API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 15th, 2012
137
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.69 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 5/15/2012 8:22:57 AM - Run 1
  2. OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\GEOMARSRV\Desktop
  3. Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
  4. Internet Explorer (Version = 8.0.6001.18702)
  5. Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
  6.  
  7. 1023.48 Mb Total Physical Memory | 574.47 Mb Available Physical Memory | 56.13% Memory free
  8. 2.40 Gb Paging File | 2.11 Gb Available in Paging File | 87.70% Paging File free
  9. Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
  12. Drive C: | 29.29 Gb Total Space | 10.05 Gb Free Space | 34.32% Space Free | Partition Type: NTFS
  13. Drive D: | 82.49 Gb Total Space | 38.02 Gb Free Space | 46.09% Space Free | Partition Type: NTFS
  14. Drive T: | 1862.89 Gb Total Space | 1808.24 Gb Free Space | 97.07% Space Free | Partition Type: NTFS
  15. Drive V: | 139.03 Gb Total Space | 108.09 Gb Free Space | 77.74% Space Free | Partition Type: NTFS
  16. Drive X: | 74.52 Gb Total Space | 51.15 Gb Free Space | 68.64% Space Free | Partition Type: NTFS
  17. Drive Y: | 139.03 Gb Total Space | 109.53 Gb Free Space | 78.79% Space Free | Partition Type: NTFS
  18.  
  19. Computer Name: GEOMARZ | User Name: GEOMARSRV | Logged in as Administrator.
  20. Boot Mode: Normal | Scan Mode: Current user | Quick Scan
  21. Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
  22.  
  23. [color=#E56717]========== Processes (SafeList) ==========[/color]
  24.  
  25. PRC - [2012/05/15 08:21:13 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GEOMARSRV\Desktop\OTL.exe
  26. PRC - [2012/05/07 07:12:14 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
  27. PRC - [2010/11/08 16:48:06 | 004,042,837 | ---- | M] (Generex GmbH) -- C:\Program Files\UPS\upsman\upsman.exe
  28. PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
  29. PRC - [2007/09/28 17:50:12 | 000,188,456 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
  30. PRC - [2007/06/20 19:08:44 | 000,094,000 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
  31. PRC - [2004/11/17 16:38:48 | 000,188,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
  32. PRC - [2004/11/17 15:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
  33. PRC - [2004/03/24 19:40:44 | 000,876,656 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\incdsrv.exe
  34. PRC - [2003/06/17 18:18:46 | 000,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\sstray.exe
  35. PRC - [2001/01/25 14:07:54 | 000,225,353 | ---- | M] (Quazar Software GmbH) -- C:\Program Files\UPS\upsman\ServiceDriver.exe
  36.  
  37.  
  38. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  39.  
  40. MOD - [2012/05/07 07:12:13 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
  41.  
  42.  
  43. [color=#E56717]========== Win32 Services (SafeList) ==========[/color]
  44.  
  45. SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
  46. SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
  47. SRV - [2012/05/07 07:12:14 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
  48. SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
  49. SRV - [2011/11/22 09:23:01 | 001,045,328 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
  50. SRV - [2010/11/08 16:48:06 | 004,042,837 | ---- | M] (Generex GmbH) [Auto | Running] -- C:\Program Files\UPS\upsman\upsman.exe -- (UPSMan)
  51. SRV - [2007/09/28 17:50:12 | 000,188,456 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
  52. SRV - [2004/11/17 16:38:48 | 000,188,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe -- (EpsonBidirectionalAgent)
  53. SRV - [2004/11/17 15:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
  54. SRV - [2004/03/24 19:40:44 | 000,876,656 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)
  55. SRV - [2001/01/25 14:07:54 | 000,225,353 | ---- | M] (Quazar Software GmbH) [Auto | Running] -- C:\Program Files\UPS\upsman\ServiceDriver.exe -- (qHTTPs)
  56.  
  57.  
  58. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  59.  
  60. DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
  61. DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
  62. DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
  63. DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
  64. DRV - [2011/11/22 09:25:05 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (ROCKEYNT)
  65. DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
  66. DRV - [2007/06/19 08:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm)
  67. DRV - [2007/06/19 08:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
  68. DRV - [2007/06/19 08:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
  69. DRV - [2007/06/19 08:51:18 | 000,097,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex)
  70. DRV - [2007/06/19 08:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
  71. DRV - [2007/06/19 08:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl)
  72. DRV - [2007/06/19 08:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
  73. DRV - [2006/09/18 16:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
  74. DRV - [2006/09/18 16:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
  75. DRV - [2006/09/18 16:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
  76. DRV - [2006/09/18 16:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
  77. DRV - [2006/09/18 16:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
  78. DRV - [2006/09/18 16:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
  79. DRV - [2006/09/18 16:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
  80. DRV - [2005/08/30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
  81. DRV - [2005/08/30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
  82. DRV - [2005/08/30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
  83. DRV - [2004/09/23 21:06:44 | 000,057,356 | R--- | M] (Castles Technology Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezusb.sys -- (EZUSB)
  84. DRV - [2004/08/04 00:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
  85. DRV - [2004/03/24 19:45:22 | 000,027,664 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
  86. DRV - [2004/03/24 19:45:02 | 000,009,561 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
  87. DRV - [2004/03/24 19:44:50 | 000,099,568 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
  88. DRV - [2003/12/30 08:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
  89. DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
  90. DRV - [2003/06/17 17:24:00 | 000,286,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
  91. DRV - [2003/06/17 17:24:00 | 000,030,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
  92. DRV - [2003/05/30 12:05:48 | 000,088,794 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3114r.sys -- (si3114r)
  93. DRV - [2003/03/19 16:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
  94. DRV - [2003/02/12 08:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc)
  95. DRV - [2003/02/12 08:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
  96. DRV - [2002/11/27 21:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
  97. DRV - [2002/08/02 14:41:08 | 000,047,660 | R--- | M] (ActivCard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\actccid.sys -- (actccid)
  98.  
  99.  
  100. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  101.  
  102.  
  103. [color=#E56717]========== Internet Explorer ==========[/color]
  104.  
  105. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
  106. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  107. IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
  108. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
  109. IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
  110.  
  111. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  112. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  113. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
  114. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
  115. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/fset.html
  116. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  117. IE - HKCU\..\SearchScopes,DefaultScope = {0EC0BBE9-76EC-4887-8F8F-DB3C6FC7592A}
  118. IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
  119. IE - HKCU\..\SearchScopes\{0EC0BBE9-76EC-4887-8F8F-DB3C6FC7592A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7_____en
  120. IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9486C8C7-60CD-4EF7-A264-2A18BD952801}&mid=46af46508dff47d191f2d1486f66526a-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&pr=fr&d=2011-10-12 19:25:44&v=10.0.0.7&sap=dsp&q={searchTerms}
  121. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  122.  
  123. [color=#E56717]========== FireFox ==========[/color]
  124.  
  125. FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
  126. FF - prefs.js..browser.search.selectedEngine: "Google"
  127. FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
  128. FF - user.js - File not found
  129.  
  130. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
  131. FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
  132. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
  133. FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
  134. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
  135. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
  136.  
  137. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/07 07:12:14 | 000,000,000 | ---D | M]
  138. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
  139.  
  140. [2011/10/25 07:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GEOMARSRV\Application Data\Mozilla\Extensions
  141. [2012/05/02 08:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GEOMARSRV\Application Data\Mozilla\Firefox\Profiles\0z9afk1o.default\extensions
  142. [2012/05/07 07:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
  143. [2012/03/12 08:36:26 | 000,003,793 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\GEOMARSRV\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0Z9AFK1O.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
  144. [2012/01/16 08:14:38 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\GEOMARSRV\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0Z9AFK1O.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
  145. [2012/01/16 08:15:58 | 000,118,971 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\GEOMARSRV\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0Z9AFK1O.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
  146. [2008/12/20 14:59:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
  147. [2009/09/02 09:38:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
  148. [2012/05/07 07:12:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
  149. [2012/03/13 07:57:51 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
  150. [2011/09/29 02:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
  151. [2011/11/17 08:36:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
  152.  
  153. [color=#E56717]========== Chrome ==========[/color]
  154.  
  155. CHR - default_search_provider: AVG Secure Search (Enabled)
  156. CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={9486C8C7-60CD-4EF7-A264-2A18BD952801}&mid=46af46508dff47d191f2d1486f66526a-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&pr=fr&d=2011-10-12 19:25:44&v=8.0.0.34&sap=dsp&q={searchTerms}
  157. CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
  158. CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
  159. CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
  160. CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
  161. CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
  162. CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
  163. CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
  164. CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
  165. CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
  166. CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
  167. CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
  168. CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
  169. CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
  170. CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
  171. CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
  172. CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
  173. CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\GEOMARSRV\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
  174. CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
  175. CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
  176. CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
  177. CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
  178. CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
  179. CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
  180. CHR - plugin: Default Plug-in (Enabled) = default_plugin
  181. CHR - Extension: Entanglement = C:\Documents and Settings\GEOMARSRV\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
  182. CHR - Extension: AVG Safe Search = C:\Documents and Settings\GEOMARSRV\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\
  183. CHR - Extension: Poppit = C:\Documents and Settings\GEOMARSRV\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
  184.  
  185. O1 HOSTS File: ([2011/06/21 10:55:43 | 000,435,122 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
  186. O1 - Hosts: 127.0.0.1 localhost
  187. O1 - Hosts: 127.0.0.1 www.007guard.com
  188. O1 - Hosts: 127.0.0.1 007guard.com
  189. O1 - Hosts: 127.0.0.1 008i.com
  190. O1 - Hosts: 127.0.0.1 www.008k.com
  191. O1 - Hosts: 127.0.0.1 008k.com
  192. O1 - Hosts: 127.0.0.1 www.00hq.com
  193. O1 - Hosts: 127.0.0.1 00hq.com
  194. O1 - Hosts: 127.0.0.1 010402.com
  195. O1 - Hosts: 127.0.0.1 www.032439.com
  196. O1 - Hosts: 127.0.0.1 032439.com
  197. O1 - Hosts: 127.0.0.1 www.0scan.com
  198. O1 - Hosts: 127.0.0.1 0scan.com
  199. O1 - Hosts: 127.0.0.1 1000gratisproben.com
  200. O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
  201. O1 - Hosts: 127.0.0.1 1001namen.com
  202. O1 - Hosts: 127.0.0.1 www.1001namen.com
  203. O1 - Hosts: 127.0.0.1 100888290cs.com
  204. O1 - Hosts: 127.0.0.1 www.100888290cs.com
  205. O1 - Hosts: 127.0.0.1 www.100sexlinks.com
  206. O1 - Hosts: 127.0.0.1 100sexlinks.com
  207. O1 - Hosts: 127.0.0.1 10sek.com
  208. O1 - Hosts: 127.0.0.1 www.10sek.com
  209. O1 - Hosts: 127.0.0.1 www.1-2005-search.com
  210. O1 - Hosts: 127.0.0.1 1-2005-search.com
  211. O1 - Hosts: 14977 more lines...
  212. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
  213. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
  214. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  215. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
  216. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
  217. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
  218. O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation)
  219. O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
  220. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
  221. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  222. O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm266YYHR File not found
  223. O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
  224. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
  225. O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\Autodesk Map 5\InstBanr.ocx (NOXLATE-BANR)
  226. O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\Autodesk Map 5\InstFred.ocx (InstaFred)
  227. O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
  228. O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
  229. O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
  230. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
  231. O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\Autodesk Map 5\AcPreview.ocx (AcPreview Control)
  232. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C9F0A57-FAF9-41E0-A008-544D3E4AB2FF}: NameServer = 192.168.168.230,195.29.150.3
  233. O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
  234. O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  235. O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
  236. O20 - Winlogon\Notify\ackpbsc: DllName - (C:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
  237. O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
  238. O24 - Desktop WallPaper: C:\Documents and Settings\GEOMARSRV\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
  239. O24 - Desktop BackupWallPaper: C:\Documents and Settings\GEOMARSRV\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
  240. O32 - HKLM CDRom: AutoRun - 1
  241. O32 - AutoRun File - [2005/04/21 04:18:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
  242. O32 - AutoRun File - [2011/06/13 14:27:39 | 000,000,000 | ---D | M] - V:\Autodesk -- [ NTFS ]
  243. O32 - AutoRun File - [2002/01/10 01:03:51 | 000,000,000 | ---- | M] () - X:\AUTOEXEC.BAT -- [ NTFS ]
  244. O33 - MountPoints2\{3809bd3c-b80b-11db-99cf-00012982bb99}\Shell\AutoRun\command - "" = ie.exe
  245. O33 - MountPoints2\{3809bd3c-b80b-11db-99cf-00012982bb99}\Shell\explore\Command - "" = ie.exe
  246. O33 - MountPoints2\{3809bd3c-b80b-11db-99cf-00012982bb99}\Shell\open\Command - "" = ie.exe
  247. O33 - MountPoints2\{41e125d8-b28d-11db-99ca-00012982bb99}\Shell\Auto\command - "" = AdobeR.exe e
  248. O33 - MountPoints2\{41e125d8-b28d-11db-99ca-00012982bb99}\Shell\AutoRun - "" = Auto&Play
  249. O33 - MountPoints2\{41e125d8-b28d-11db-99ca-00012982bb99}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
  250. O33 - MountPoints2\{4d3f01c5-ddf8-11dc-9b50-00012982bb99}\Shell\Auto\command - "" = AdobeR.exe e
  251. O33 - MountPoints2\{4d3f01c5-ddf8-11dc-9b50-00012982bb99}\Shell\AutoRun - "" = Auto&Play
  252. O33 - MountPoints2\{4d3f01c5-ddf8-11dc-9b50-00012982bb99}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
  253. O33 - MountPoints2\{611f8811-0378-11dc-9a3c-00012982bb99}\Shell\Auto\command - "" = AdobeR.exe e
  254. O33 - MountPoints2\{611f8811-0378-11dc-9a3c-00012982bb99}\Shell\AutoRun - "" = Auto&Play
  255. O33 - MountPoints2\{611f8811-0378-11dc-9a3c-00012982bb99}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
  256. O33 - MountPoints2\{e4689bbe-e993-11de-b05c-00012982bb99}\Shell\AutoRun\command - "" = F:\WDSetup.exe
  257. O34 - HKLM BootExecute: (autocheck autochk *)
  258. O35 - HKLM\..comfile [open] -- "%1" %*
  259. O35 - HKLM\..exefile [open] -- "%1" %*
  260. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  261. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  262. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  263. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  264.  
  265. NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
  266. NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
  267. NetSvcs: Ias - File not found
  268. NetSvcs: Iprip - File not found
  269. NetSvcs: Irmon - File not found
  270. NetSvcs: NWCWorkstation - File not found
  271. NetSvcs: Nwsapagent - File not found
  272. NetSvcs: WmdmPmSp - File not found
  273.  
  274. Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
  275. Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
  276. Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
  277. Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
  278. Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
  279. Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
  280. Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
  281. Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
  282. Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
  283. Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
  284.  
  285. CREATERESTOREPOINT
  286. Unable to start System Restore Service. Error code 1056
  287.  
  288. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  289.  
  290. [2012/05/15 08:20:58 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GEOMARSRV\Desktop\OTL.exe
  291. [2012/05/15 08:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GEOMARSRV\Application Data\Malwarebytes
  292. [2012/05/15 08:08:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
  293. [2012/05/15 08:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GEOMARSRV\Application Data\Skype
  294. [2012/05/15 08:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
  295. [2012/05/15 08:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Skype
  296. [2012/05/15 08:03:39 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
  297. [2012/05/15 08:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
  298. [2012/05/15 07:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\RandyRants.com
  299. [2012/05/14 09:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GEOMARSRV\My Documents\PDF-TIFF-Tools.com
  300. [2012/05/14 09:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GEOMARSRV\Local Settings\Application Data\PDF-TIFF-Tools.com
  301. [2012/05/14 09:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\JPG to PDF Converter
  302. [2012/05/14 09:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\JPG to PDF Converter
  303. [2012/05/07 07:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
  304. [2012/05/07 07:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
  305. [2012/05/03 13:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\sun
  306. [2012/05/03 12:52:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\OpenOffice.org 3.3
  307. [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  308. [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  309.  
  310. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  311.  
  312. [2012/05/15 08:25:19 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ECC3DC8F-3108-47C2-868F-C70316734A3C}.job
  313. [2012/05/15 08:21:13 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GEOMARSRV\Desktop\OTL.exe
  314. [2012/05/15 08:19:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
  315. [2012/05/15 08:19:36 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  316. [2012/05/15 08:18:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
  317. [2012/05/15 08:18:54 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
  318. [2012/05/15 07:37:01 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  319. [2012/05/15 07:23:57 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
  320. [2012/05/14 13:00:08 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\GEOMARSRV\Desktop\Topcon Link za save i eksport.lnk
  321. [2012/05/14 07:05:21 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
  322. [2012/05/14 07:05:21 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
  323. [2012/05/10 06:56:54 | 000,262,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
  324. [2012/05/09 22:44:30 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
  325. [2012/05/09 22:44:30 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
  326. [2012/05/09 22:40:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
  327. [2012/05/04 15:57:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
  328. [2012/05/04 15:56:18 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\GEOMARSRV\Desktop\Geosrv on 'Samba 3.0.25 (192.168.168.2)'.lnk
  329. [2012/04/25 07:51:48 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\GEOMARSRV\Desktop\Microsoft ActiveSync.lnk
  330. [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  331. [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  332.  
  333. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  334.  
  335. [2012/05/15 07:20:02 | 000,002,499 | ---- | C] () -- C:\Documents and Settings\GEOMARSRV\Start Menu\Programs\SharpKeys.lnk
  336. [2012/02/15 07:59:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
  337. [2011/09/23 15:56:31 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
  338. [2011/08/15 07:30:29 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
  339. [2011/08/15 07:30:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
  340. [2011/03/07 11:03:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
  341. [2010/10/27 17:55:34 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\LFC.exe
  342. [2010/10/22 13:08:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
  343.  
  344. [color=#E56717]========== LOP Check ==========[/color]
  345.  
  346. [2010/06/30 09:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
  347. [2005/12/06 19:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
  348. [2012/05/15 08:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012
  349. [2006/12/14 18:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CA
  350. [2011/06/21 11:01:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
  351. [2012/05/15 08:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
  352. [2007/03/11 12:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Teleca
  353. [2009/01/29 11:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
  354. [2012/01/16 09:41:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{2C9DE6C1-EFC0-48BC-868A-71C67DE73704}
  355. [2009/05/29 08:15:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{43008ACF-C40A-495A-ACED-E0185F9EF542}
  356. [2012/02/07 08:55:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{C94FE16B-955C-429D-ADAB-F82CF86161EF}
  357. [2009/02/26 16:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\Autodesk
  358. [2009/02/26 15:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\Chinaweal Longteng
  359. [2012/04/02 09:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\CrashReport
  360. [2006/07/13 09:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\EPSON
  361. [2012/02/07 08:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\Golden Software
  362. [2005/12/06 19:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\InterTrust
  363. [2012/03/29 07:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\IrfanView
  364. [2007/03/11 12:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\Leadertech
  365. [2011/10/31 14:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\Matus Tomlein
  366. [2008/12/20 16:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\OpenOffice.org
  367. [2009/02/06 18:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\OpenOffice.org1.9.79
  368. [2010/07/06 13:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\Samsung
  369. [2012/02/07 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\TeamViewer
  370. [2007/03/11 12:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\Teleca
  371. [2011/09/23 16:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GEOMARSRV\Application Data\ZWSoft
  372. [2012/05/15 07:23:57 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
  373. [2012/05/15 08:25:19 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ECC3DC8F-3108-47C2-868F-C70316734A3C}.job
  374.  
  375. [color=#E56717]========== Purity Check ==========[/color]
  376.  
  377.  
  378.  
  379. [color=#E56717]========== Custom Scans ==========[/color]
  380.  
  381. [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
  382. [2011/09/30 07:01:11 | 000,225,918 | ---- | M] () -- C:\aaw7boot.log
  383. [2005/04/21 04:18:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
  384. [2012/05/04 15:57:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
  385. [2005/12/06 19:54:53 | 000,007,156 | ---- | M] () -- C:\caavsetup.log
  386. [2012/04/17 08:13:06 | 000,003,821 | ---- | M] () -- C:\Client.log
  387. [2005/04/21 04:18:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
  388. [2005/12/06 19:30:25 | 000,000,008 | ---- | M] () -- C:\DFIMB.DAT
  389. [2012/05/15 08:18:54 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
  390. [2005/04/21 04:18:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
  391. [2005/04/21 04:18:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
  392. [2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
  393. [2010/01/20 15:46:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
  394. [2012/05/15 08:18:53 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
  395. [2012/02/23 11:00:33 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
  396. [2007/04/24 12:29:01 | 000,001,086 | ---- | M] () -- C:\schedule.txt
  397. [2012/02/07 13:28:16 | 000,000,386 | ---- | M] () -- C:\Shortcut to geosrv on Samba 3.0.23c (geomarnas).lnk
  398. [2008/12/08 08:19:24 | 000,000,325 | ---- | M] () -- C:\Shortcut to New Volume (D).lnk
  399. [2005/08/23 08:59:48 | 001,013,627 | ---- | M] () -- C:\wrar350.exe
  400.  
  401. [color=#A23BEC]< %systemroot%\Fonts\*.com >[/color]
  402. [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
  403. [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
  404. [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
  405. [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
  406.  
  407. [color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color]
  408.  
  409. [color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color]
  410. [2005/12/06 19:05:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
  411.  
  412. [color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color]
  413.  
  414. [color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color]
  415.  
  416. [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color]
  417. [2008/07/06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
  418. [2008/07/06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
  419.  
  420. [color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color]
  421.  
  422. [color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color]
  423.  
  424. [color=#A23BEC]< %systemroot%\system32\*.jpg >[/color]
  425.  
  426. [color=#A23BEC]< %systemroot%\*.jpg >[/color]
  427.  
  428. [color=#A23BEC]< %systemroot%\*.png >[/color]
  429.  
  430. [color=#A23BEC]< %systemroot%\*.scr >[/color]
  431.  
  432. [color=#A23BEC]< %systemroot%\*._sy >[/color]
  433.  
  434. [color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color]
  435.  
  436. [color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color]
  437.  
  438. [color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]
  439.  
  440. [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
  441.  
  442. [color=#A23BEC]< %APPDATA%\Update\*.* >[/color]
  443.  
  444. [color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
  445.  
  446. [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
  447. [2005/12/06 19:47:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
  448. [2005/12/06 19:47:35 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
  449. [2005/12/06 19:47:35 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
  450.  
  451. [color=#A23BEC]< %PROGRAMFILES%\bak. /s >[/color]
  452.  
  453. [color=#A23BEC]< %systemroot%\system32\bak. /s >[/color]
  454.  
  455. [color=#A23BEC]< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[/color]
  456. [2010/01/20 15:48:58 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini
  457.  
  458. [color=#A23BEC]< %systemroot%\system32\config\systemprofile\*.dat /x >[/color]
  459.  
  460. [color=#A23BEC]< %systemroot%\*.config >[/color]
  461.  
  462. [color=#A23BEC]< %systemroot%\system32\*.db >[/color]
  463.  
  464. [color=#A23BEC]< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >[/color]
  465. [2005/04/21 04:21:53 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\GEOMARSRV\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
  466. [2005/04/21 04:21:53 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\GEOMARSRV\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
  467.  
  468. [color=#A23BEC]< %USERPROFILE%\Desktop\*.exe >[/color]
  469. [2012/05/15 08:21:13 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GEOMARSRV\Desktop\OTL.exe
  470.  
  471. [color=#A23BEC]< %PROGRAMFILES%\Common Files\*.* >[/color]
  472.  
  473. [color=#A23BEC]< %systemroot%\*.src >[/color]
  474.  
  475. [color=#A23BEC]< %systemroot%\install\*.* >[/color]
  476.  
  477. [color=#A23BEC]< %systemroot%\system32\DLL\*.* >[/color]
  478.  
  479. [color=#A23BEC]< %systemroot%\system32\HelpFiles\*.* >[/color]
  480.  
  481. [color=#A23BEC]< %systemroot%\system32\rundll\*.* >[/color]
  482.  
  483. [color=#A23BEC]< %systemroot%\winn32\*.* >[/color]
  484.  
  485. [color=#A23BEC]< %systemroot%\Java\*.* >[/color]
  486.  
  487. [color=#A23BEC]< %systemroot%\system32\test\*.* >[/color]
  488.  
  489. [color=#A23BEC]< %systemroot%\system32\Rundll32\*.* >[/color]
  490.  
  491. [color=#A23BEC]< %systemroot%\AppPatch\Custom\*.* >[/color]
  492.  
  493. [color=#A23BEC]< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >[/color]
  494.  
  495. [color=#A23BEC]< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >[/color]
  496.  
  497. [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.tmp >[/color]
  498.  
  499. [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.dat >[/color]
  500.  
  501. [color=#A23BEC]< %USERPROFILE%\My Documents\*.exe >[/color]
  502. [2012/01/16 09:39:41 | 018,716,696 | ---- | M] (Sokkia ) -- C:\Documents and Settings\GEOMARSRV\My Documents\SLWebSetup.7.5(17.12.2009).exe
  503.  
  504. [color=#A23BEC]< %USERPROFILE%\*.exe >[/color]
  505.  
  506. [color=#A23BEC]< %systemroot%\ADDINS\*.* >[/color]
  507.  
  508. [color=#A23BEC]< %systemroot%\assembly\*.bak2 >[/color]
  509.  
  510. [color=#A23BEC]< %systemroot%\Config\*.* >[/color]
  511.  
  512. [color=#A23BEC]< %systemroot%\REPAIR\*.bak2 >[/color]
  513.  
  514. [color=#A23BEC]< %systemroot%\SECURITY\Database\*.sdb /x >[/color]
  515.  
  516. [color=#A23BEC]< %systemroot%\SYSTEM\*.bak2 >[/color]
  517.  
  518. [color=#A23BEC]< %systemroot%\Web\*.bak2 >[/color]
  519.  
  520. [color=#A23BEC]< %systemroot%\Driver Cache\*.* >[/color]
  521.  
  522. [color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\0*.exe >[/color]
  523.  
  524. [color=#A23BEC]< %ProgramFiles%\Microsoft Common\*.* >[/color]
  525.  
  526. [color=#A23BEC]< %ProgramFiles%\TinyProxy. >[/color]
  527.  
  528. [color=#A23BEC]< %USERPROFILE%\Favorites\*.url /x >[/color]
  529. [2005/04/21 04:21:53 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\GEOMARSRV\Favorites\Desktop.ini
  530.  
  531. [color=#A23BEC]< %systemroot%\System32\Wbem\*.exe >[/color]
  532. [2008/04/14 02:12:26 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wbem\mofcomp.exe
  533. [2008/04/14 02:12:34 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wbem\scrcons.exe
  534. [2004/08/04 14:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wbem\unsecapp.exe
  535. [2008/04/14 02:12:39 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wbem\wbemtest.exe
  536. [2004/08/04 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wbem\winmgmt.exe
  537. [2008/04/14 02:12:40 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wbem\wmiadap.exe
  538. [2008/04/14 02:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wbem\wmiapsrv.exe
  539. [2009/02/06 12:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wbem\wmiprvse.exe
  540.  
  541. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
  542.  
  543. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
  544. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-09 20:50:21
  545.  
  546. [color=#E56717]========== Alternate Data Streams ==========[/color]
  547.  
  548. @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CA73D29
  549.  
  550. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!