Mozilla Hijacked Frequently


Recommended Posts

OTL logfile created on: 30/12/2009 12:32:14 AM - Run 4

OTL by OldTimer - Version 3.1.18.0 Folder = C:\Users\Daniel\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 29.71% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 291.68 Gb Total Space | 241.79 Gb Free Space | 82.90% Space Free | Partition Type: NTFS

Drive D: | 291.68 Gb Total Space | 264.30 Gb Free Space | 90.61% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC

Current User Name: Daniel

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )

PRC - D:\World of Warcraft\Wow.exe (Blizzard Entertainment)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)

PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))

PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Users\Daniel\Desktop\Freecap\freecap.exe ()

PRC - C:\Users\Daniel\Desktop\Freecap\putty.exe (Simon Tatham)

PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)

PRC - C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()

PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)

PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()

PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)

PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.)

MOD - C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WRConsumerService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )

SRV - (WebrootSpySweeperService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))

SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Sound Blaster MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe (Creative Labs)

SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)

SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()

SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)

SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (LightScribeService) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/03 00:34:14 | 00,000,000 | ---D | M]

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/28 01:49:51 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/28 01:49:43 | 00,000,000 | ---D | M]

[2009/12/28 01:49:56 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions

[2009/12/29 01:58:16 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\u8tnv9ev.default\extensions

[2009/12/29 12:04:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2007/04/17 04:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe File not found

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [bkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [iusage] C:\PROGRA~2\INTERN~2\netdet.exe File not found

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [spySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)

O4 - HKLM..\Run: [updReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.)

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/26 14:16:38 | 00,029,752 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspSanity64.sys

[2009/12/26 14:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\SanityCheck

[2009/12/26 13:57:53 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Pavark

[2009/12/26 13:45:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Usage Monitor Lite Edition

[2009/12/20 09:11:52 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/12/19 11:56:32 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

[2009/12/16 22:29:52 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\DVDVideoSoft

[2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2009/12/16 22:15:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity

[2009/12/16 21:47:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2008/08/25 20:40:00 | 00,122,880 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll

[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/30 00:35:22 | 02,621,440 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT

[2009/12/30 00:04:16 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/12/30 00:04:16 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/12/29 12:10:17 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2009/12/29 12:10:17 | 00,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2009/12/29 12:10:17 | 00,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2009/12/29 12:06:13 | 00,002,463 | ---- | M] () -- C:\Users\Daniel\Desktop\ProxyCap.lnk

[2009/12/29 12:05:07 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2009/12/29 12:05:07 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.001

[2009/12/29 12:04:20 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml

[2009/12/29 12:04:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/12/29 12:04:11 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2009/12/29 12:04:07 | 42,942,05440 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/29 02:38:16 | 00,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2009/12/29 02:38:16 | 00,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2009/12/29 02:37:59 | 04,016,099 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db

[2009/12/29 02:37:55 | 00,000,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND

[2009/12/27 00:44:09 | 00,007,352 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Temp22.html

[2009/12/27 00:43:53 | 00,001,293 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Temp1.html

[2009/12/27 00:43:42 | 00,003,367 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Temp31.html

[2009/12/26 14:48:48 | 00,003,367 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Temp50.html

[2009/12/26 14:19:23 | 00,048,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/12/26 14:18:31 | 00,229,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2009/12/26 14:16:39 | 00,000,715 | ---- | M] () -- C:\Users\Daniel\Desktop\SanityCheck.lnk

[2009/12/25 06:00:06 | 00,001,730 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job

[2009/12/19 11:56:35 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/27 00:44:09 | 00,007,352 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp22.html

[2009/12/27 00:43:42 | 00,003,367 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp31.html

[2009/12/26 14:48:48 | 00,003,367 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp50.html

[2009/12/26 14:16:49 | 00,001,293 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp1.html

[2009/12/26 14:16:39 | 00,000,715 | ---- | C] () -- C:\Users\Daniel\Desktop\SanityCheck.lnk

[2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll

[2009/11/05 11:35:18 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009/11/05 11:35:17 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009/11/05 11:35:16 | 02,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2009/11/05 11:35:15 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2009/11/05 11:35:15 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/11/05 11:35:15 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/11/05 11:35:13 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/11/05 11:35:13 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2009/09/17 00:09:40 | 00,540,272 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI4740.txt

[2009/09/17 00:09:39 | 00,012,624 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI4740.txt

[2009/09/17 00:09:17 | 00,536,708 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI46F4.txt

[2009/09/17 00:09:16 | 00,012,544 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI46F4.txt

[2009/09/11 16:25:56 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/11 16:25:04 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/22 16:38:50 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/06/20 18:43:37 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/06/15 13:29:58 | 00,000,180 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup.log

[2009/06/15 13:29:54 | 00,000,760 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup_ldm.iss

[2008/10/22 15:36:23 | 00,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/10/01 22:01:03 | 00,000,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND

[2008/10/01 19:13:24 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2008/10/01 19:10:04 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2008/10/01 18:53:11 | 00,012,288 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/09 08:13:17 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2008/09/09 08:13:17 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll

[2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll

[2008/04/29 04:18:00 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/01/21 13:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2002/05/16 11:38:40 | 00,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll

[2002/05/05 01:19:00 | 00,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll

[2001/12/27 10:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll

[2001/09/04 17:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll

[2001/07/31 10:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll

[2001/07/24 16:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/10/05 12:20:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\acccore

[2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer

[2009/08/20 16:52:11 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acreon

[2008/10/01 18:35:06 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\eSobi

[2009/03/30 22:25:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FreeCap

[2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech

[2009/08/26 20:00:39 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire

[2008/10/01 22:21:19 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProxyCap

[2008/10/25 18:21:08 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Samsung

[2009/12/29 02:38:29 | 00,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009/12/25 06:00:06 | 00,001,730 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job

========== Purity Check ==========

< End of report >

Thanks.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...