09/12 17:37:58 | 000,001,893 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
 
========== Files Created - No Company Name ==========

[2011/09/26 21:15:16 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/26 21:11:27 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/26 20:29:37 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\User\Desktop\VT Final Accounts Help Topics.lnk
[2011/09/26 20:29:37 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\User\Desktop\VT Fact Viewer.lnk
[2011/09/26 20:29:37 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\User\Desktop\VT Transaction+.lnk
[2011/09/26 20:29:37 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\User\Desktop\VT Cash Book.lnk
[2011/09/25 20:44:00 | 000,013,150 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Elms 2915 - 010811.pdf
[2011/09/25 12:55:57 | 000,007,741 | ---- | C] () -- C:\Documents and Settings\User\Desktop\download.jpg
[2011/09/21 18:39:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2011/09/17 18:12:29 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Windows Live Messenger.lnk
[2011/09/15 08:27:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/15 08:27:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/12 17:37:58 | 000,001,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2011/01/15 13:11:16 | 000,000,138 | ---- | C] () -- C:\WINDOWS\MSCalc.ini
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/10 03:31:42 | 000,026,286 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/09/19 21:28:16 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/16 12:27:02 | 000,002,226 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
[2010/06/08 21:08:42 | 000,113,864 | ---- | C] () -- C:\WINDOWS\System32\W32mkrc.dll
[2010/06/08 21:08:41 | 000,324,296 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2010/06/02 21:14:57 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7ED873D347.sys
[2010/06/02 20:58:53 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/02/26 09:55:34 | 000,015,028 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\rQVN4I4g
[2010/02/09 11:33:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2010/02/09 11:33:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2010/01/21 20:35:37 | 000,000,226 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/20 18:43:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2010/01/20 18:43:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2009/12/24 12:11:10 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/12/24 12:11:04 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/12/24 12:11:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/12/24 12:10:58 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/12/24 12:10:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/12/24 12:10:52 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2009/12/24 12:10:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2009/12/24 12:10:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2009/12/24 12:10:34 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/12/24 12:10:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/12/24 12:09:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2009/12/24 12:09:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2009/12/24 12:09:44 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/09/23 13:04:07 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/09/23 13:03:53 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2009/09/23 13:03:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2009/07/27 15:15:32 | 000,001,205 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2009/07/08 21:54:07 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/05/21 21:20:54 | 000,000,077 | ---- | C] () -- C:\WINDOWS\fsp.bin
[2009/05/21 21:19:11 | 000,003,258 | ---- | C] () -- C:\WINDOWS\forbes.ini
[2009/05/15 08:16:58 | 000,000,134 | ---- | C] () -- C:\WINDOWS\OM6R.INI
[2009/05/03 22:24:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/03 22:24:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/03 22:24:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/06 21:07:10 | 000,000,194 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2009/04/06 21:06:25 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\Flp32b20.dll
[2009/03/14 18:22:20 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/03/01 20:26:31 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/02/15 21:23:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\wltrysvc.exe
[2009/02/15 21:23:54 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2009/02/15 21:23:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/02/15 21:23:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\AegisI2.exe
[2009/01/24 14:50:33 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/12/01 15:37:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2008/12/01 15:36:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2008/12/01 15:36:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2008/12/01 15:36:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2008/12/01 15:35:56 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2008/12/01 15:35:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2008/12/01 15:35:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2008/09/18 16:30:48 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\User\Application Data\WavCodec.wff
[2008/06/10 21:15:40 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/16 21:50:21 | 000,480,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/02/01 19:03:48 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/01/31 20:45:04 | 000,000,432 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/27 02:44:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2008/01/20 12:30:46 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/01/12 13:27:53 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/03 23:30:08 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/03 22:00:05 | 000,001,679 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/03 21:59:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/12 10:19:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/02/14 06:32:06 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/02/14 06:32:06 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/02/14 06:32:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/02/14 06:32:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/02/14 06:32:04 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/02/14 06:32:04 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/02/14 06:32:04 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/02/14 06:32:04 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/14 06:32:02 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/02/14 06:32:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/02/14 06:32:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/11/23 15:41:30 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2006/11/23 15:41:28 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/11/23 15:41:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2006/11/01 16:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 16:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2006/11/01 15:50:40 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\PDFInstall.exe
[2005/08/23 14:12:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2005/08/22 09:32:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE
[2005/06/03 09:06:04 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeConfig.dll
[2004/08/04 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 22:00:00 | 000,547,726 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 22:00:00 | 000,098,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 22:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2004/08/04 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 02:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2002/01/01 05:57:23 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2002/01/01 01:20:00 | 000,004,785 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/01/01 01:13:50 | 000,434,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/12/31 18:42:13 | 000,011,649 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2001/12/31 18:40:21 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2001/12/31 18:36:47 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2001/12/31 18:36:31 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2001/12/31 18:32:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2001/12/31 18:26:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/12/31 18:25:30 | 000,121,089 | ---- | C] () -- C:\WINDOWS\System32\vsdrv.exe
[2001/08/23 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 22:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/31 05:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1998/03/26 02:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\TMailRL.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\TMail3FL.SYS
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\rlfnlf.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\flfnlf.sys
[1996/01/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\wfph.dat

========== LOP Check ==========

[2011/09/21 21:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/06/05 16:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BTBA
[2009/08/26 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BTCSoftware
[2010/06/08 21:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Btrieve
[2008/02/01 19:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/05/09 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2001/12/31 18:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/01/09 23:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/01/09 23:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/02/07 18:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallEngine
[2011/02/11 18:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010/05/09 20:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/10/01 09:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/03/07 10:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/05 16:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2008/08/25 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/01/27 12:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/08/25 15:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2008/01/07 19:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PY_Software
[2010/01/10 18:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/03/04 15:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/03/26 11:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/05/03 14:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/01/03 14:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/24 14:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/01/27 02:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/09/19 21:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/08/25 15:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2009/09/24 17:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/05 07:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/09/26 20:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VT Accounts
[2009/01/13 22:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VT Transaction
[2011/01/30 20:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2002/01/01 05:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/27 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 14:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/31 15:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/01/30 20:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Autodesk
[2011/08/19 21:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2008/07/16 17:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent(2)
[2008/01/12 22:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Blackberry Desktop
[2011/02/11 18:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\bppenu11
[2011/06/17 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BTCSoftware
[2010/08/14 11:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BulkSMS Messenger
[2009/07/02 15:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Bullzip
[2009/12/05 16:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Downloaded Installations
[2001/12/31 18:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ESET
[2011/07/29 11:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EuroTalk
[2011/08/19 21:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2010/06/02 12:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FinalMediaPlayer
[2009/09/04 07:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2009/11/17 20:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GrabPro
[2008/03/23 21:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ICAClient
[2011/09/21 18:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\jzipband
[2011/07/10 18:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009/12/05 19:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
[2011/06/28 18:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Livedrive Internet Limited
[2008/09/18 16:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2008/01/12 12:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Netscape
[2009/12/16 16:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nitro PDF
[2011/05/21 08:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OfficeRecovery
[2010/05/09 21:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2010/10/08 13:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Orbit
[2008/05/07 20:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\orderTalk
[2008/01/12 13:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Photodex
[2008/01/12 22:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2010/12/18 20:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ScanSoft
[2011/04/08 09:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Temp
[2008/07/05 13:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TomTom
[2009/05/11 22:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trusteer
[2010/02/26 13:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VT Accounts
[2010/12/29 20:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2010/09/22 09:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2010/12/19 13:51:15 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2010/03/07 10:58:04 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDaysInit.job
[2010/12/19 13:51:15 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2010/01/29 11:19:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\File Helper.job
[2011/10/01 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/10/01 17:42:32 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ASHOME_User.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6107F428

< End of report >
 
Hi asrash,

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

:OTL
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://search.jzip.com/"
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
[2011/09/21 13:22:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\searchplugins\SearchResults.xml
[2011/09/21 13:22:43 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2010/02/26 09:55:34 | 000,015,028 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\rQVN4I4g

:Commands
[createrestorepoint]
[emptytemp]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Is your homepage and search ok now?

Thanks
 
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q=" removed from keyword.URL
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "http://search.jzip.com/" removed from browser.startup.homepage
Prefs.js: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0 removed from extensions.enabledItems
File C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\searchplugins\SearchResults.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
File C:\Documents and Settings\User\Local Settings\Application Data\rQVN4I4g not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: parisaparadis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: User
->Temp folder emptied: 136958573 bytes
->Temporary Internet Files folder emptied: 29093968 bytes
->Java cache emptied: 224331 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 18419440 bytes
->Flash cache emptied: 1176 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7351966 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 29687 bytes

Total Files Cleaned = 183.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10032011_202001

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Hi arash,

Let's clean up some remnants and run a couple of scans to look for stragglers.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

:Files
C:\Program Files\Windows jZip Toolbar
C:\Program Files\Windows jZip 
C:\Documents and Settings\User\Application Data\jzipband

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the log
Please post the OTL fix log in your next reply.



You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please run the F-Secure Online Scanner from F-Secure.
  • At the bottom of the webpage, read and agree to the license terms and click run check. Be sure to run the Online Scanner and not the Health Check!
  • If prompted, give the java plug-in permission to run.
  • Select Quick Scan when prompted, and then click on Scan.
  • Once the scan is finished, tick off Automatically and Send the Files to F-Secure.
  • After clicking on next, click on Full Report. A log should appear in your internet browser. Copy that information and post it here.

Please post back with
  • OTL fix log
  • MBAM log
  • F-Secure log
Thanks
 
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Program Files\Windows jZip Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Windows jZip Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Windows jZip Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Windows jZip Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows jZip Toolbar folder moved successfully.
File\Folder C:\Program Files\Windows jZip not found.
C:\Documents and Settings\User\Application Data\jzipband folder moved successfully.

OTL by OldTimer - Version 3.2.29.1 log created on 10112011_204524

Edit
http://forums.spybot.info/showthread.php?p=369992#post369992
 
Last edited by a moderator:
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top