startsear.ch (copy)

taranguh · Dec 31, 2011

Hi. My browsers (firefox & chrome) have been infected with startsear.ch. Many thanks for your help. Best regards from Spain.

I dont have a Windows intstall disc.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2096 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 3:51:35 on 2011-12-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2255 [GMT 1:00]
.
.
============== Running Processes ===============
.
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\SUPERAntiSpyware\SASCORE.EXE
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Megaupload\Mega Manager\MegaManager.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\VLC\vlc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\SNDVOL32.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie_rsearch.html
uDefault_Page_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyServer = socks=
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie_rsearch.html
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\progra~1\spybot~1\SDHelper.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - e:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "e:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Mega Manager] e:\program files\megaupload\mega manager\MegaManager.exe /Tray
uRun: [SUPERAntiSpyware] e:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] e:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [JMB36X IDE Setup] e:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] e:\windows\system32\xRaidSetup.exe boot
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NPSStartup]
mRun: [SunJavaUpdateSched] "e:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoInternetIcon = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoInternetIcon = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
dPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - e:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
TCP: Interfaces\{552E5A6D-B934-45CF-AF13-C4EDB3D01680} : DhcpNameServer = 87.216.1.65 87.216.1.66
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL
SecurityProviders: schannel.dll, digest.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\administrator\application data\mozilla\firefox\profiles\6m4wwnsk.default\
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=eb9a2528-3190-11e1-ac7a-0015af64fd16
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=eb9a2528-3190-11e1-ac7a-0015af64fd16&q=
FF - component: e:\documents and settings\administrator\application data\mozilla\firefox\profiles\6m4wwnsk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: e:\documents and settings\administrator\application data\mozilla\firefox\profiles\6m4wwnsk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: e:\documents and settings\administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: e:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: e:\program files\veetle\player\npvlc.dll
FF - plugin: e:\program files\veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\veetle\vlcbroadcast\npvbp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [2011-10-21 36000]
R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;e:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AntiVirSchedulerService;Avira Scheduler;e:\program files\avira\antivir desktop\sched.exe [2011-10-21 86224]
R2 AntiVirService;Avira Realtime Protection;e:\program files\avira\antivir desktop\avguard.exe [2011-10-21 110032]
R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2009-11-19 74640]
R2 EAPPkt;Realtek EAPPkt Protocol;e:\windows\system32\drivers\EAPPkt.sys [2009-11-18 38144]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\drivers\RTL8187.sys [2009-11-18 332928]
S3 cpuz132;cpuz132;\??\e:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> e:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;e:\windows\system32\drivers\ewusbnet.sys [2009-11-11 112640]
S3 FsUsbExDisk;FsUsbExDisk;e:\windows\system32\FsUsbExDisk.Sys [2011-5-28 36608]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;e:\windows\system32\drivers\ewdcsc.sys [2011-12-12 24448]
S3 hwusbfake;Huawei DataCard USB Fake;e:\windows\system32\drivers\ewusbfake.sys [2009-11-11 102656]
S3 PciCon;PciCon;\??\l:\pcicon.sys --> l:\PciCon.sys [?]
.
=============== Created Last 30 ================
.
2011-12-30 23:47:15 -------- d-----w- e:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2011-12-30 23:46:48 -------- d-----w- e:\program files\SUPERAntiSpyware
2011-12-30 23:46:48 -------- d-----w- e:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-12-30 23:43:35 -------- d-----w- e:\documents and settings\administrator\application data\Malwarebytes
2011-12-30 23:43:23 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
2011-12-30 23:43:11 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-12-30 23:43:11 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2011-12-30 23:25:13 -------- d-----w- e:\windows\system32\NtmsData
2011-12-30 23:09:10 -------- d-----w- e:\program files\CCleaner
2011-12-28 20:17:27 -------- d-----w- e:\program files\vShare.tv plugin
2011-12-12 21:04:06 24448 ----a-r- e:\windows\system32\drivers\ewdcsc.sys
.
==================== Find3M ====================
.
2011-11-26 21:52:31 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00:32 74640 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00:32 36000 ----a-w- e:\windows\system32\drivers\avkmgr.sys
2011-10-03 03:06:03 472808 -c--a-w- e:\windows\system32\deployJava1.dll
2011-10-03 00:37:52 73728 ----a-w- e:\windows\system32\javacpl.cpl
2001-08-12 15:56:36 1388169 ----a-w- e:\program files\Captura.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: SAMSUNG_HD252HJ rev.1AC01110 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-1b
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqt.sys >>UNKNOWN [0x8AD80938]<<
spqt.sys
_asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffff5a97d8b; }
1 ntkrnlpa!IofCallDriver[0x80818196] -> \Device\Harddisk0\DR0[0x8AD02AB8]
3 CLASSPNP[0xBA908FD7] -> ntkrnlpa!IofCallDriver[0x80818196] -> \Device\00000076[0x8ADC8A08]
5 ACPI[0xBA674620] -> ntkrnlpa!IofCallDriver[0x80818196] -> \Device\Ide\IdeDeviceP2T0L0-10[0x8ACFF940]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 3:51:55,35 ===============

RPMcMurphy · Dec 31, 2011

Re: startsear.ch

Hello and welcome. Please follow these guidelines while we work on your PC:

Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download GMER Rootkit Scanner from herehttp://www.gmer.net/download.php to your desktop.

Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you have trouble running GEMR:

Make sure that your security software is disabled
Uncheck the box next to "Files" this time also
If you still can't run it, try in the Safe Mode

Please include the following in your next post:

GMER log

taranguh · Jan 1, 2012

Re: startsear.ch

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-01-01 02:43:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 SAMSUNG_HD252HJ rev.1AC01110
Running: r9uwdc9u.exe; Driver: E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwqyqpob.sys

---- System - GMER 1.0.15 ----

SSDT BAF6206C ZwClose
SSDT BAF62026 ZwCreateKey
SSDT BAF62076 ZwCreateSection
SSDT BAF6201C ZwCreateThread
SSDT BAF6202B ZwDeleteKey
SSDT BAF62035 ZwDeleteValueKey
SSDT BAF62067 ZwDuplicateObject
SSDT splx.sys ZwEnumerateKey [0xBA6CDDA4]
SSDT splx.sys ZwEnumerateValueKey [0xBA6CE132]
SSDT BAF6203A ZwLoadKey
SSDT splx.sys ZwOpenKey [0xBA6B50C0]
SSDT BAF62008 ZwOpenProcess
SSDT BAF6200D ZwOpenThread
SSDT splx.sys ZwQueryKey [0xBA6CE20A]
SSDT BAF6208F ZwQueryValueKey
SSDT BAF62044 ZwReplaceKey
SSDT BAF62080 ZwRequestWaitReplyPort
SSDT BAF6203F ZwRestoreKey
SSDT BAF6207B ZwSetContextThread
SSDT BAF62085 ZwSetSecurityObject
SSDT BAF62030 ZwSetValueKey
SSDT BAF6208A ZwSystemDebugControl
SSDT \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB5AA0640]

INT 0x83 ? 8ADC0BF8
INT 0x83 ? 8AA7EBF8
INT 0x83 ? 8ADC0BF8
INT 0x84 ? 8AA7EBF8
INT 0x94 ? 8AA7EBF8
INT 0x94 ? 8AA7EBF8
INT 0x94 ? 8AA7EBF8
INT 0x94 ? 8AA7EBF8
INT 0xA4 ? 8AA7EBF8
INT 0xB4 ? 8AD60BF8
INT 0xB4 ? 8AD60BF8
INT 0xB4 ? 8AD60BF8
INT 0xB4 ? 8AD60BF8
INT 0xB4 ? 8AD60BF8

---- Kernel code sections - GMER 1.0.15 ----

? splx.sys The system cannot find the file specified. !
.text E:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9819360, 0x36F5FD, 0xE8000020]
.text USBPORT.SYS!DllUnload B97F98AC 5 Bytes JMP 8AA7E1D8
init E:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB742AA00]

---- User code sections - GMER 1.0.15 ----

.text E:\Program Files\Megaupload\Mega Manager\MegaManager.exe[1756] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 004A3320 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Mega Manager/Megaupload Limited)
.text E:\Program Files\Megaupload\Mega Manager\MegaManager.exe[1756] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 004A3390 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Mega Manager/Megaupload Limited)
.text E:\Program Files\Megaupload\Mega Manager\MegaManager.exe[1756] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 004A3210 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Mega Manager/Megaupload Limited)
.text E:\Program Files\Megaupload\Mega Manager\MegaManager.exe[1756] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 004A3160 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Mega Manager/Megaupload Limited)
.text E:\Program Files\Megaupload\Mega Manager\MegaManager.exe[1756] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 004A32E0 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Mega Manager/Megaupload Limited)
.text E:\Program Files\Megaupload\Mega Manager\MegaManager.exe[1756] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 004A31A0 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Mega Manager/Megaupload Limited)
.text E:\Program Files\Megaupload\Mega Manager\MegaManager.exe[1756] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 004A3250 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Mega Manager/Megaupload Limited)
.text E:\Program Files\Megaupload\Mega Manager\MegaManager.exe[1756] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 004A31D0 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Mega Manager/Megaupload Limited)
.text E:\Program Files\Megaupload\Mega Manager\MegaManager.exe[1756] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 004A3290 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Mega Manager/Megaupload Limited)
.text E:\Program Files\Megaupload\Mega Manager\MegaManager.exe[1756] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 004A3120 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Mega Manager/Megaupload Limited)
.text E:\Program Files\Mozilla Firefox\firefox.exe[2780] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 012A2EC0 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[3972] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AC350 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[3972] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AC2E2 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[3972] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E363 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[3972] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045E91C E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8ADBC1F8
Device \Driver\usbuhci \Device\USBPDO-0 8A9C21F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ADBE1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ADBE1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ADBE1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ADBE1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A9C21F8
Device \Driver\usbuhci \Device\USBPDO-2 8A9C21F8
Device \Driver\usbehci \Device\USBPDO-3 8AA6F1F8
Device \Driver\usbuhci \Device\USBPDO-4 8A9C21F8
Device \Driver\usbuhci \Device\USBPDO-5 8A9C21F8
Device \Driver\usbuhci \Device\USBPDO-6 8A9C21F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AD611F8
Device \Driver\usbehci \Device\USBPDO-7 8AA6F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AD611F8
Device \Driver\Cdrom \Device\CdRom0 8A9921F8
Device \Driver\atapi \Device\Ide\IdePort0 [BA609B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [BA609B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [BA609B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [BA609B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1b [BA609B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 [BA609B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-5 [BA609B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AD611F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A5FB1F8
Device \Driver\NetBT \Device\NetbiosSmb 8A5FB1F8
Device \Driver\usbuhci \Device\USBFDO-0 8A9C21F8
Device \Driver\usbuhci \Device\USBFDO-1 8A9C21F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A5C51F8
Device \Driver\usbuhci \Device\USBFDO-2 8A9C21F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A5C51F8
Device \Driver\usbehci \Device\USBFDO-3 8AA6F1F8
Device \Driver\usbuhci \Device\USBFDO-4 8A9C21F8
Device \Driver\Ftdisk \Device\FtControl 8AD611F8
Device \Driver\usbuhci \Device\USBFDO-5 8A9C21F8
Device \Driver\usbuhci \Device\USBFDO-6 8A9C21F8
Device \Driver\usbehci \Device\USBFDO-7 8AA6F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{552E5A6D-B934-45CF-AF13-C4EDB3D01680} 8A5FB1F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8ADBD1F8
Device \FileSystem\Cdfs \Cdfs 8A8C7300

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792

---- EOF - GMER 1.0.15 ----

RPMcMurphy · Jan 1, 2012

Re: startsear.ch

taranguh:

P2P - I see you have P2P software (uTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at TSF are complete.

Please do this next:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please include the following in your next post:

ComboFix log

taranguh · Jan 1, 2012

Re: startsear.ch

ComboFix 11-12-31.03 - Administrator 01/01/2012 9:09.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2751 [GMT 1:00]
Running from: e:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
e:\documents and settings\All Users\Application Data\TEMP
e:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 07:55 . 2012-01-01 08:00 -------- d-----w- e:\documents and settings\Administrator\Application Data\Dropbox
2011-12-30 23:47 . 2011-12-30 23:47 -------- d-----w- e:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-12-30 23:46 . 2011-12-30 23:47 -------- d-----w- e:\program files\SUPERAntiSpyware
2011-12-30 23:46 . 2011-12-30 23:46 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-30 23:43 . 2011-12-30 23:43 -------- d-----w- e:\documents and settings\Administrator\Application Data\Malwarebytes
2011-12-30 23:43 . 2011-12-30 23:43 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-30 23:43 . 2011-12-30 23:43 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2011-12-30 23:43 . 2011-12-10 14:24 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-12-30 23:25 . 2011-12-30 23:25 -------- d-----w- e:\windows\system32\NtmsData
2011-12-30 23:09 . 2011-12-30 23:09 -------- d-----w- e:\program files\CCleaner
2011-12-12 21:04 . 2009-04-09 13:38 24448 ----a-r- e:\windows\system32\drivers\ewdcsc.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 00:07 . 2011-10-21 17:22 134856 ----a-w- e:\windows\system32\drivers\avipbb.sys
2011-11-26 21:52 . 2011-05-21 08:44 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-21 17:22 36000 ----a-w- e:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2009-11-19 01:06 74640 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2001-08-12 15:56 . 2001-08-12 15:56 1388169 ----a-w- e:\program files\Captura.exe
2008-05-05 20:14 . 2009-11-11 20:39 34048 -c--a-w- e:\program files\opera\program\plugins\upd62i9x.dll
2008-05-05 20:14 . 2009-11-11 20:39 45056 -c--a-w- e:\program files\opera\program\plugins\upd62int.dll
2011-11-10 09:03 . 2011-05-28 14:41 134104 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-06 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . e:\windows\system32\drivers\tcpip.sys
.
.
.
.
e:\windows\System32\wuauclt.exe ... is missing !!
e:\windows\System32\ctfmon.exe ... is missing !!
e:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Mega Manager"="e:\program files\Megaupload\Mega Manager\MegaManager.exe" [2010-11-03 2113024]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-02-28 13516800]
"nwiz"="nwiz.exe" [2008-02-28 1626112]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-02-28 86016]
"JMB36X IDE Setup"="e:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="e:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NPSStartup"="" [BU]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-06 99840]
.
e:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - e:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Spotify\\spotify.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [5/27/2010 12:24 PM 691696]
R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [10/21/2011 6:22 PM 36000]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 5:27 PM 12880]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 10:55 PM 67664]
R2 !SASCORE;SAS Core Service;e:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 12:38 AM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [10/21/2011 6:22 PM 86224]
R2 EAPPkt;Realtek EAPPkt Protocol;e:\windows\system32\drivers\EAPPkt.sys [11/18/2009 9:31 PM 38144]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\drivers\RTL8187.sys [11/18/2009 9:30 PM 332928]
S3 ewusbnet;HUAWEI USB-NDIS miniport;e:\windows\system32\drivers\ewusbnet.sys [11/11/2009 10:21 PM 112640]
S3 FsUsbExDisk;FsUsbExDisk;e:\windows\system32\FsUsbExDisk.Sys [5/28/2011 11:05 AM 36608]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;e:\windows\system32\drivers\ewdcsc.sys [12/12/2011 10:04 PM 24448]
S3 hwusbfake;Huawei DataCard USB Fake;e:\windows\system32\drivers\ewusbfake.sys [11/11/2009 9:58 PM 102656]
S3 PciCon;PciCon;\??\l:\pcicon.sys --> l:\PciCon.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HELPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1303643608-1417001333-500Core.job
- e:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-22 16:59]
.
2012-01-01 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1303643608-1417001333-500UA.job
- e:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-22 16:59]
.

RPMcMurphy · Jan 1, 2012

Re: startsear.ch

Hello,

That log is incomplete - are you certain that you posted the entire log? This will open it again; please re-post it for me.

Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:
c:\ComboFix.txt

taranguh · Jan 1, 2012

Re: startsear.ch

Sorry. Here it is:

ComboFix 11-12-31.03 - Administrator 01/01/2012 9:09.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2751 [GMT 1:00]
Running from: e:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
e:\documents and settings\All Users\Application Data\TEMP
e:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 07:55 . 2012-01-01 08:00 -------- d-----w- e:\documents and settings\Administrator\Application Data\Dropbox
2011-12-30 23:47 . 2011-12-30 23:47 -------- d-----w- e:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-12-30 23:46 . 2011-12-30 23:47 -------- d-----w- e:\program files\SUPERAntiSpyware
2011-12-30 23:46 . 2011-12-30 23:46 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-30 23:43 . 2011-12-30 23:43 -------- d-----w- e:\documents and settings\Administrator\Application Data\Malwarebytes
2011-12-30 23:43 . 2011-12-30 23:43 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-30 23:43 . 2011-12-30 23:43 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2011-12-30 23:43 . 2011-12-10 14:24 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-12-30 23:25 . 2011-12-30 23:25 -------- d-----w- e:\windows\system32\NtmsData
2011-12-30 23:09 . 2011-12-30 23:09 -------- d-----w- e:\program files\CCleaner
2011-12-12 21:04 . 2009-04-09 13:38 24448 ----a-r- e:\windows\system32\drivers\ewdcsc.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 00:07 . 2011-10-21 17:22 134856 ----a-w- e:\windows\system32\drivers\avipbb.sys
2011-11-26 21:52 . 2011-05-21 08:44 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-21 17:22 36000 ----a-w- e:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2009-11-19 01:06 74640 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2001-08-12 15:56 . 2001-08-12 15:56 1388169 ----a-w- e:\program files\Captura.exe
2008-05-05 20:14 . 2009-11-11 20:39 34048 -c--a-w- e:\program files\opera\program\plugins\upd62i9x.dll
2008-05-05 20:14 . 2009-11-11 20:39 45056 -c--a-w- e:\program files\opera\program\plugins\upd62int.dll
2011-11-10 09:03 . 2011-05-28 14:41 134104 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-06 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . e:\windows\system32\drivers\tcpip.sys
.
.
.
.
e:\windows\System32\wuauclt.exe ... is missing !!
e:\windows\System32\ctfmon.exe ... is missing !!
e:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Mega Manager"="e:\program files\Megaupload\Mega Manager\MegaManager.exe" [2010-11-03 2113024]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-02-28 13516800]
"nwiz"="nwiz.exe" [2008-02-28 1626112]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-02-28 86016]
"JMB36X IDE Setup"="e:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="e:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NPSStartup"="" [BU]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-06 99840]
.
e:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - e:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Spotify\\spotify.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [5/27/2010 12:24 PM 691696]
R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [10/21/2011 6:22 PM 36000]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 5:27 PM 12880]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 10:55 PM 67664]
R2 !SASCORE;SAS Core Service;e:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 12:38 AM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [10/21/2011 6:22 PM 86224]
R2 EAPPkt;Realtek EAPPkt Protocol;e:\windows\system32\drivers\EAPPkt.sys [11/18/2009 9:31 PM 38144]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\drivers\RTL8187.sys [11/18/2009 9:30 PM 332928]
S3 ewusbnet;HUAWEI USB-NDIS miniport;e:\windows\system32\drivers\ewusbnet.sys [11/11/2009 10:21 PM 112640]
S3 FsUsbExDisk;FsUsbExDisk;e:\windows\system32\FsUsbExDisk.Sys [5/28/2011 11:05 AM 36608]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;e:\windows\system32\drivers\ewdcsc.sys [12/12/2011 10:04 PM 24448]
S3 hwusbfake;Huawei DataCard USB Fake;e:\windows\system32\drivers\ewusbfake.sys [11/11/2009 9:58 PM 102656]
S3 PciCon;PciCon;\??\l:\pcicon.sys --> l:\PciCon.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HELPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1303643608-1417001333-500Core.job
- e:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-22 16:59]
.
2012-01-01 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1303643608-1417001333-500UA.job
- e:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-22 16:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = socks=
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=eb9a2528-3190-11e1-ac7a-0015af64fd16
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=eb9a2528-3190-11e1-ac7a-0015af64fd16&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-01-01 09:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: SAMSUNG_HD252HJ rev.1AC01110 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-1b
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
e:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2852)
e:\windows\system32\nview.dll
e:\windows\system32\NVWRSES.DLL
e:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-01-01 09:14:26
ComboFix-quarantined-files.txt 2012-01-01 08:14
.
Pre-Run: 653.897.728 bytes free
Post-Run: 647.114.752 bytes free
.

RPMcMurphy · Jan 2, 2012

Re: startsear.ch

taranguh:

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A small window should open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Uncheck any entries from C:\System Volume Information or C:\Qoobox
Make sure that everything else is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

MBRCheck log

MBAM log

taranguh · Jan 2, 2012

Re: startsear.ch

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000081d

Kernel Drivers (total 129):
0x80800000 \WINDOWS\system32\ntkrnlpa.exe
0x80A0D000 \WINDOWS\system32\hal.dll
0xBADA8000 \WINDOWS\system32\KDCOM.DLL
0xBACB8000 \WINDOWS\system32\BOOTVID.dll
0xBA6B4000 spsh.sys
0xBADAA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xBA69C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA66E000 ACPI.sys
0xBA65D000 pci.sys
0xBA8A8000 ohci1394.sys
0xBA8B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA8C8000 isapnp.sys
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA8D8000 MountMgr.sys
0xBA63E000 ftdisk.sys
0xBADAC000 dmload.sys
0xBA618000 dmio.sys
0xBAB30000 PartMgr.sys
0xBA8E8000 VolSnap.sys
0xBA600000 atapi.sys
0xBA5E5000 jraid.sys
0xBA8F8000 disk.sys
0xBA908000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA5C5000 fltMgr.sys
0xBA5B3000 sr.sys
0xBA918000 PxHelp20.sys
0xBA59C000 KSecDD.sys
0xBA50F000 Ntfs.sys
0xBA4E2000 NDIS.sys
0xBA4C8000 Mup.sys
0xB9ED4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9819000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9805000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBAC68000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB97E1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBAC70000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB97B9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBAC78000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBADCC000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB9EC4000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA48C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBAC80000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9EA4000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9E94000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9E84000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9796000 \SystemRoot\system32\DRIVERS\ks.sys
0xBAEE4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9E74000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA484000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB977F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBAA28000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBAA38000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBAC88000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB976E000 \SystemRoot\system32\DRIVERS\psched.sys
0xBAA48000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBAC90000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBAC98000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB973E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBAA58000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBACA0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBADCE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB96E0000 \SystemRoot\system32\DRIVERS\update.sys
0xBA468000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBAA68000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBAA98000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBADD6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB746E000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xB744A000 \SystemRoot\system32\drivers\portcls.sys
0xBAAE8000 \SystemRoot\system32\drivers\drmk.sys
0xB7432000 \SystemRoot\system32\drivers\AEAudio.sys
0xB73D2000 \SystemRoot\system32\drivers\Senfilt.sys
0xBABD0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBADF8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAF9B000 \SystemRoot\System32\Drivers\Null.SYS
0xBADFA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA9E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBABF0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBABF8000 \SystemRoot\System32\drivers\vga.sys
0xBADFC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBADFE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBAC00000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAC08000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA49C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5BE1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB5B88000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB5B60000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB5B3A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBAA08000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB5B18000 \SystemRoot\System32\drivers\afd.sys
0xBAA18000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBAC10000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB5A96000 \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBAC18000 \??\E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB5A43000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB59D3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9EF4000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9EB4000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0xB595C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB53B1000 \SystemRoot\system32\DRIVERS\RTL8187.sys
0xB5C8F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5D5C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB5A7E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB5C7F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB5A7A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB5A72000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB4D34000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBAE0E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBAD70000 \SystemRoot\System32\drivers\Dxapi.sys
0xB5D54000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xBAFBB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB4A7B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xBAB58000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xBA998000 \SystemRoot\system32\DRIVERS\EAPPkt.sys
0xB4AD4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB48D6000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7273000 \SystemRoot\system32\drivers\sysaudio.sys
0xB46A0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB4409000 \SystemRoot\system32\DRIVERS\srv.sys
0xB40B8000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3ADF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBAE5A000 \??\E:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB4D6C000 \??\E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
0xB2F0C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
428 E:\WINDOWS\system32\smss.exe
636 csrss.exe
664 E:\WINDOWS\system32\winlogon.exe
708 E:\WINDOWS\system32\services.exe
720 E:\WINDOWS\system32\lsass.exe
884 E:\WINDOWS\system32\svchost.exe
928 svchost.exe
968 E:\WINDOWS\system32\svchost.exe
1100 svchost.exe
1132 svchost.exe
1488 E:\WINDOWS\system32\spoolsv.exe
1556 E:\Program Files\Avira\AntiVir Desktop\sched.exe
1900 E:\Program Files\SUPERAntiSpyware\SASCore.exe
1912 E:\Program Files\Avira\AntiVir Desktop\avguard.exe
1940 E:\Program Files\Java\jre6\bin\jqs.exe
1976 E:\WINDOWS\system32\nvsvc32.exe
212 E:\WINDOWS\system32\svchost.exe
248 wdfmgr.exe
1604 E:\Program Files\Analog Devices\Core\smax4pnp.exe
1632 E:\WINDOWS\system32\rundll32.exe
1764 E:\Program Files\Common Files\Java\Java Update\jusched.exe
1796 E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1816 E:\Program Files\Megaupload\Mega Manager\MegaManager.exe
1856 E:\WINDOWS\system32\rundll32.exe
744 E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1324 alg.exe
2740 E:\WINDOWS\system32\svchost.exe
2852 E:\WINDOWS\explorer.exe
400 E:\WINDOWS\system32\sndvol32.exe
2232 E:\Program Files\Mozilla Firefox\firefox.exe
2308 E:\Program Files\Mozilla Firefox\plugin-container.exe
3160 E:\WINDOWS\system32\sndvol32.exe
3016 E:\Program Files\Mozilla Firefox\plugin-container.exe
2452 E:\WINDOWS\system32\sndvol32.exe
4068 E:\WINDOWS\explorer.exe
6604 E:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000019`9b557400 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD252HJ, Rev: 1AC01110
PhysicalDrive1 Model Number: SAMSUNGHD252HJ, Rev: 1AC01110

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: 9CFC8D75A9B3B79AD2D82DDC3A8E515904016E5A

Done!

taranguh · Jan 2, 2012

Re: startsear.ch

The scan has just finished and it didnt find anything so it didnt appear the option "show results". All i have is this:

Malwarebytes Anti-Malware 1.60.0.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.01.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.2096
Administrator :: EXPERIEN-B7AAB2 [administrator]

02/01/2012 7:38:56
mbam-log-2012-01-02 (07-38-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271223
Time elapsed: 46 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

RPMcMurphy · Jan 2, 2012

Re: startsear.ch

taranguh:

How is your computer running now? Please do this next:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
Run the insatller you just downloaded

Please go to here to run an online scan with ESET.

- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
- Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
If any threats were found, click the 'List of found threats' , then click Export to text file....
Save it to your desktop, then please copy and paste that log as a reply to this topic.

Please include the following in your next post:

How is the computer running

ESET log

taranguh · Jan 2, 2012

Re: startsear.ch

The problems are with my internet connection: is slower than usual, when i stream a video or i download a file the connection dissapears for seconds, the home of my browsers have changed to startsear.ch...

I had to restart the scan four times and i must have forgotten to untick Remove found threats the last time. I hope this not means more troubles for you.

C:\Program Files (x86)\Everest Poker\cstart-tmp.exe a variant of Win32/Casino application cleaned by deleting - quarantined
C:\Program Files (x86)\Everest Poker\CStart.exe a variant of Win32/Casino application cleaned by deleting - quarantined
C:\Program Files (x86)\Everest Poker\Everest Poker.exe a variant of Win32/Casino application cleaned by deleting - quarantined
E:\Documents and Settings\Administrator\Desktop\eXPerience\Drivers Backup\DGP900180 por orionce\DGP 9.0.0.180.exe probably a variant of Win32/Agent.BJSCQS trojan deleted - quarantined

RPMcMurphy · Jan 3, 2012

Re: startsear.ch

You did no harm in removing those detections. Please clarify for me - it's just your home page that's reset to startsear.ch..... you are not being redirected there when you do searches - is that right?

taranguh · Jan 3, 2012

Re: startsear.ch

My homepage and redirected when i do searches with the address bar, not in the google web.

RPMcMurphy · Jan 3, 2012

Re: startsear.ch

taranguh:

OK, thanks. Please do this next:

Download OTL to your desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.

Please include the following in your next post:

OTL.txt log

taranguh · Jan 4, 2012

Re: startsear.ch

OTL logfile created on: 04/01/2012 10:28:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000C0A | Country: Spain | Language: ESN | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 82,50% Memory free
5,09 Gb Paging File | 4,62 Gb Available in Paging File | 90,73% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 232,88 Gb Total Space | 18,81 Gb Free Space | 8,08% Space Free | Partition Type: NTFS
Drive D: | 99,61 Gb Total Space | 0,99 Gb Free Space | 0,99% Space Free | Partition Type: NTFS
Drive E: | 129,40 Gb Total Space | 0,34 Gb Free Space | 0,26% Space Free | Partition Type: NTFS

Computer Name: EXPERIEN-B7AAB2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 06:18:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/01/02 21:54:17 | 000,161,664 | ---- | M] (Oracle Corporation) -- E:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/06 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- E:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- E:\Program Files\WinRAR\RarExt.dll
MOD - [2009/02/27 18:35:50 | 000,311,296 | ---- | M] () -- E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.ESP
MOD - [2008/02/28 06:34:00 | 001,482,752 | ---- | M] () -- E:\WINDOWS\system32\nview.dll
MOD - [2008/02/28 06:34:00 | 000,466,944 | ---- | M] () -- E:\WINDOWS\system32\nvshell.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wscsvc)
SRV - File not found [Auto | Stopped] -- -- (ERSvc)
SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)
SRV - [2012/01/02 21:54:17 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- E:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2007/02/18 13:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)

========== Driver Services (SafeList) ==========

DRV - [2011/12/09 01:07:21 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/27 12:24:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/29 17:14:32 | 000,099,440 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009/06/29 19:00:50 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/29 19:00:50 | 000,102,656 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/04/21 09:09:00 | 000,297,344 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009/04/09 14:38:30 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/04/09 14:38:30 | 000,024,448 | R--- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2009/04/07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/25 15:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/06/27 10:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/26 16:02:49 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (Eng)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.focoblog.com/focoforo/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.9
FF - prefs.js..extensions.enabledItems: {65fe69f6-b9d0-4efa-bb93-064f9b126430}:0.32
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=eb9a2528-3190-11e1-ac7a-0015af64fd16&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: E:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.0: E:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: E:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: E:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: E:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011/11/10 10:03:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2012/01/02 21:36:59 | 000,000,000 | ---D | M]

[2009/11/19 00:38:12 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/12/31 21:17:18 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\extensions
[2011/12/30 22:49:43 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/01/18 19:46:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/18 20:25:48 | 000,000,000 | ---D | M] (RSE Tools) -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\extensions\{65fe69f6-b9d0-4efa-bb93-064f9b126430}
[2011/12/27 12:12:40 | 000,000,000 | ---D | M] ("Tumblr Post") -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2009/12/17 17:00:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/19 04:06:18 | 000,000,000 | ---D | M] (RDown - Rapidshare Downloader) -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\extensions\[email protected]
[2011/03/28 02:46:05 | 000,002,061 | ---- | M] () -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\searchplugins\addic7edcom.xml
[2009/12/01 14:23:31 | 000,002,871 | ---- | M] () -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\searchplugins\goofram-search.xml
[2009/11/24 11:37:17 | 000,001,042 | ---- | M] () -- E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6m4wwnsk.default\searchplugins\wikipedia-eng.xml
[2012/01/02 21:13:54 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
() (No name found) -- E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6M4WWNSK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6M4WWNSK.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/11/10 10:03:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/05/05 21:06:41 | 000,365,056 | ---- | M] () -- E:\Program Files\mozilla firefox\plugins\npupd62.dll
[2011/11/02 04:10:05 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/02 04:10:05 | 000,003,996 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\drae.xml
[2011/11/02 04:10:05 | 000,001,143 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
[2011/11/02 04:10:05 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
[2011/11/02 04:10:05 | 000,001,102 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=eb9a2528-3190-11e1-ac7a-0015af64fd16&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = E:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = E:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = E:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: WindizUpdate Plug-in (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npupd62.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = E:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = E:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = E:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = E:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = E:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: B\u00FAsqueda de Google = E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/01/01 06:05:09 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - E:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] E:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] E:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [Mega Manager] E:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = E:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuFavorites = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyComputer = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyDocs = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.216.1.65 87.216.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{552E5A6D-B934-45CF-AF13-C4EDB3D01680}: DhcpNameServer = 87.216.1.65 87.216.1.66
O20 - HKLM Winlogon: Shell - (Explorer.exe) -E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) -E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: E:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/19 02:30:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 06:18:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/03 12:01:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/01/02 21:56:38 | 000,000,000 | ---D | C] -- E:\Program Files\ESET
[2012/01/02 21:54:49 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Java
[2012/01/02 21:46:37 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Local Settings\Application Data\Sun
[2012/01/02 21:43:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Application Data\Oracle
[2012/01/02 21:35:12 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\jdk1.7.0_02_combo
[2012/01/02 21:05:12 | 000,000,000 | ---D | C] -- E:\Program Files\xerox
[2012/01/02 21:05:11 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\xircom
[2012/01/02 21:05:11 | 000,000,000 | ---D | C] -- E:\WINDOWS\srchasst
[2012/01/02 21:05:11 | 000,000,000 | ---D | C] -- E:\Program Files\outlook express
[2012/01/02 21:05:11 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\oobe
[2012/01/02 21:05:11 | 000,000,000 | ---D | C] -- E:\Program Files\msn gaming zone
[2012/01/02 21:05:11 | 000,000,000 | ---D | C] -- E:\Program Files\movie maker
[2012/01/02 21:05:11 | 000,000,000 | ---D | C] -- E:\Program Files\microsoft frontpage
[2012/01/02 21:05:11 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\inetsrv
[2012/01/02 05:52:25 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2012/01/01 08:59:08 | 000,000,000 | R--D | C] -- E:\Documents and Settings\Administrator\My Documents\Dropbox
[2012/01/01 08:56:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
[2012/01/01 08:55:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Application Data\Dropbox
[2012/01/01 05:54:31 | 000,518,144 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
[2012/01/01 05:54:31 | 000,406,528 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
[2012/01/01 05:54:31 | 000,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
[2012/01/01 05:54:31 | 000,060,416 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
[2012/01/01 05:54:27 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2012/01/01 05:54:23 | 000,000,000 | ---D | C] -- E:\Qoobox
[2012/01/01 05:42:53 | 004,358,797 | R--- | C] (Swearware) -- E:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/12/31 03:31:03 | 000,607,260 | R--- | C] (Swearware) -- E:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/12/31 03:12:03 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\Administrator\Recent
[2011/12/31 00:47:15 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/12/31 00:46:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/12/31 00:46:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/31 00:46:48 | 000,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2011/12/31 00:43:35 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/12/31 00:43:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/31 00:43:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/31 00:43:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2011/12/31 00:43:11 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2011/12/31 00:25:13 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\NtmsData
[2011/12/31 00:09:11 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/12/31 00:09:10 | 000,000,000 | ---D | C] -- E:\Program Files\CCleaner
[2011/12/25 06:16:34 | 003,562,624 | ---- | C] (Piriform Ltd) -- E:\Documents and Settings\Administrator\Desktop\ccsetup314.exe
[2011/12/12 22:04:06 | 000,024,448 | R--- | C] (Huawei Tech. Co., Ltd.) -- E:\WINDOWS\System32\drivers\ewdcsc.sys
[2001/08/12 16:56:35 | 001,388,169 | ---- | C] (HernanSoft ) -- E:\Program Files\Captura.exe
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/04 09:48:00 | 000,001,212 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1303643608-1417001333-500UA.job
[2012/01/04 08:20:18 | 000,819,124 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Echo Complete.jpg
[2012/01/04 08:19:55 | 000,220,675 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\MadLove_poster_1935_100.jpg
[2012/01/04 08:19:36 | 000,260,517 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\GeorgeHerriman_UnderTheThumb_100.jpg
[2012/01/04 08:19:15 | 000,121,404 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\comics_revue_tribute.jpg
[2012/01/04 08:19:06 | 000,764,354 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\happy_new_year_2012_michael_hacker.jpg
[2012/01/04 08:18:25 | 000,065,157 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\brubaker_image.jpg
[2012/01/04 08:16:31 | 000,182,261 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\965110b495805a562a7daaca7ee8b738.jpg
[2012/01/04 06:18:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/04 05:51:54 | 000,171,135 | ---- | M] () -- E:\WINDOWS\System32\nvapps.xml
[2012/01/04 05:51:27 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2012/01/03 03:33:49 | 000,749,201 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\6280035224_cfb78702c1_b.jpg
[2012/01/03 01:38:08 | 001,189,288 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\MADMAN McKEOWN strip peek.jpg
[2012/01/02 23:02:00 | 000,171,974 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\1318621502.jpg
[2012/01/02 22:52:50 | 000,422,118 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\FrankReadeWeeklyMagazine_1903-01-02_100.jpg
[2012/01/02 21:05:13 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2012/01/02 07:34:09 | 000,080,384 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2012/01/02 07:09:54 | 001,203,539 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\dvd-1.jpg
[2012/01/02 07:08:38 | 000,672,255 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\son_of_frankenstein_poster_07.jpg
[2012/01/02 07:08:03 | 000,449,712 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\daredevil-10.jpg
[2012/01/02 06:55:49 | 000,223,539 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\cerebus_239_alan_moore.jpg
[2012/01/02 04:14:14 | 000,246,077 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lw3uoa5w3w1qbz9meo1_500.jpg
[2012/01/02 04:13:58 | 000,212,751 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\393537_10150461895661600_39308306599_8669767_71225334_n.jpg
[2012/01/02 04:13:15 | 000,276,043 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\336206_10150461895566600_39308306599_8669766_340081348_o.jpg
[2012/01/02 04:03:18 | 000,306,973 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Screen shot 2011-12-28 at 2.18.29 PM.png
[2012/01/01 20:48:00 | 000,001,160 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1303643608-1417001333-500Core.job
[2012/01/01 09:05:08 | 000,382,147 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Nama_cover_SuperBlack.jpg
[2012/01/01 08:59:08 | 000,001,022 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Dropbox.lnk
[2012/01/01 08:56:58 | 000,001,022 | ---- | M] () -- E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/01 08:55:08 | 000,387,172 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\311211-07.jpg
[2012/01/01 08:54:57 | 000,096,160 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\coltre.jpg
[2012/01/01 08:54:09 | 000,385,535 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\coltrane.jpg
[2012/01/01 08:53:56 | 000,333,230 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\49a3f5ef788c4_zoom.jpg
[2012/01/01 08:53:24 | 000,433,819 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\311211-03.jpg
[2012/01/01 08:51:55 | 000,141,264 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\9780224094108.jpg
[2012/01/01 08:50:13 | 000,209,341 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\FlexMent_Scan.jpg
[2012/01/01 08:48:59 | 000,243,588 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Flex-3.jpg
[2012/01/01 08:48:24 | 000,046,199 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\dredd_xmas_cancelled-540x381.jpg
[2012/01/01 08:06:54 | 000,041,041 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tshirt_i_survived_jakas_story.jpg
[2012/01/01 08:03:27 | 000,422,112 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\milk-cheese.jpg
[2012/01/01 06:05:09 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2012/01/01 05:29:13 | 004,358,797 | R--- | M] (Swearware) -- E:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/01/01 05:07:41 | 000,510,972 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\311211-01.jpg
[2012/01/01 04:59:02 | 002,832,003 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Akira_for_download.jpg
[2012/01/01 04:57:51 | 000,216,081 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\McCay_LittleNemo_SnowballFight_100.jpg
[2012/01/01 04:43:15 | 000,273,951 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_LoneWolf1.jpg
[2012/01/01 04:43:04 | 000,304,822 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\lostonwallace - when Kitty met colossus.jpg
[2012/01/01 04:41:06 | 000,281,956 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\1915_09_28_mccay_atyourservice.jpg
[2012/01/01 04:41:01 | 000,274,729 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\1914_08_14_mccay_sheeptoslaughter.jpg
[2012/01/01 01:52:39 | 000,085,043 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\parkermartini.jpg
[2011/12/31 23:04:42 | 000,310,928 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\affiche-The-Black-Power-Mixtape-The-Black-Power-Mixtape-1967-1975Black-Power-Mixtape-1967-1975-2011-5.jpg
[2011/12/31 03:53:21 | 000,002,174 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\attach.zip
[2011/12/31 03:31:03 | 000,607,260 | R--- | M] (Swearware) -- E:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/12/31 00:46:52 | 000,001,678 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/31 00:43:28 | 000,000,784 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/31 00:09:11 | 000,000,682 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/30 23:26:08 | 000,230,288 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_D.GibbonsWatchmen.jpg
[2011/12/30 23:19:30 | 000,305,499 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_SterankoHOC2.jpg
[2011/12/30 23:02:58 | 000,149,442 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\closet mask 001.jpg
[2011/12/30 13:37:52 | 000,000,050 | ---- | M] () -- E:\WINDOWS\MegaManager.INI
[2011/12/30 07:28:08 | 000,294,299 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_FaceIt!_G_Version.jpg
[2011/12/28 20:39:27 | 000,411,381 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\elsicario_room164_final_21.jpg
[2011/12/28 20:36:18 | 000,126,118 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tokyo-ga-dick-tracy.jpg
[2011/12/28 20:29:12 | 000,490,022 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_Get2000AD.jpg
[2011/12/27 22:49:59 | 001,460,225 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\BlueBeetle9Gunmen.jpg
[2011/12/27 21:00:13 | 000,001,729 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/27 01:31:58 | 000,058,065 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\CarrieBrownsteinPA241111.jpg
[2011/12/26 12:32:39 | 000,389,019 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\HalFoster_PV_Panel_DayAwakes_100.jpg
[2011/12/26 12:29:10 | 000,343,865 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\00a_01_mad_05_1953_elder_fc.jpg
[2011/12/25 06:21:09 | 003,562,624 | ---- | M] (Piriform Ltd) -- E:\Documents and Settings\Administrator\Desktop\ccsetup314.exe
[2011/12/17 15:04:16 | 000,001,644 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\postcard-6x4-waterfall - Acceso directo.lnk
[2011/12/14 15:52:59 | 000,001,073 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop - Acceso directo.lnk
[2011/12/14 04:29:08 | 000,000,654 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\downloads.lnk
[2011/12/14 04:29:08 | 000,000,485 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\MP3Collection.lnk
[2011/12/14 04:29:08 | 000,000,462 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Series2.lnk
[2011/12/14 04:29:08 | 000,000,443 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\DOCS.lnk
[2011/12/14 04:29:08 | 000,000,364 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Desktop.lnk
[2011/12/14 04:29:08 | 000,000,361 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\series.lnk
[2011/12/14 04:29:08 | 000,000,356 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\pelis.lnk
[2011/12/14 04:29:01 | 000,000,372 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Descargas.lnk
[2011/12/14 04:28:57 | 000,000,786 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\CANAL+ YOMVI.lnk
[2011/12/14 04:28:57 | 000,000,372 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Comicazos.lnk
[2011/12/14 04:28:56 | 000,000,454 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\X-Men.lnk
[2011/12/12 22:04:54 | 000,430,176 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2011/12/12 22:04:54 | 000,066,246 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2011/12/11 22:56:33 | 000,076,222 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\raiders_steranko.jpg
[2011/12/11 20:47:20 | 000,126,569 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lw1sm2REeT1qawsxdo1_500.jpg
[2011/12/11 19:24:16 | 000,189,370 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\jugend0535.jpg
[2011/12/11 17:52:26 | 000,062,673 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\1.jpg
[2011/12/11 17:31:35 | 000,360,968 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\cockrum_fiend_with_no_name.jpg
[2011/12/11 17:22:52 | 000,220,322 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\1982 cockrum.jpg
[2011/12/11 17:15:00 | 000,433,362 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\6492300073_ab0025917c_b.jpg
[2011/12/11 15:24:29 | 000,057,378 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\antro10_MAMcover[1].JPG
[2011/12/11 03:27:42 | 000,303,374 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Fotos752010 059.jpg
[2011/12/10 23:00:46 | 000,461,193 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvg9yv52Yi1qcu22b.jpg
[2011/12/10 16:56:48 | 000,090,585 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\war-and-peace-global_i1.jpg
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2011/12/10 12:31:13 | 000,512,891 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\01_halfoster_ayoungknight_frontcover.jpg
[2011/12/10 12:23:18 | 000,277,369 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\nevermind baja.jpg
[2011/12/10 12:23:18 | 000,007,411 | ---- | M] () -- E:\Documents and Settings\Administrator\.recently-used.xbel
[2011/12/10 12:18:48 | 000,285,381 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\mart.jpg
[2011/12/10 12:11:08 | 000,360,538 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\ma.jpg
[2011/12/10 11:52:47 | 000,202,188 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\otras-car001_1-es.jpg
[2011/12/10 11:52:36 | 000,386,278 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\otras-car001-es.jpg
[2011/12/10 11:52:26 | 000,306,485 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\otras-car001_3-es.jpg
[2011/12/10 11:50:32 | 000,583,805 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\vamos a morir.jpg
[2011/12/10 02:35:57 | 000,227,210 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\3665505411_14757f2e4c_z.jpg.scaled1000.jpg
[2011/12/09 21:28:23 | 000,385,589 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\PA0211-168_lg.jpeg
[2011/12/09 21:28:06 | 000,050,591 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\PA0211-168_med.jpeg
[2011/12/09 20:33:52 | 000,328,836 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\baby-soviets0011.jpg
[2011/12/09 20:27:48 | 000,749,184 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Bass01_Vertigo-poster.jpg
[2011/12/09 19:45:06 | 000,115,064 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\FLS0997_flyer.jpg
[2011/12/09 18:39:04 | 000,397,754 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\current_1286_062.jpg
[2011/12/09 18:26:18 | 000,142,760 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\rr1211-434_lg.jpeg
[2011/12/09 15:22:34 | 000,155,680 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\9780810995956.jpg
[2011/12/09 15:09:24 | 000,625,886 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_ln9faamXay1qk6ky2.jpg
[2011/12/09 15:07:01 | 000,080,378 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\rr1211-569_lg.jpeg
[2011/12/09 14:46:48 | 000,093,589 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\StanLeeatCarnegieHall.jpg
[2011/12/09 13:47:08 | 000,641,226 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\The_Comics_back_2.jpg
[2011/12/09 13:44:38 | 000,690,452 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\The_Comics_2.jpg
[2011/12/09 13:33:53 | 000,147,567 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\10435.jpg
[2011/12/09 12:59:58 | 000,055,093 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\show-signup-bg.jpg
[2011/12/09 12:57:42 | 000,113,848 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Untitled-147.jpg
[2011/12/09 12:45:42 | 000,639,923 | ---- | M] () -- E:\Documents and Settings\Administrator\My Documents\capturada.jpg
[2011/12/09 12:39:04 | 000,140,004 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\west-memphis-three-628.jpg
[2011/12/09 03:40:05 | 000,049,483 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Jerry-Robinson-Ambassador-of-Comics-studio-1940-Photograph-courtesy-of-the-Jerry-Robinson-collection.jpg
[2011/12/09 03:30:29 | 000,226,345 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvvzh6gt4j1qz82veo1_500.png
[2011/12/09 03:18:25 | 000,174,355 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_FOOM_Badge6.jpg
[2011/12/09 03:17:53 | 000,248,692 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_FOOM_Envelope.jpg
[2011/12/09 03:16:24 | 000,441,686 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\3heavy.jpg
[2011/12/09 03:11:20 | 000,519,850 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\6432737589_ddf7052df9_b.jpg
[2011/12/09 03:10:24 | 000,122,241 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\01-carl-kyberg_900.jpg
[2011/12/09 03:10:08 | 000,842,178 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\11_supermanport_1984_jerryrobinson.jpg
[2011/12/09 03:09:38 | 000,915,284 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\02_supermanport_1984_brianboland.jpg
[2011/12/09 03:08:53 | 000,223,599 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Exile1.jpg
[2011/12/09 03:04:04 | 000,109,162 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvu1fgxuWD1r7tw87o1_500.png
[2011/12/09 03:03:18 | 000,272,065 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\jerryrobinson_abrams.jpg
[2011/12/09 02:53:08 | 000,075,101 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\20120308-jsbx_670x0.jpg
[2011/12/09 02:43:18 | 000,145,655 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\20120127-explosions_670x0.jpg
[2011/12/09 02:42:29 | 000,050,960 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\20120921-ibymnj1c_670x0.jpg
[2011/12/09 02:41:04 | 000,155,529 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\20120309-jeffmangumr2_670x0.jpg
[2011/12/09 02:39:35 | 000,071,376 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\20120525-ibymlondon3_670x0.jpg
[2011/12/09 02:35:50 | 000,263,943 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\ComicsIllustratedHistory.jpg
[2011/12/09 02:29:59 | 000,101,831 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\zeitgeist2.jpg
[2011/12/09 02:28:53 | 000,493,273 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\JerryRobinson_BatmanSketches_100.jpg
[2011/12/09 02:28:26 | 000,304,005 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\luana1.jpg
[2011/12/09 02:28:12 | 000,043,665 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\AmazingSpiderman116-13-1.jpg
[2011/12/09 02:27:00 | 000,139,270 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Jerry_Robinson.jpg
[2011/12/09 02:26:22 | 001,824,354 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\72c1f53e091a29646d97697b09eb7d75.jpg
[2011/12/09 01:07:21 | 000,134,856 | ---- | M] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/09 00:46:01 | 000,272,838 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\first3marbles.jpg
[2011/12/08 22:09:27 | 002,251,223 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\6280035224_fe21dae9f6_o.jpg
[2011/12/08 21:36:07 | 000,374,774 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvwgv2tL0i1qha7bw.jpg
[2011/12/08 04:14:50 | 000,322,407 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Batmobile!_100.jpg
[2011/12/07 20:42:28 | 000,801,812 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\TheWalkingDead 43 26 - 27.jpg
[2011/12/07 20:26:46 | 000,504,668 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\NVG-9744-F.jpg
[2011/12/07 20:26:02 | 000,072,278 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\288927_258450760840608_100000270585123_998151_4010851_o.jpg
[2011/12/07 20:25:37 | 000,226,913 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\wm3.jpg
[2011/12/07 20:23:39 | 000,363,365 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\paradise-lost-the-child-murders-at-robin-hood-hills-original.jpg
[2011/12/07 20:10:56 | 000,221,527 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Affiche festival angouleme 2012.jpg
[2011/12/07 20:05:32 | 000,225,997 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\thiago.jpg
[2011/12/07 20:02:54 | 000,221,527 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvug2sPhvk1qkyh45.jpg
[2011/12/07 18:52:48 | 000,238,557 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\reportages_joe_sacco.jpg
[2011/12/07 18:52:05 | 000,081,112 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\someday-e1323120217922.jpg
[2011/12/07 18:44:50 | 000,140,411 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\humanandhorse.jpeg
[2011/12/07 18:40:18 | 000,066,499 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\gus-3.jpg
[2011/12/07 18:40:07 | 000,000,321 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\LargeCrowdDCSpec1CropA.jpg
[2011/12/07 18:34:36 | 000,870,884 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tapa-billie-holiday-en-alta.jpg
[2011/12/07 18:33:48 | 000,242,370 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\9910000018572_cg.jpg
[2011/12/07 17:47:20 | 000,756,629 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\enlacocinaconalainpassard.jpg
[2011/12/07 13:34:39 | 000,667,130 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\pearl-harbor-ff.jpg
[2011/12/07 13:02:30 | 000,116,728 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Los-hermanos-Rafinha-y-Thiago-_54240789850_54115221152_960_640.jpg
[2011/12/07 12:59:05 | 000,512,367 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\gemini10.jpg
[2011/12/07 06:41:26 | 000,296,575 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvtfy2bFtw1qha7bw.jpg
[2011/12/07 05:20:42 | 000,035,995 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\aclockworkdesktop1440x9002.jpg
[2011/12/07 05:20:05 | 000,032,536 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\2iiddmo.jpg
[2011/12/07 05:19:48 | 000,129,267 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\clockwork_orange_book_cover.jpg
[2011/12/07 05:17:23 | 000,057,920 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\6066193604_95d6bc4515_b.jpg
[2011/12/07 04:42:25 | 000,198,580 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\comic-con20poster.jpeg
[2011/12/07 04:42:01 | 000,354,766 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\comic-con-poster1.jpg
[2011/12/07 04:19:28 | 001,829,694 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\hunr.jpg
[2011/12/07 03:56:22 | 000,562,519 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\WilliamStout_ECWitch_100.jpg
[2011/12/07 02:40:33 | 000,727,785 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Lamberto-Lamberto-Lamberto-300dpi.jpg
[2011/12/07 02:23:10 | 000,067,778 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\kinski01.png
[2011/12/07 01:12:57 | 000,049,709 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\2802peanuts time-thumb-large.jpg
[2011/12/07 01:12:32 | 000,047,965 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\1101650409_400.jpg
[2011/12/07 01:10:05 | 000,072,349 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\revis0001snopy.jpg
[2011/12/06 21:39:32 | 000,434,113 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\4774138495_f4e1c21319_b.jpg
[2011/12/06 21:36:52 | 000,877,266 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Portada-Isaac.jpg
[2011/12/06 21:32:50 | 001,349,310 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\RealClueCrimeStories06.jpg
[2011/12/06 21:30:59 | 000,106,951 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\611.jpg
[2011/12/06 21:15:13 | 000,063,273 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Mississippi Mermaid American.jpg
[2011/12/06 21:14:43 | 000,115,908 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\DAVID_PELHAM_A_Clockwork_Orange_framed.jpg
[2011/12/06 21:14:33 | 000,171,163 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\DAVID_PELHAM_Flying_to_Wake_Island_framed.jpg
[2011/12/06 21:02:01 | 000,299,378 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Ad-New-Defenders-2-647x1024.jpg
[2011/12/06 18:54:38 | 000,520,550 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\yoj.jpg
[2011/12/05 21:29:38 | 000,778,232 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvqosmGDIi1qzvf7k.jpg
[2011/12/05 17:42:32 | 000,176,121 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\HBO.jpg
[2011/12/05 15:34:11 | 000,339,761 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\52952694.jpg
[2011/12/05 15:11:55 | 000,164,552 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\6457442377_92b608693d_o.jpg
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 08:20:14 | 000,819,124 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Echo Complete.jpg
[2012/01/04 08:19:55 | 000,220,675 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\MadLove_poster_1935_100.jpg
[2012/01/04 08:19:36 | 000,260,517 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\GeorgeHerriman_UnderTheThumb_100.jpg
[2012/01/04 08:19:15 | 000,121,404 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\comics_revue_tribute.jpg
[2012/01/04 08:19:06 | 000,764,354 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\happy_new_year_2012_michael_hacker.jpg
[2012/01/04 08:18:25 | 000,065,157 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\brubaker_image.jpg
[2012/01/04 08:16:31 | 000,182,261 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\965110b495805a562a7daaca7ee8b738.jpg
[2012/01/03 03:33:49 | 000,749,201 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\6280035224_cfb78702c1_b.jpg
[2012/01/03 01:38:08 | 001,189,288 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\MADMAN McKEOWN strip peek.jpg
[2012/01/02 23:02:00 | 000,171,974 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\1318621502.jpg
[2012/01/02 22:52:49 | 000,422,118 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\FrankReadeWeeklyMagazine_1903-01-02_100.jpg
[2012/01/02 07:34:10 | 000,080,384 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2012/01/02 07:09:46 | 001,203,539 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\dvd-1.jpg
[2012/01/02 07:08:38 | 000,672,255 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\son_of_frankenstein_poster_07.jpg
[2012/01/02 07:08:03 | 000,449,712 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\daredevil-10.jpg
[2012/01/02 06:55:48 | 000,223,539 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\cerebus_239_alan_moore.jpg
[2012/01/02 04:14:13 | 000,246,077 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lw3uoa5w3w1qbz9meo1_500.jpg
[2012/01/02 04:13:58 | 000,212,751 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\393537_10150461895661600_39308306599_8669767_71225334_n.jpg
[2012/01/02 04:13:14 | 000,276,043 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\336206_10150461895566600_39308306599_8669766_340081348_o.jpg
[2012/01/02 04:03:17 | 000,306,973 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Screen shot 2011-12-28 at 2.18.29 PM.png
[2012/01/01 09:05:08 | 000,382,147 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Nama_cover_SuperBlack.jpg
[2012/01/01 08:59:08 | 000,001,022 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Dropbox.lnk
[2012/01/01 08:56:58 | 000,001,022 | ---- | C] () -- E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/01 08:55:08 | 000,387,172 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\311211-07.jpg
[2012/01/01 08:54:57 | 000,096,160 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\coltre.jpg
[2012/01/01 08:54:09 | 000,385,535 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\coltrane.jpg
[2012/01/01 08:53:55 | 000,333,230 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\49a3f5ef788c4_zoom.jpg
[2012/01/01 08:53:23 | 000,433,819 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\311211-03.jpg
[2012/01/01 08:51:55 | 000,141,264 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\9780224094108.jpg
[2012/01/01 08:50:12 | 000,209,341 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\FlexMent_Scan.jpg
[2012/01/01 08:48:58 | 000,243,588 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Flex-3.jpg
[2012/01/01 08:48:24 | 000,046,199 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\dredd_xmas_cancelled-540x381.jpg
[2012/01/01 08:06:54 | 000,041,041 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tshirt_i_survived_jakas_story.jpg
[2012/01/01 08:03:27 | 000,422,112 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\milk-cheese.jpg
[2012/01/01 05:54:31 | 000,256,000 | ---- | C] () -- E:\WINDOWS\PEV.exe
[2012/01/01 05:54:31 | 000,208,896 | ---- | C] () -- E:\WINDOWS\MBR.exe
[2012/01/01 05:54:31 | 000,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
[2012/01/01 05:54:31 | 000,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
[2012/01/01 05:54:31 | 000,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
[2012/01/01 05:07:41 | 000,510,972 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\311211-01.jpg
[2012/01/01 04:58:43 | 002,832,003 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Akira_for_download.jpg
[2012/01/01 04:57:51 | 000,216,081 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\McCay_LittleNemo_SnowballFight_100.jpg
[2012/01/01 04:43:14 | 000,273,951 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_LoneWolf1.jpg
[2012/01/01 04:43:04 | 000,304,822 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\lostonwallace - when Kitty met colossus.jpg
[2012/01/01 04:41:05 | 000,281,956 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\1915_09_28_mccay_atyourservice.jpg
[2012/01/01 04:41:00 | 000,274,729 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\1914_08_14_mccay_sheeptoslaughter.jpg
[2012/01/01 01:52:38 | 000,085,043 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\parkermartini.jpg
[2011/12/31 23:04:42 | 000,310,928 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\affiche-The-Black-Power-Mixtape-The-Black-Power-Mixtape-1967-1975Black-Power-Mixtape-1967-1975-2011-5.jpg
[2011/12/31 03:53:21 | 000,002,174 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\attach.zip
[2011/12/31 00:46:52 | 000,001,678 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/31 00:43:28 | 000,000,784 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/31 00:09:11 | 000,000,682 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/30 23:26:08 | 000,230,288 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_D.GibbonsWatchmen.jpg
[2011/12/30 23:19:29 | 000,305,499 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_SterankoHOC2.jpg
[2011/12/30 23:02:57 | 000,149,442 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\closet mask 001.jpg
[2011/12/30 07:28:06 | 000,294,299 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_FaceIt!_G_Version.jpg
[2011/12/28 20:39:20 | 000,411,381 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\elsicario_room164_final_21.jpg
[2011/12/28 20:36:16 | 000,126,118 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tokyo-ga-dick-tracy.jpg
[2011/12/28 20:29:10 | 000,490,022 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_Get2000AD.jpg
[2011/12/27 22:49:45 | 001,460,225 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\BlueBeetle9Gunmen.jpg
[2011/12/27 21:00:13 | 000,001,729 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/27 01:31:58 | 000,058,065 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\CarrieBrownsteinPA241111.jpg
[2011/12/26 12:32:39 | 000,389,019 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\HalFoster_PV_Panel_DayAwakes_100.jpg
[2011/12/26 12:29:10 | 000,343,865 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\00a_01_mad_05_1953_elder_fc.jpg
[2011/12/17 15:04:16 | 000,001,644 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\postcard-6x4-waterfall - Acceso directo.lnk
[2011/12/14 15:52:59 | 000,001,073 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop - Acceso directo.lnk
[2011/12/11 22:56:31 | 000,076,222 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\raiders_steranko.jpg
[2011/12/11 20:47:19 | 000,126,569 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lw1sm2REeT1qawsxdo1_500.jpg
[2011/12/11 19:24:04 | 000,189,370 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\jugend0535.jpg
[2011/12/11 17:52:25 | 000,062,673 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\1.jpg
[2011/12/11 17:31:30 | 000,360,968 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\cockrum_fiend_with_no_name.jpg
[2011/12/11 17:22:50 | 000,220,322 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\1982 cockrum.jpg
[2011/12/11 17:14:54 | 000,433,362 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\6492300073_ab0025917c_b.jpg
[2011/12/11 08:16:52 | 000,057,378 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\antro10_MAMcover[1].JPG
[2011/12/11 03:27:23 | 000,303,374 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Fotos752010 059.jpg
[2011/12/10 23:00:34 | 000,461,193 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvg9yv52Yi1qcu22b.jpg
[2011/12/10 16:56:42 | 000,090,585 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\war-and-peace-global_i1.jpg
[2011/12/10 12:31:09 | 000,512,891 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\01_halfoster_ayoungknight_frontcover.jpg
[2011/12/10 12:23:18 | 000,007,411 | ---- | C] () -- E:\Documents and Settings\Administrator\.recently-used.xbel
[2011/12/10 12:14:24 | 000,285,381 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\mart.jpg
[2011/12/10 12:11:08 | 000,360,538 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\ma.jpg
[2011/12/10 11:52:46 | 000,202,188 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\otras-car001_1-es.jpg
[2011/12/10 11:52:36 | 000,386,278 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\otras-car001-es.jpg
[2011/12/10 11:52:26 | 000,306,485 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\otras-car001_3-es.jpg
[2011/12/10 11:50:32 | 000,583,805 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\vamos a morir.jpg
[2011/12/10 11:43:12 | 000,277,369 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\nevermind baja.jpg
[2011/12/10 02:35:52 | 000,227,210 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\3665505411_14757f2e4c_z.jpg.scaled1000.jpg
[2011/12/09 21:28:16 | 000,385,589 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\PA0211-168_lg.jpeg
[2011/12/09 21:28:05 | 000,050,591 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\PA0211-168_med.jpeg
[2011/12/09 20:33:45 | 000,328,836 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\baby-soviets0011.jpg
[2011/12/09 20:27:48 | 000,749,184 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Bass01_Vertigo-poster.jpg
[2011/12/09 19:45:03 | 000,115,064 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\FLS0997_flyer.jpg
[2011/12/09 18:38:58 | 000,397,754 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\current_1286_062.jpg
[2011/12/09 18:26:16 | 000,142,760 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\rr1211-434_lg.jpeg
[2011/12/09 15:22:31 | 000,155,680 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\9780810995956.jpg
[2011/12/09 15:09:09 | 000,625,886 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_ln9faamXay1qk6ky2.jpg
[2011/12/09 15:07:00 | 000,080,378 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\rr1211-569_lg.jpeg
[2011/12/09 14:46:40 | 000,093,589 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\StanLeeatCarnegieHall.jpg
[2011/12/09 13:46:59 | 000,641,226 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\The_Comics_back_2.jpg
[2011/12/09 13:44:27 | 000,690,452 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\The_Comics_2.jpg
[2011/12/09 13:33:53 | 000,147,567 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\10435.jpg
[2011/12/09 12:57:41 | 000,113,848 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Untitled-147.jpg
[2011/12/09 12:39:04 | 000,140,004 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\west-memphis-three-628.jpg
[2011/12/09 03:40:00 | 000,049,483 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Jerry-Robinson-Ambassador-of-Comics-studio-1940-Photograph-courtesy-of-the-Jerry-Robinson-collection.jpg
[2011/12/09 03:30:23 | 000,226,345 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvvzh6gt4j1qz82veo1_500.png
[2011/12/09 03:18:22 | 000,174,355 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_FOOM_Badge6.jpg
[2011/12/09 03:17:40 | 000,248,692 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\SCOOK_FOOM_Envelope.jpg
[2011/12/09 03:13:15 | 000,055,093 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\show-signup-bg.jpg
[2011/12/09 03:11:09 | 000,519,850 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\6432737589_ddf7052df9_b.jpg
[2011/12/09 03:10:23 | 000,122,241 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\01-carl-kyberg_900.jpg
[2011/12/09 03:10:01 | 000,842,178 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\11_supermanport_1984_jerryrobinson.jpg
[2011/12/09 03:09:26 | 000,915,284 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\02_supermanport_1984_brianboland.jpg
[2011/12/09 03:08:51 | 000,223,599 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Exile1.jpg
[2011/12/09 03:04:03 | 000,109,162 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvu1fgxuWD1r7tw87o1_500.png
[2011/12/09 03:03:16 | 000,272,065 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\jerryrobinson_abrams.jpg
[2011/12/09 02:53:03 | 000,075,101 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\20120308-jsbx_670x0.jpg
[2011/12/09 02:43:15 | 000,145,655 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\20120127-explosions_670x0.jpg
[2011/12/09 02:42:28 | 000,050,960 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\20120921-ibymnj1c_670x0.jpg
[2011/12/09 02:41:02 | 000,155,529 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\20120309-jeffmangumr2_670x0.jpg
[2011/12/09 02:35:48 | 000,263,943 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\ComicsIllustratedHistory.jpg
[2011/12/09 02:29:56 | 000,101,831 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\zeitgeist2.jpg
[2011/12/09 02:28:47 | 000,493,273 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\JerryRobinson_BatmanSketches_100.jpg
[2011/12/09 02:28:21 | 000,304,005 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\luana1.jpg
[2011/12/09 02:28:10 | 000,043,665 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\AmazingSpiderman116-13-1.jpg
[2011/12/09 02:26:59 | 000,139,270 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Jerry_Robinson.jpg
[2011/12/09 02:26:09 | 001,824,354 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\72c1f53e091a29646d97697b09eb7d75.jpg
[2011/12/09 00:45:58 | 000,272,838 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\first3marbles.jpg
[2011/12/08 23:24:31 | 000,071,376 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\20120525-ibymlondon3_670x0.jpg
[2011/12/08 22:09:25 | 002,251,223 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\6280035224_fe21dae9f6_o.jpg
[2011/12/08 21:57:28 | 000,441,686 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\3heavy.jpg
[2011/12/08 21:36:05 | 000,374,774 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvwgv2tL0i1qha7bw.jpg
[2011/12/08 04:14:47 | 000,322,407 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Batmobile!_100.jpg
[2011/12/07 20:42:28 | 000,801,812 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\TheWalkingDead 43 26 - 27.jpg
[2011/12/07 20:26:35 | 000,504,668 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\NVG-9744-F.jpg
[2011/12/07 20:26:00 | 000,072,278 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\288927_258450760840608_100000270585123_998151_4010851_o.jpg
[2011/12/07 20:25:34 | 000,226,913 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\wm3.jpg
[2011/12/07 20:23:36 | 000,363,365 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\paradise-lost-the-child-murders-at-robin-hood-hills-original.jpg
[2011/12/07 20:10:54 | 000,221,527 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Affiche festival angouleme 2012.jpg
[2011/12/07 20:05:32 | 000,225,997 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\thiago.jpg
[2011/12/07 20:02:51 | 000,221,527 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvug2sPhvk1qkyh45.jpg
[2011/12/07 18:52:44 | 000,238,557 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\reportages_joe_sacco.jpg
[2011/12/07 18:52:02 | 000,081,112 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\someday-e1323120217922.jpg
[2011/12/07 18:44:47 | 000,140,411 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\humanandhorse.jpeg
[2011/12/07 18:40:17 | 000,066,499 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\gus-3.jpg
[2011/12/07 18:40:06 | 000,000,321 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\LargeCrowdDCSpec1CropA.jpg
[2011/12/07 18:34:14 | 000,870,884 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tapa-billie-holiday-en-alta.jpg
[2011/12/07 18:33:46 | 000,242,370 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\9910000018572_cg.jpg
[2011/12/07 17:46:13 | 000,756,629 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\enlacocinaconalainpassard.jpg
[2011/12/07 13:34:28 | 000,667,130 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\pearl-harbor-ff.jpg
[2011/12/07 13:02:29 | 000,116,728 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Los-hermanos-Rafinha-y-Thiago-_54240789850_54115221152_960_640.jpg
[2011/12/07 12:59:01 | 000,512,367 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\gemini10.jpg
[2011/12/07 06:41:16 | 000,296,575 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvtfy2bFtw1qha7bw.jpg
[2011/12/07 05:20:41 | 000,035,995 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\aclockworkdesktop1440x9002.jpg
[2011/12/07 05:20:04 | 000,032,536 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\2iiddmo.jpg
[2011/12/07 05:19:45 | 000,129,267 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\clockwork_orange_book_cover.jpg
[2011/12/07 05:17:21 | 000,057,920 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\6066193604_95d6bc4515_b.jpg
[2011/12/07 04:42:22 | 000,198,580 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\comic-con20poster.jpeg
[2011/12/07 04:41:56 | 000,354,766 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\comic-con-poster1.jpg
[2011/12/07 04:19:28 | 001,829,694 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\hunr.jpg
[2011/12/07 03:56:15 | 000,562,519 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\WilliamStout_ECWitch_100.jpg
[2011/12/07 02:40:12 | 000,727,785 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Lamberto-Lamberto-Lamberto-300dpi.jpg
[2011/12/07 02:23:09 | 000,067,778 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\kinski01.png
[2011/12/07 01:12:56 | 000,049,709 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\2802peanuts time-thumb-large.jpg
[2011/12/07 01:12:31 | 000,047,965 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\1101650409_400.jpg
[2011/12/07 01:10:04 | 000,072,349 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\revis0001snopy.jpg
[2011/12/06 21:39:31 | 000,434,113 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\4774138495_f4e1c21319_b.jpg
[2011/12/06 21:35:59 | 000,877,266 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Portada-Isaac.jpg
[2011/12/06 21:32:17 | 001,349,310 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\RealClueCrimeStories06.jpg
[2011/12/06 21:30:56 | 000,106,951 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\611.jpg
[2011/12/06 21:15:09 | 000,063,273 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Mississippi Mermaid American.jpg
[2011/12/06 21:14:41 | 000,115,908 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\DAVID_PELHAM_A_Clockwork_Orange_framed.jpg
[2011/12/06 21:14:29 | 000,171,163 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\DAVID_PELHAM_Flying_to_Wake_Island_framed.jpg
[2011/12/06 21:00:58 | 000,299,378 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Ad-New-Defenders-2-647x1024.jpg
[2011/12/06 18:48:25 | 000,520,550 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\yoj.jpg
[2011/12/05 21:29:37 | 000,778,232 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\tumblr_lvqosmGDIi1qzvf7k.jpg
[2011/12/05 17:42:30 | 000,176,121 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\HBO.jpg
[2011/12/05 15:34:00 | 000,339,761 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\52952694.jpg
[2011/12/05 15:11:52 | 000,164,552 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\6457442377_92b608693d_o.jpg
[2011/05/28 11:05:17 | 000,110,592 | ---- | C] () -- E:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/05/28 11:05:17 | 000,036,608 | ---- | C] () -- E:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/05/28 11:05:08 | 000,002,528 | ---- | C] () -- E:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2011/05/09 20:08:43 | 000,005,632 | ---- | C] () -- E:\WINDOWS\System32\CNMVS27.DLL
[2011/05/09 20:08:30 | 000,036,864 | ---- | C] () -- E:\WINDOWS\System32\CNMCP27.EXE
[2011/01/29 16:49:28 | 000,003,584 | ---- | C] () -- E:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/30 00:56:08 | 000,085,504 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2010/08/18 02:43:39 | 000,064,200 | ---- | C] () -- E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/28 14:26:26 | 000,044,544 | ---- | C] () -- E:\WINDOWS\System32\GIF89.DLL
[2010/04/16 21:06:55 | 000,000,050 | ---- | C] () -- E:\WINDOWS\MegaManager.INI
[2009/11/13 10:29:49 | 000,004,940 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/11/13 09:21:25 | 000,451,072 | ---- | C] () -- E:\WINDOWS\System32\ISSRemoveSP.exe
[2009/11/12 18:35:25 | 000,073,728 | ---- | C] () -- E:\WINDOWS\System32\RtNicProp32.dll
[2009/11/12 00:11:52 | 000,110,602 | ---- | C] () -- E:\WINDOWS\System32\xcdsfx32.bin
[2009/11/11 21:39:10 | 000,484,352 | ---- | C] () -- E:\WINDOWS\System32\lame_enc.dll
[2009/11/11 21:39:09 | 000,155,720 | ---- | C] () -- E:\WINDOWS\System32\CDR.exe
[2009/11/11 21:39:09 | 000,110,080 | ---- | C] () -- E:\WINDOWS\System32\cdimage.exe
[2009/11/11 21:39:09 | 000,005,405 | ---- | C] () -- E:\WINDOWS\System32\CHNGTEXT.EXE
[2009/11/11 21:35:08 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
[2009/11/11 21:33:44 | 000,021,640 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat
[2009/11/11 21:25:17 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2009/11/11 21:20:06 | 000,005,810 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASACPI.sys
[2009/11/11 21:19:52 | 000,093,480 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/06 13:00:00 | 013,107,200 | ---- | C] () -- E:\WINDOWS\System32\oembios.bin
[2008/05/06 13:00:00 | 000,673,088 | ---- | C] () -- E:\WINDOWS\System32\mlang.dat
[2008/05/06 13:00:00 | 000,430,176 | ---- | C] () -- E:\WINDOWS\System32\perfh009.dat
[2008/05/06 13:00:00 | 000,272,128 | ---- | C] () -- E:\WINDOWS\System32\perfi009.dat
[2008/05/06 13:00:00 | 000,218,003 | ---- | C] () -- E:\WINDOWS\System32\dssec.dat
[2008/05/06 13:00:00 | 000,152,576 | ---- | C] () -- E:\WINDOWS\System32\MAKECAB.EXE
[2008/05/06 13:00:00 | 000,066,246 | ---- | C] () -- E:\WINDOWS\System32\perfc009.dat
[2008/05/06 13:00:00 | 000,046,258 | ---- | C] () -- E:\WINDOWS\System32\mib.bin
[2008/05/06 13:00:00 | 000,028,626 | ---- | C] () -- E:\WINDOWS\System32\perfd009.dat
[2008/05/06 13:00:00 | 000,004,569 | ---- | C] () -- E:\WINDOWS\System32\secupd.dat
[2008/05/06 13:00:00 | 000,004,463 | ---- | C] () -- E:\WINDOWS\System32\oembios.dat
[2008/05/06 13:00:00 | 000,001,804 | ---- | C] () -- E:\WINDOWS\System32\Dcache.bin
[2008/05/06 13:00:00 | 000,000,287 | ---- | C] () -- E:\WINDOWS\System32\Oeminfo.ini
[2008/02/28 06:34:00 | 001,703,936 | ---- | C] () -- E:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/28 06:34:00 | 001,626,112 | ---- | C] () -- E:\WINDOWS\System32\nwiz.exe
[2008/02/28 06:34:00 | 001,482,752 | ---- | C] () -- E:\WINDOWS\System32\nview.dll
[2008/02/28 06:34:00 | 001,339,392 | ---- | C] () -- E:\WINDOWS\System32\nvdspsch.exe
[2008/02/28 06:34:00 | 001,019,904 | ---- | C] () -- E:\WINDOWS\System32\nvwimg.dll
[2008/02/28 06:34:00 | 000,466,944 | ---- | C] () -- E:\WINDOWS\System32\nvshell.dll
[2008/02/28 06:34:00 | 000,442,368 | ---- | C] () -- E:\WINDOWS\System32\nvappbar.exe
[2008/02/28 06:34:00 | 000,425,984 | ---- | C] () -- E:\WINDOWS\System32\keystone.exe
[2008/02/28 06:34:00 | 000,286,720 | ---- | C] () -- E:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- E:\WINDOWS\System32\drivers\StarOpen.sys

========== LOP Check ==========

[2010/05/28 14:40:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\DriverCure
[2012/01/04 05:52:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Dropbox
[2010/11/29 06:38:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\FileZilla
[2010/05/28 18:27:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\FreeBurner
[2011/12/10 12:14:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/05/10 20:36:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Hide IP NG
[2010/12/30 16:00:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/12/19 17:59:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Microgaming
[2011/01/22 01:10:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\OpenCandy
[2012/01/02 21:43:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Oracle
[2011/11/27 23:00:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Prisa TV
[2011/05/28 11:05:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Samsung
[2012/01/03 03:05:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Spotify
[2011/03/09 08:31:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Subtitle Edit
[2011/01/29 16:44:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Thinstall
[2011/01/21 13:10:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/05/22 18:26:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\UDC Profiles
[2012/01/04 08:14:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/11/11 21:54:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Administrator\Application Data\Vodafone
[2010/05/28 16:13:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DriverCure
[2010/05/28 14:39:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/28 14:51:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/26 20:10:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Vodafone
[2009/11/13 00:09:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\WiFi-Manager Data

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 04/01/2012 10:28:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000C0A | Country: Spain | Language: ESN | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 82,50% Memory free
5,09 Gb Paging File | 4,62 Gb Available in Paging File | 90,73% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 232,88 Gb Total Space | 18,81 Gb Free Space | 8,08% Space Free | Partition Type: NTFS
Drive D: | 99,61 Gb Total Space | 0,99 Gb Free Space | 0,99% Space Free | Partition Type: NTFS
Drive E: | 129,40 Gb Total Space | 0,34 Gb Free Space | 0,26% Space Free | Partition Type: NTFS

Computer Name: EXPERIEN-B7AAB2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hta [@ = hta_auto_file] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "E:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "E:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "E:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "E:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Notepad] -- Reg Error: Key error.
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "E:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet

isabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet

isabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet

isabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet

isabled

xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Spotify\spotify.exe" = E:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = E:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled

ropbox -- (Dropbox, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E79B390-BEAA-4C03-8AD2-63C8A42DF828}" = CANAL+ YOMVI
"{607169F0-07F6-4797-99D2-D5E7C4715E20}" = Mega Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = [email protected] ISO Burner
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9188F3C7-217B-4A19-98DA-77CD49618E5D}" = Yukon Diagnostics
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1034-7B44-A94000000001}" = Adobe Reader 9.4.7 - Español
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187 Wireless LAN Driver and Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK Wireless LAN Driver
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONBJ_Deinstall_CNMCP27.DLL" = BJC-85
"Captura" = Captura
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.3.1
"Free Easy Burner_is1" = Free Easy Burner V 4.0
"HaaliMkx" = Haali Media Splitter
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 8.0 (x86 es-ES)" = Mozilla Firefox 8.0 (x86 es-ES)
"MP3-Info extension_is1" = MP3-Info extension V3.4.23
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"Spotify" = Spotify
"ST6UNST #1" = SubSync
"SubtitleEdit_is1" = Subtitle Edit v3.1
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = Compresor WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/08/2010 19:10:05 | Computer Name = EXPERIEN-B7AAB2 | Source = Google Update | ID = 20
Description =

Error - 30/08/2010 8:13:13 | Computer Name = EXPERIEN-B7AAB2 | Source = Google Update | ID = 20
Description =

Error - 04/09/2010 17:10:06 | Computer Name = EXPERIEN-B7AAB2 | Source = Google Update | ID = 20
Description =

Error - 14/09/2010 12:19:03 | Computer Name = EXPERIEN-B7AAB2 | Source = Google Update | ID = 20
Description =

Error - 14/09/2010 23:10:14 | Computer Name = EXPERIEN-B7AAB2 | Source = Google Update | ID = 20
Description =

Error - 15/09/2010 0:10:15 | Computer Name = EXPERIEN-B7AAB2 | Source = Google Update | ID = 20
Description =

Error - 16/09/2010 21:10:14 | Computer Name = EXPERIEN-B7AAB2 | Source = Google Update | ID = 20
Description =

Error - 16/09/2010 22:10:06 | Computer Name = EXPERIEN-B7AAB2 | Source = Google Update | ID = 20
Description =

Error - 16/09/2010 23:13:14 | Computer Name = EXPERIEN-B7AAB2 | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 0:13:14 | Computer Name = EXPERIEN-B7AAB2 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 03/01/2012 6:57:03 | Computer Name = EXPERIEN-B7AAB2 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%193

Error - 03/01/2012 6:57:03 | Computer Name = EXPERIEN-B7AAB2 | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 03/01/2012 6:57:03 | Computer Name = EXPERIEN-B7AAB2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 03/01/2012 6:57:03 | Computer Name = EXPERIEN-B7AAB2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 03/01/2012 17:08:27 | Computer Name = EXPERIEN-B7AAB2 | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 03/01/2012 17:08:27 | Computer Name = EXPERIEN-B7AAB2 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%193

Error - 03/01/2012 17:08:27 | Computer Name = EXPERIEN-B7AAB2 | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 04/01/2012 0:52:44 | Computer Name = EXPERIEN-B7AAB2 | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 04/01/2012 0:52:44 | Computer Name = EXPERIEN-B7AAB2 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%193

Error - 04/01/2012 0:52:44 | Computer Name = EXPERIEN-B7AAB2 | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

< End of report >

RPMcMurphy · Jan 6, 2012

Re: startsear.ch

I'm sorry for the delay - I missed my notification that you had replied. Please do this:

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=eb9a2528-3190-11e1-ac7a-0015af64fd16&q="
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (Eng)"
FF - prefs.js..browser.search.useDBForOrder: true
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=eb9a2528-3190-11e1-ac7a-0015af64fd16&q={searchTerms}
CHR - default_search_provider: suggest_url =
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
:Commands
[EmptyFlash]
[EmptyTemp]

Then click the Run Fix button at the top
Let the program run unhindered, it will reboot when it is done and produce a log

Please include the following in your next post:

OTL Fix log

taranguh · Jan 8, 2012

Re: startsear.ch

Here I am again. No need to apologize: seriously, a million thanks for all your help.

All processes killed
========== OTL ==========
Prefs.js: "http://startsear.ch/?aff=1&src=sp&cf=eb9a2528-3190-11e1-ac7a-0015af64fd16&q=" removed from keyword.URL
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Wikipedia (Eng)" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 2001278 bytes

User: All Users

User: Default User
->Flash cache emptied: 56502 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 2,00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2060446 bytes
->Temporary Internet Files folder emptied: 1417590 bytes
->Java cache emptied: 2856272 bytes
->FireFox cache emptied: 289785343 bytes
->Google Chrome cache emptied: 7588344 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 14158359 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 303,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01082012_162838

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

RPMcMurphy · Jan 8, 2012

Re: startsear.ch

Hi,

Did that resolve your address bar redirection and other startsear.ch issues?

taranguh · Jan 8, 2012

Re: startsear.ch

Adress bar: in chrome still the same - in firefox is solved.

Other issues seem to be ok.

startsear.ch (copy)

Registered

Attachments

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered

Registered