Jump to content

Recommended Posts

Hi

Firefox is redirecting to http://66.45.254.165/ each time and eventually times out.

I ran MBAM and got the following but it didnt fix the problem.

I'm really hoping you can help so I dont have to format my entire hard drive.

MBAM and HiJack files below. And I'll post OTL files in my next post.

Thanks in advance.

Malwarebytes' Anti-Malware 1.44

Database version: 3723

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

2/13/2010 10:14:37 PM

mbam-log-2010-02-13 (22-14-37).txt

Scan type: Quick Scan

Objects scanned: 118701

Time elapsed: 8 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.165.105,93.188.166.26 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fc75bf8d-ab0f-4120-8340-91b83254359d}\NameServer (Trojan.DNSChanger) -> Data: 93.188.165.105,93.188.166.26 -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\spool\prtprocs\w32x86\00005312.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:19:26 AM, on 2/14/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=Userinit.exe,

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1260088818718

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--

End of file - 6423 bytes

Link to post
Share on other sites

And here's an OTL Quickscan log:

OTL logfile created on: 2/14/2010 1:30:56 AM - Run 2

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Omar\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.82 Gb Total Space | 147.29 Gb Free Space | 63.26% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 931.51 Gb Total Space | 676.83 Gb Free Space | 72.66% Space Free | Partition Type: NTFS

Drive G: | 149.05 Gb Total Space | 119.70 Gb Free Space | 80.31% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OMARDESKTOP

Current User Name: Omar

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/14 01:03:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Omar\Desktop\OTL.exe

PRC - [2010/01/07 19:08:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/12/31 09:17:03 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2009/12/11 23:07:46 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2009/12/11 23:07:46 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2009/12/11 15:07:16 | 000,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2009/12/06 22:31:27 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2009/12/06 02:52:05 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2009/12/06 02:52:05 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/12/06 02:52:03 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe

PRC - [2009/12/06 02:52:03 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2009/06/01 13:51:52 | 001,468,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe

PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/08/31 14:13:41 | 000,988,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe

PRC - [2005/06/17 07:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [1999/12/12 12:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

========== Modules (SafeList) ==========

MOD - [2010/02/14 01:03:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Omar\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2009/12/11 15:07:16 | 000,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2009/12/06 22:31:27 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)

SRV - [2009/12/06 02:52:03 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2009/12/06 02:52:03 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/11/13 17:56:46 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005/08/05 21:05:00 | 000,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)

SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

SRV - [1999/12/12 12:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.openintab: true

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.9.8

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8

FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:2.0

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5

FF - prefs.js..extensions.enabledItems: {bbfec13c-8cb2-53f2-b852-999eb2a852c9}:0.1.4

FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0

FF - prefs.js..extensions.enabledItems: lalacontrol@peterwooley.com:0.3

FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.3

FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2

FF - prefs.js..extensions.enabledItems: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}:1.9.36

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/11 23:08:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/27 23:45:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/27 23:45:05 | 000,000,000 | ---D | M]

[2009/12/06 02:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Mozilla\Extensions

[2010/02/14 00:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions

[2009/12/12 19:47:28 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

[2009/12/12 20:29:37 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}

[2010/01/22 00:27:37 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}

[2009/12/08 21:58:48 | 000,000,000 | ---D | M] (FoxyTunes Skin - [R]evolution) -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}

[2009/12/12 20:53:01 | 000,000,000 | ---D | M] (Highlighter) -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\{bbfec13c-8cb2-53f2-b852-999eb2a852c9}

[2009/12/09 21:48:33 | 000,000,000 | ---D | M] (dragdropupload) -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}

[2009/12/06 22:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2010/02/12 22:22:25 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}

[2010/01/13 00:58:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/02/12 22:22:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009/12/12 19:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\bettergmail2@ginatrapani.org

[2010/01/06 23:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\isreaditlater@ideashower.com

[2009/12/10 00:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\keyscrambler@qfx.software.corporation

[2010/01/23 22:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Mozilla\Firefox\Profiles\lyga8od8.default\extensions\lalacontrol@peterwooley.com

[2009/12/12 23:31:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/12/08 23:44:48 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2009/12/15 19:45:56 | 000,416,584 | ---- | M] (Lala Media) -- C:\Program Files\Mozilla Firefox\plugins\nplalaDl.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (YInstStarter Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1260088818718 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/06 01:43:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/14 01:22:03 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Omar\Desktop\OTL.exe

[2010/02/14 01:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/02/14 00:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Desktop\PeeTechFix-TrojanDownloader.FakeAlert.ATQ

[2010/02/14 00:23:31 | 000,000,000 | ---D | C] -- C:\Avenger

[2010/02/13 23:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/02/13 23:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Application Data\SUPERAntiSpyware.com

[2010/02/13 22:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Desktop\.Picasa3Temp

[2010/02/13 22:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\My Journal v. 2(2).0

[2010/02/08 23:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack

[2010/02/08 17:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Application Data\Ashampoo

[2010/02/08 17:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Local Settings\Application Data\ashampoo

[2010/02/08 17:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2010/02/08 17:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo

[2010/02/07 20:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2010/02/07 20:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft

[2010/02/07 20:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy

[2010/02/07 20:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\My Documents\PcSetup

[2010/02/07 20:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\LG Software Innovations

[2010/02/07 16:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\My Documents\DVDFab

[2010/02/06 16:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Application Data\dvdcss

[2010/02/06 15:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\DVD-Cloner Platinum

[2010/02/06 00:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/02/04 01:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Desktop\Beach House

[2010/02/02 14:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot

[2010/02/02 14:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Application Data\Webroot

[2010/01/31 22:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Omar\My Documents\Manuals

[2010/01/02 23:53:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Omar\Application Data\pcouffin.sys

[2009/12/06 04:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/12/06 02:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/12/06 01:43:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/12/06 01:43:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2005/08/07 17:13:46 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/14 01:19:09 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\HijackThis.lnk

[2010/02/14 01:03:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Omar\Desktop\OTL.exe

[2010/02/14 01:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/02/14 00:58:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/02/14 00:58:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/02/14 00:58:41 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys

[2010/02/14 00:57:51 | 000,064,988 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx

[2010/02/14 00:57:51 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2010/02/14 00:57:51 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2010/02/14 00:57:50 | 000,055,308 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx

[2010/02/14 00:57:50 | 000,055,308 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx

[2010/02/14 00:57:39 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Omar\ntuser.dat

[2010/02/14 00:57:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Omar\ntuser.ini

[2010/02/14 00:57:30 | 005,356,848 | -H-- | M] () -- C:\Documents and Settings\Omar\Local Settings\Application Data\IconCache.db

[2010/02/14 00:37:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2052111302-725345543-1004UA.job

[2010/02/13 22:42:55 | 000,585,479 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Homeowners Insurance Policy.pdf

[2010/02/13 22:02:29 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/02/13 22:02:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/02/13 19:37:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2052111302-725345543-1004Core.job

[2010/02/13 17:40:45 | 055,551,970 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/02/13 01:58:56 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Omar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/13 01:08:07 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Alvi - Resume Feb 2010.doc

[2010/02/12 22:07:33 | 000,000,233 | ---- | M] () -- C:\WINDOWS\qwimp.ini

[2010/02/12 22:07:26 | 000,001,123 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI

[2010/02/12 01:28:52 | 000,068,192 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Kohls Payments.pdf

[2010/02/10 13:48:24 | 000,026,260 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/02/10 13:25:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/02/10 02:18:34 | 000,077,500 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Fairfax County Property Tax..pdf

[2010/02/08 23:03:26 | 000,282,466 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Confirmation - iaqsource.pdf

[2010/02/07 21:32:39 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010/02/07 20:27:20 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Omar\Application Data\pcouffin.sys

[2010/02/07 20:27:20 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Omar\Application Data\pcouffin.cat

[2010/02/07 20:27:20 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Omar\Application Data\pcouffin.inf

[2010/02/07 20:16:50 | 000,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys

[2010/02/06 16:32:04 | 001,882,991 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\2vhsrr6.jpg

[2010/02/06 16:31:57 | 000,000,410 | ---- | M] () -- C:\WINDOWS\brwmark.ini

[2010/02/06 16:28:12 | 000,000,120 | ---- | M] () -- C:\WINDOWS\System32\msadio.dll

[2010/02/05 19:27:22 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Resume Feb_2010.doc

[2010/01/31 22:04:33 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/01/31 22:04:33 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/01/31 22:04:33 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/14 01:19:09 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\HijackThis.lnk

[2010/02/14 00:17:40 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Omar\My Documents\avenger_001.zip

[2010/02/13 22:34:24 | 000,585,479 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Homeowners Insurance Policy.pdf

[2010/02/13 14:59:45 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Omar\ntuser.dat

[2010/02/13 01:08:07 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Alvi - Resume Feb 2010.doc

[2010/02/12 01:28:51 | 000,068,192 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Kohls Payments.pdf

[2010/02/10 13:48:24 | 000,026,260 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/02/10 02:18:32 | 000,077,500 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Fairfax County Property Tax..pdf

[2010/02/08 23:03:24 | 000,282,466 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Confirmation - iaqsource.pdf

[2010/02/07 21:29:54 | 3219,296,256 | -HS- | C] () -- C:\hiberfil.sys

[2010/02/06 16:32:03 | 001,882,991 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\2vhsrr6.jpg

[2010/02/06 15:38:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\msadio.dll

[2010/02/05 19:27:22 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Resume Feb_2010.doc

[2010/02/02 14:38:18 | 000,044,032 | ---- | C] () -- C:\WINDOWS\Unwash5.exe

[2010/01/13 21:50:45 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini

[2010/01/03 00:03:58 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Omar\Application Data\vso_ts_preview.xml

[2010/01/02 23:53:40 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Omar\Application Data\pcouffin.log

[2010/01/02 23:53:35 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Omar\Application Data\pcouffin.cat

[2010/01/02 23:53:35 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Omar\Application Data\pcouffin.inf

[2009/12/09 00:42:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009/12/06 16:48:20 | 000,068,135 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2009/12/06 16:48:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2009/12/06 16:48:20 | 000,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009/12/06 04:14:44 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Omar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/06 03:57:00 | 000,000,233 | ---- | C] () -- C:\WINDOWS\qwimp.ini

[2009/12/06 03:55:27 | 000,001,123 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2009/12/06 03:55:27 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini

[2009/12/06 02:44:33 | 000,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2009/12/06 02:38:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2009/04/07 05:32:10 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll

[2005/08/07 17:19:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL

[2005/06/07 08:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL

[2004/08/04 07:00:00 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\syscvchk.dll

[2003/03/21 04:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

========== LOP Check ==========

[2010/02/07 20:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy

[2010/02/08 17:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2009/12/06 02:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/02/07 20:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2009/12/25 01:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit

[2009/12/25 01:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/01/08 23:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2009/12/06 16:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/02/08 17:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Ashampoo

[2010/02/13 23:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\BitTorrent

[2010/02/13 22:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Canon

[2009/12/08 23:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Foxit

[2010/02/05 19:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Lala Music Mover

[2010/01/03 00:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Movienizer

[2010/02/07 20:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\Vso

[2010/02/14 01:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >

Link to post
Share on other sites

  • 1 month later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.