Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP! Cannot see desktop icons!

Started by asdfq321 , Nov 29 2010 12:12 AM

  • Please log in to reply

#1
asdfq321
Posted 29 November 2010 - 12:12 AM

asdfq321

    Member

  • Member
  • PipPip
  • 15 posts
I recently (hopefully) removed a virus, but afterwords, when I restarted my computer, I found myself unable to see any desktop icons. I can still see everything that used to be on my desktop in the desktop folder. I believe the problem is that the "Show Desktop Icons" option is disabled, but I cannot figure out how to re-enable it. The option is simply not there if I right click my desktop and mouse over "arrange icons by". After some google searches, I found a web page with alternative ways to enable the "Show Desktop icon" option: http://www.winxptuto...esktopicons.htm

However, these solutions do not work for me either. The first solution involves me going to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer. However, inside explorer there is nothing called NoActiveDesktopChanges, and NoActiveDesktop is already 0. The second solution asks me to go to User Configuration>Administrative Templates>Desktop>Active Desktop. However, the only folder inside of Administrative templates is Windows Components.

So I was wondering, is there any alternative way for me to enable the "Show Desktop Icons" option? Or if the problem is that I never fully removed the virus (it was some sort of scare-ware), how can I do so? I ran various virus scanning programs in safe mode.

Thanks!

Edited by asdfq321, 29 November 2010 - 12:43 AM.

  • 0

Advertisements

#2
Macboatmaster
Posted 29 November 2010 - 07:04 AM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
Follow the advice in this link please

http://www.geekstogo...cleaning-guide/

Edited by JSntgRvr, 29 November 2010 - 09:45 PM.
Link Fixed

  • 0

#3
asdfq321
Posted 29 November 2010 - 06:42 PM

asdfq321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Your link didn't seem to work for me, I think hopefully it was telling me to go to the Malware and Spyware Cleaning Guide. I ran OTL and got this:





OTL logfile created on: 29/11/2010 7:37:06 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 366.36 Gb Free Space | 39.33% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 103.04 Gb Free Space | 11.06% Space Free | Partition Type: NTFS

Computer Name: LOVESXP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/29 19:36:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/10/27 20:57:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 20:57:16 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/25 19:16:44 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/12/15 10:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
PRC - [2009/10/11 04:17:46 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/08/17 20:20:48 | 000,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\Hamachi\hamachi.exe
PRC - [2009/04/22 14:11:32 | 001,675,776 | ---- | M] (Flagship Industries, Inc.) -- C:\Program Files (x86)\Ventrilo\Ventrilo.exe
PRC - [2008/09/16 04:09:54 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2008/06/02 18:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe


========== Modules (SafeList) ==========

MOD - [2010/11/29 19:36:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2008/09/28 23:35:20 | 000,057,856 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHookX32.dll
MOD - [2007/11/15 16:32:08 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME
MOD - [2007/02/18 07:00:00 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2007/02/18 07:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2007/02/17 00:58:24 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\mnmsrvc.exe -- (mnmsrvc)
SRV:64bit: - [2010/10/16 12:04:58 | 000,185,960 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysNative\nvsvc64.exe -- (NVSvc)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/04/18 15:25:52 | 000,659,968 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysNative\wzcsvc.dll -- (WZCSVC)
SRV:64bit: - [2009/03/19 18:42:16 | 000,227,840 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (PlugPlay)
SRV:64bit: - [2009/03/19 18:42:16 | 000,227,840 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (Eventlog)
SRV:64bit: - [2009/03/19 18:41:40 | 001,065,472 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysNative\advapi32.dll -- (Wmi)
SRV:64bit: - [2008/10/16 14:07:34 | 000,022,552 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SysNative\wuauserv.dll -- (wuauserv)
SRV:64bit: - [2008/08/27 21:34:32 | 000,399,872 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysNative\dmadmin.exe -- (dmadmin)
SRV:64bit: - [2007/12/14 04:40:18 | 000,133,120 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SysNative\smlogsvc.exe -- (SysmonLog)
SRV:64bit: - [2007/02/18 07:00:00 | 000,794,112 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - [2007/02/18 07:00:00 | 000,326,144 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysNative\xmlprov.dll -- (xmlprov)
SRV:64bit: - [2007/02/18 07:00:00 | 000,285,184 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/18 07:00:00 | 000,231,424 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SysNative\srsvc.dll -- (srservice)
SRV:64bit: - [2007/02/18 07:00:00 | 000,166,400 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysNative\SCardSvr.exe -- (SCardSvr)
SRV:64bit: - [2007/02/18 07:00:00 | 000,160,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDEdsdm)
SRV:64bit: - [2007/02/18 07:00:00 | 000,160,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDE)
SRV:64bit: - [2007/02/18 07:00:00 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SysNative\msgsvc.dll -- (Messenger)
SRV:64bit: - [2007/02/18 07:00:00 | 000,049,664 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysNative\clipsrv.exe -- (ClipSrv)
SRV:64bit: - [2007/02/18 07:00:00 | 000,037,376 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysNative\dmserver.dll -- (dmserver)
SRV:64bit: - [2007/02/18 07:00:00 | 000,034,816 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ups.exe -- (UPS)
SRV:64bit: - [2007/02/18 07:00:00 | 000,031,744 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SysNative\ersvc.dll -- (ERSvc)
SRV:64bit: - [2007/02/18 07:00:00 | 000,008,704 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SysNative\cisvc.exe -- (CiSvc)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 07:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 13:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\UltraMonMirror.sys -- (UltraMonMirror)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\pfc.sys -- (pfc)
DRV:64bit: - [2010/10/16 13:55:00 | 012,054,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nv4_mini.sys -- (nv)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/03 02:47:55 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/17 20:20:48 | 000,033,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/07/18 23:09:25 | 000,030,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV:64bit: - [2009/04/18 15:25:52 | 000,072,704 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\imapi.sys -- (imapi)
DRV:64bit: - [2009/01/08 12:46:24 | 000,246,784 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmio.sys -- (dmio)
DRV:64bit: - [2008/09/23 12:15:00 | 000,044,032 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\l1e51x64.sys -- (L1e)
DRV:64bit: - [2008/07/03 04:02:00 | 004,782,592 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RTKHDA64.SYS -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2008/01/21 12:45:00 | 000,008,192 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/11/22 15:51:28 | 000,156,672 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ipsec.sys -- (IPSec)
DRV:64bit: - [2007/10/01 05:09:26 | 000,439,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\rt73.sys -- (RT73)
DRV:64bit: - [2007/09/01 15:22:06 | 000,240,128 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV:64bit: - [2007/06/29 13:48:06 | 000,039,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2007/05/29 23:01:14 | 000,152,576 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\update.sys -- (Update)
DRV:64bit: - [2007/02/18 07:00:00 | 000,415,232 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\dmboot.sys -- (dmboot)
DRV:64bit: - [2007/02/18 07:00:00 | 000,123,904 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\sr.sys -- (Sr)
DRV:64bit: - [2007/02/18 07:00:00 | 000,106,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\psched.sys -- (PSched)
DRV:64bit: - [2007/02/18 07:00:00 | 000,106,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\atmarpc.sys -- (Atmarpc)
DRV:64bit: - [2007/02/18 07:00:00 | 000,071,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\msgpc.sys -- (Gpc)
DRV:64bit: - [2007/02/18 07:00:00 | 000,057,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys -- (Ip6Fw)
DRV:64bit: - [2007/02/18 07:00:00 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\raspti.sys -- (Raspti)
DRV:64bit: - [2007/02/18 07:00:00 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\ptilink.sys -- (Ptilink)
DRV:64bit: - [2007/02/18 07:00:00 | 000,013,312 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys -- (CdaD10BA)
DRV:64bit: - [2007/02/18 07:00:00 | 000,013,312 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys -- (CdaC15BA)
DRV:64bit: - [2007/02/18 07:00:00 | 000,009,216 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmload.sys -- (dmload)
DRV:64bit: - [2007/02/16 18:03:24 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\arp1394.sys -- (Arp1394)
DRV:64bit: - [2007/02/16 17:02:16 | 000,187,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wdmaud.sys -- (wdmaud)
DRV:64bit: - [2007/02/16 16:59:12 | 000,147,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sysaudio.sys -- (sysaudio)
DRV:64bit: - [2007/02/16 16:55:52 | 000,010,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\splitter.sys -- (splitter)
DRV:64bit: - [2005/03/24 11:24:04 | 000,064,000 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\redbook.sys -- (redbook)
DRV:64bit: - [2005/03/24 11:21:30 | 000,092,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nic1394.sys -- (NIC1394)
DRV:64bit: - [2005/03/24 11:12:02 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\audstub.sys -- (audstub)
DRV:64bit: - [2005/03/24 09:25:38 | 000,086,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\swmidi.sys -- (swmidi)
DRV:64bit: - [2005/03/24 09:20:08 | 000,204,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\kmixer.sys -- (kmixer)
DRV:64bit: - [2005/03/24 09:11:56 | 000,188,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\aec.sys -- (aec)
DRV - [2010/01/13 23:02:56 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\pfc.sys -- (pfc)
DRV - [2007/02/18 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie_rsearch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {c4d362ec-1cff-4ca0-9031-99a8fad7995a}:1.12.2010082901
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/04 00:25:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/27 20:57:18 | 000,000,000 | ---D | M]

[2009/07/18 22:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/11/28 02:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2nsdpjij.default\extensions
[2010/11/26 02:29:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2nsdpjij.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/22 16:34:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2nsdpjij.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/11 02:20:57 | 000,000,000 | ---D | M] (Configuration Mania?) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2nsdpjij.default\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
[2010/08/17 03:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2nsdpjij.default\extensions\[email protected]
[2010/11/28 02:26:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/18 22:58:24 | 000,000,000 | ---D | M] (Configuration Mania?) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}

O1 HOSTS File: ([2007/02/18 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSPY2002] C:\WINDOWS\SysNative\IME\PINTLGNT\ImScInst.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [PHIME2002A] C:\WINDOWS\SysNative\IME\TINTLGNT\TINTSETP.EXE ()
O4:64bit: - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\SysNative\IME\TINTLGNT\TINTSETP.EXE ()
O4:64bit: - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QT Lite\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files (x86)\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = C:\WINDOWS\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuFavorites = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyComputer = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyDocs = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowNetConn = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\SysNative\crypt32.dll ()
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\SysNative\cryptnet.dll ()
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\SysNative\cscdll.dll ()
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\SysNative\dimsntfy.dll ()
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\SysNative\wlnotify.dll ()
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\SysNative\wlnotify.dll ()
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\SysNative\sclgntfy.dll ()
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\SysNative\wlnotify.dll ()
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - C:\WINDOWS\SysNative\wlnotify.dll ()
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\SysNative\wlnotify.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll ()
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Realtime Soft\UltraMon\UltraMon Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 22:52:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a278e48a-7418-11de-a408-90892c91c423}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{a278e48a-7418-11de-a408-90892c91c423}\Shell\explore\Command - "" = E:\RECYCLER\INFO.exe -- File not found
O33 - MountPoints2\{a278e48a-7418-11de-a408-90892c91c423}\Shell\open\Command - "" = E:\RECYCLER\INFO.exe -- File not found
O33 - MountPoints2\{ddc2c588-dbf9-11de-a694-00248c29a362}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{ddc2c588-dbf9-11de-a694-00248c29a362}\Shell\explore\Command - "" = E:\RECYCLER\INFO.exe -- File not found
O33 - MountPoints2\{ddc2c588-dbf9-11de-a694-00248c29a362}\Shell\open\Command - "" = E:\RECYCLER\INFO.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 22:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/28 22:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/11/28 22:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/11/28 22:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/27 14:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\AudioSurf
[2010/11/22 16:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2010/11/22 16:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Youtube Archive
[2010/11/22 16:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\dwhelper
[2010/11/21 00:53:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/11/21 00:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/11/21 00:52:22 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2010/11/21 00:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/11/21 00:51:50 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/11/21 00:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/11/21 00:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/29 19:21:37 | 000,568,440 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2010/11/29 19:21:37 | 000,475,290 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2010/11/29 19:21:37 | 000,082,328 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2010/11/29 19:17:58 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
[2010/11/29 19:17:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/29 02:01:54 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/11/29 02:00:42 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop.lnk
[2010/11/29 02:00:42 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop.lnk
[2010/11/29 01:30:26 | 000,000,279 | ---- | M] () -- C:\© Local Disk.lnk
[2010/11/29 00:12:07 | 000,000,078 | ---- | M] () -- C:\Show Desktop.scf
[2010/11/28 22:23:01 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/28 16:50:26 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Win HDD.lnk
[2010/11/28 16:42:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/28 13:32:20 | 000,002,184 | ---- | M] () -- C:\WINDOWS\SysNative\wpa.dbl
[2010/11/27 14:18:46 | 000,179,712 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/26 00:03:49 | 000,440,577 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LastReplay.w3g
[2010/11/23 04:14:56 | 000,011,862 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\history letters.docx
[2010/11/21 02:30:47 | 000,000,022 | ---- | M] () -- C:\WINDOWS\SysNative\nvModes.dat
[2010/11/21 02:03:01 | 000,240,592 | ---- | M] () -- C:\WINDOWS\SysNative\nvdrsdb0.bin
[2010/11/21 02:03:01 | 000,000,001 | ---- | M] () -- C:\WINDOWS\SysNative\nvdrssel.bin
[2010/11/21 02:02:57 | 000,240,592 | ---- | M] () -- C:\WINDOWS\SysNative\nvdrsdb1.bin
[2010/11/21 00:52:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\nvdrswr.lk
[2010/11/20 20:13:09 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Curse Client.appref-ms
[2010/11/20 01:34:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/11/16 02:34:48 | 000,012,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\high2.docx
[2010/11/10 20:57:26 | 000,862,922 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\img002.jpg
[2010/11/10 20:53:40 | 000,691,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\img001.jpg
[2010/11/09 22:45:20 | 000,014,317 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\the carved table.docx
[2010/11/09 22:40:49 | 000,012,455 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The Carved Table Question 3.docx
[2010/11/09 22:02:50 | 000,011,015 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The Carved Table Quotations.docx
[2010/11/09 21:16:48 | 000,010,327 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Question 3 edit.docx
[2010/11/09 21:07:29 | 000,011,866 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\aaaaa.docx
[2010/11/08 00:32:38 | 000,017,689 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The Carved Table Question 1.docx
[2010/11/04 23:38:26 | 000,010,842 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\antibiotic resistance.docx
[2010/11/02 20:37:02 | 000,012,978 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Science Fair Procedure grade 10.docx
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/29 02:01:05 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop.lnk
[2010/11/29 02:00:42 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop
[2010/11/29 01:30:26 | 000,000,279 | ---- | C] () -- C:\© Local Disk.lnk
[2010/11/29 00:12:03 | 000,000,078 | ---- | C] () -- C:\Show Desktop.scf
[2010/11/28 22:23:01 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/28 16:50:26 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Win HDD.lnk
[2010/11/23 00:29:32 | 000,011,862 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\history letters.docx
[2010/11/21 02:30:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SysNative\nvModes.dat
[2010/11/21 00:52:34 | 000,240,592 | ---- | C] () -- C:\WINDOWS\SysNative\nvdrsdb0.bin
[2010/11/21 00:52:31 | 000,240,592 | ---- | C] () -- C:\WINDOWS\SysNative\nvdrsdb1.bin
[2010/11/21 00:52:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\SysNative\nvdrssel.bin
[2010/11/21 00:52:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysNative\nvdrswr.lk
[2010/11/21 00:52:25 | 002,255,872 | ---- | C] () -- C:\WINDOWS\SysNative\nvapi64.dll
[2010/11/21 00:52:22 | 018,590,720 | ---- | C] () -- C:\WINDOWS\SysNative\nvcompiler.dll
[2010/11/21 00:52:22 | 002,934,888 | ---- | C] () -- C:\WINDOWS\SysNative\nvcuvenc.dll
[2010/11/21 00:52:22 | 001,500,264 | ---- | C] () -- C:\WINDOWS\SysNative\nvdispco64.dll
[2010/11/21 00:52:22 | 001,308,776 | ---- | C] () -- C:\WINDOWS\SysNative\nvgenco64.dll
[2010/11/21 00:52:22 | 000,061,952 | ---- | C] () -- C:\WINDOWS\SysNative\OpenCL.dll
[2010/11/21 00:52:22 | 000,004,631 | ---- | C] () -- C:\WINDOWS\SysNative\nvinfo.pb
[2010/11/20 01:34:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/11/10 20:59:38 | 000,862,922 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\img002.jpg
[2010/11/10 20:59:36 | 000,691,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\img001.jpg
[2010/11/09 22:41:37 | 000,014,317 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\the carved table.docx
[2010/11/09 21:07:38 | 000,010,327 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Question 3 edit.docx
[2010/11/09 20:04:17 | 000,011,866 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\aaaaa.docx
[2010/11/09 19:25:17 | 000,011,015 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The Carved Table Quotations.docx
[2010/11/08 00:33:12 | 000,012,455 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The Carved Table Question 3.docx
[2010/11/07 20:28:24 | 000,017,689 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The Carved Table Question 1.docx
[2010/11/04 20:47:09 | 000,010,842 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\antibiotic resistance.docx
[2010/11/02 18:55:38 | 000,012,978 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Science Fair Procedure grade 10.docx
[2010/07/22 00:19:23 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Profile1.dat
[2010/03/23 20:25:41 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Profile0.dat
[2010/02/26 17:32:10 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\RSBot Accounts.ini
[2010/02/03 20:56:24 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
[2010/01/26 02:47:36 | 000,953,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2009/10/04 02:31:19 | 000,000,293 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2009/09/27 21:49:58 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2009/09/14 17:53:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/07 01:48:39 | 000,179,712 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/21 21:01:45 | 000,565,412 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009/07/22 20:45:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/21 15:45:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/07/19 00:37:59 | 000,000,268 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/19 00:28:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/18 23:36:48 | 000,024,576 | R--- | C] () -- C:\WINDOWS\SysWow64\AsIO.dll
[2009/07/18 23:36:48 | 000,014,392 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2009/07/18 23:36:46 | 000,011,832 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2009/07/18 23:36:46 | 000,010,216 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp32.sys
[2009/07/18 23:19:29 | 000,030,410 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/07/18 23:16:20 | 000,029,952 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/07/18 23:16:20 | 000,010,296 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2009/07/18 23:12:12 | 000,715,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2009/04/18 15:20:29 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2009/03/18 15:56:22 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/12/21 04:40:54 | 001,274,880 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/07/19 11:50:12 | 000,104,520 | ---- | C] () -- C:\WINDOWS\SysWow64\OSD.dll
[2007/02/18 07:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 07:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 07:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 07:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 07:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 07:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 07:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 07:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 07:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 07:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 07:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 07:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 07:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 07:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 07:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2006/08/22 03:05:26 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\SysWow64\OUTLPERF.INI
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\SysWow64\UNACEV2.DLL

========== LOP Check ==========

[2010/01/13 23:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2010/11/19 02:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bioshock
[2010/03/15 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bioshock2
[2009/09/29 21:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CopyTrans
[2010/01/04 00:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009/09/29 21:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iPod Copy Expert
[2009/12/17 21:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/09/30 20:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Kawa
[2010/06/08 22:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Regensoft
[2009/09/29 22:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SharePod
[2010/11/21 00:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/11/29 19:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/11/28 22:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/01/03 02:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/21 01:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2009/12/10 22:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/03 01:26:25 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#4
Macboatmaster
Posted 29 November 2010 - 08:22 PM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
You need to go to the Malware forum, click on that forum and on the top heading you will see Begin here.
That was the link and there is nothing wrong with it at this end.
Only certfied advisors can deal with this matter.
When you get to the forum I have indicated you will se the advice to follow the self help etc.

I have actually now asked for your post to be moved from this forum, now you have posted the OTL.

Please be patient, they are very busy in that forum.

Good luck.,
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP