Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows XP won't start.


  • This topic is locked This topic is locked

#16
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi,

Edit: Also the working one doesn't seem to be able to use most my programs previously downloaded on the old windows XP... Stuff like itune and msn messenger etc.


This is because you have two windows installed on the machine. They are separate and independent.

The programs installed on the old windows installation will not work on the new windows. You need to reinstall the downloaded programs again on the new windows.

I want to know something. I have 2 windows XP installed on this compuer. 1 that works and that doesn't work. Will using the 1 that works fix the one that does not work?


If you're happy with the new windows, then there is no need for the non-working windows and we could wipe it entirely. Tell me what you decide on. :D
  • 0

Advertisements


#17
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Hi,

Edit: Also the working one doesn't seem to be able to use most my programs previously downloaded on the old windows XP... Stuff like itune and msn messenger etc.


This is because you have two windows installed on the machine. They are separate and independent.

The programs installed on the old windows installation will not work on the new windows. You need to reinstall the downloaded programs again on the new windows.

I want to know something. I have 2 windows XP installed on this compuer. 1 that works and that doesn't work. Will using the 1 that works fix the one that does not work?


If you're happy with the new windows, then there is no need for the non-working windows and we could wipe it entirely. Tell me what you decide on. :D


I want to try and fix it first. I managed to save the most important files however there are still some valuable files that will be lost. I wish to save them if I can

Edited by iHateHitmanPro, 01 January 2011 - 03:58 AM.

  • 0

#18
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL logfile created on: 1/1/2011 4:46:15 AM - Run 1
OTL by OldTimer - Version 3.2.19.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 81.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS\SYSTEM32\EXPLORER.EXE | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 13.41 Gb Free Space | 27.46% Space Free | Partition Type: NTFS
Drive D: | 104.55 Gb Total Space | 57.80 Gb Free Space | 55.29% Space Free | Partition Type: NTFS
Drive E: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WORKSTATION | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\EXPLORER.EXE\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\hidserv.dll File not found


========== Driver Services (SafeList) ==========

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\EXPLORER.EXE\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\EXPLORER.EXE\system32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm






IE - HKU\S-1-5-21-854245398-343818398-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\EXPLORER.EXE\system32\blank.htm
IE - HKU\S-1-5-21-854245398-343818398-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/04/14 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\EXPLORER.EXE\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-343818398-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\system32\EXPLORER.EXE\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\system32\EXPLORER.EXE\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/29 21:45:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/01/24 03:37:24 | 000,120,128 | -H-- | M] () - D:\Autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 03:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\EXPLORER.EXE\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\EXPLORER.EXE\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ir50_32.dll (Intel Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\SYSTEM32\EXPLORER.EXE\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\SYSTEM32\EXPLORER.EXE\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/01/01 04:44:20 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/01 03:15:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2010/12/31 19:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\OGPlanet Games
[2010/12/31 18:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Application Data\Hitman Pro
[2010/12/31 18:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/12/31 18:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/12/31 18:02:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/12/31 18:02:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/12/31 18:02:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/12/31 18:02:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/12/31 18:02:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/12/31 18:02:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/12/31 18:02:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/12/31 18:02:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2010/12/31 18:02:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/12/31 18:02:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/12/31 18:02:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/12/31 18:02:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2010/12/31 18:02:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/12/31 18:02:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/12/31 18:02:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/12/31 18:02:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/12/31 18:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/12/31 18:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/12/31 18:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\SoftwareDistribution
[2010/12/31 18:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Prefetch
[2010/12/31 18:02:03 | 000,000,000 | --SD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\Microsoft
[2010/12/31 18:00:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\rwia330.dll
[2010/12/31 18:00:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\rwia001.dll
[2010/12/31 17:59:59 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\rw330ext.dll
[2010/12/31 17:58:38 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\cap7146.sys
[2010/12/31 17:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\xircom
[2010/12/31 17:56:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\DRM
[2010/12/31 17:55:54 | 000,000,000 | --SD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Downloaded Program Files
[2010/12/31 17:55:54 | 000,000,000 | R--D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Offline Web Pages
[2010/12/31 17:55:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\DirectX
[2010/12/31 17:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/12/31 17:54:48 | 000,000,000 | --SD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Tasks
[2010/12/31 17:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/12/31 17:54:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\srchasst
[2010/12/31 17:54:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\Macromed
[2010/12/31 17:54:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\Restore
[2010/12/31 17:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/12/31 17:53:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Documents\My Pictures
[2010/12/31 17:53:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Start Menu\Programs\Games
[2010/12/31 17:52:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Start Menu\Programs\Administrative Tools
[2010/12/31 17:52:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Registration
[2010/12/31 17:52:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Documents\My Music
[2010/12/31 17:51:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\en-US
[2010/12/31 17:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\MsDtc
[2010/12/31 17:51:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\Com
[2010/12/31 17:50:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Documents\My Videos
[2010/12/31 17:50:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Start Menu\Programs\Accessories
[2010/12/31 09:43:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Installer
[2010/12/31 09:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/12/31 09:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/12/31 09:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/12/31 09:29:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Start Menu\Programs\Startup
[2010/12/31 09:29:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Start Menu
[2010/12/31 09:29:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Documents
[2010/12/31 09:29:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Templates
[2010/12/31 09:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Favorites
[2010/12/31 09:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Desktop
[2010/12/31 09:18:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\CatRoot2
[2010/12/31 09:18:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\CatRoot
[2010/12/31 09:18:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Application Data\Microsoft
[2010/12/31 09:18:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Application Data
[2010/12/31 09:10:46 | 000,000,000 | ---D | C] -- C:\DRIVERS
[2010/12/31 09:04:34 | 000,000,000 | R-SD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Fonts
[2010/12/31 09:04:34 | 000,000,000 | RHSD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache
[2010/12/31 09:04:34 | 000,000,000 | R--D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Web
[2010/12/31 09:04:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\inf
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\WinSxS
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\wins
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\wbem
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\usmt
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\twain_32
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Temp
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\system32
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\system
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\spool
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ShellExt
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\Setup
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\security
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\scripting
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Resources
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\repair
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ras
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Provisioning
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\PeerNet
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\pchealth
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\oobe
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\npp
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Network Diagnostic
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\mui
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\mui
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\msapps
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\msagent
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Media
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\L2Schemas
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\java
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\inetsrv
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\IME
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\ime
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\icsxml
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ias
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Help
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\export
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\drivers\etc
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\en
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\ehome
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\drivers
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Driver Cache
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\drivers\disdn
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dhcp
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Debug
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Cursors
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Connection Wizard
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\config
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Config
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\AppPatch
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\addins
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\3com_dmi
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\3076
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\2052
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1054
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1042
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1041
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1037
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1033
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1031
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1028
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1025
[2010/12/30 14:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/12/29 03:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[3 C:\WINDOWS\SYSTEM32\EXPLORER.EXE\*.tmp files -> C:\WINDOWS\SYSTEM32\EXPLORER.EXE\*.tmp -> ]
[1 C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\*.tmp files -> C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/01 04:44:32 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/01 04:41:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\bootstat.dat
[2011/01/01 03:15:46 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\scantxt.zip
[2010/12/31 18:33:31 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 18:12:02 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/31 18:04:06 | 000,311,934 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\perfh009.dat
[2010/12/31 18:04:06 | 000,040,196 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\perfc009.dat
[2010/12/31 18:02:53 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/31 18:02:52 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/31 18:02:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\wpa.dbl
[2010/12/31 18:02:00 | 000,008,192 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\REGLOCS.OLD
[2010/12/31 18:01:43 | 000,090,296 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\FNTCACHE.DAT
[2010/12/31 18:00:52 | 000,000,640 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\$winnt$.inf
[2010/12/31 17:57:30 | 000,002,577 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\CONFIG.NT
[2010/12/31 17:57:20 | 000,316,640 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\WMSysPr9.prx
[2010/12/31 17:57:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\nscompat.tlb
[2010/12/31 17:57:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\amcompat.tlb
[2010/12/31 17:57:05 | 000,005,129 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\ODBCINST.INI
[2010/12/31 17:53:13 | 000,021,640 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\emptyregdb.dat
[2010/12/31 17:49:44 | 000,000,437 | -HS- | M] () -- C:\boot.ini
[2010/12/31 09:43:44 | 000,004,492 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\pid.PNF
[3 C:\WINDOWS\SYSTEM32\EXPLORER.EXE\*.tmp files -> C:\WINDOWS\SYSTEM32\EXPLORER.EXE\*.tmp -> ]
[1 C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\*.tmp files -> C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/01 03:15:29 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\scantxt.zip
[2010/12/31 18:33:23 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 18:12:02 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/31 18:02:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/31 18:02:41 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/31 18:02:00 | 000,008,192 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\REGLOCS.OLD
[2010/12/31 18:00:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\bootstat.dat
[2010/12/31 17:59:52 | 000,175,104 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\pintlcsa.dll
[2010/12/31 17:59:29 | 001,158,818 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\korwbrkr.lex
[2010/12/31 17:59:20 | 000,059,392 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\imscinst.exe
[2010/12/31 17:59:19 | 000,196,665 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\imjpinst.exe
[2010/12/31 17:59:17 | 000,134,339 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\imekr.lex
[2010/12/31 17:59:07 | 013,463,552 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\hwxjpn.dll
[2010/12/31 17:59:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\hanja.lex
[2010/12/31 17:58:55 | 000,094,208 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\fpencode.dll
[2010/12/31 17:58:41 | 000,173,568 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\chtskf.dll
[2010/12/31 17:57:30 | 000,002,577 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\CONFIG.NT
[2010/12/31 17:57:20 | 000,023,392 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\nscompat.tlb
[2010/12/31 17:57:20 | 000,016,832 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\amcompat.tlb
[2010/12/31 17:57:18 | 000,316,640 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\WMSysPr9.prx
[2010/12/31 17:55:23 | 004,399,505 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\nls302en.lex
[2010/12/31 17:55:01 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\winnt256.bmp
[2010/12/31 17:55:01 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\winnt.bmp
[2010/12/31 17:54:54 | 000,000,984 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\srframe.mmf
[2010/12/31 17:54:08 | 000,376,832 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\msinfo.dll
[2010/12/31 17:53:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\emptyregdb.dat
[2010/12/31 17:52:12 | 000,065,954 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Prairie Wind.bmp
[2010/12/31 17:52:12 | 000,065,832 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Santa Fe Stucco.bmp
[2010/12/31 17:52:12 | 000,026,680 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\River Sumida.bmp
[2010/12/31 17:52:12 | 000,026,582 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Greenstone.bmp
[2010/12/31 17:52:12 | 000,017,362 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Rhododendron.bmp
[2010/12/31 17:52:12 | 000,009,522 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Zapotec.bmp
[2010/12/31 17:52:11 | 000,065,978 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Soap Bubbles.bmp
[2010/12/31 17:52:11 | 000,017,336 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Gone Fishing.bmp
[2010/12/31 17:52:11 | 000,017,062 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Coffee Bean.bmp
[2010/12/31 17:52:11 | 000,016,730 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\FeatherTexture.bmp
[2010/12/31 17:52:11 | 000,001,272 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Blue Lace 16.bmp
[2010/12/31 17:52:08 | 000,003,286 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\tslabels.h
[2010/12/31 17:52:08 | 000,001,161 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\usrlogon.cmd
[2010/12/31 17:52:06 | 000,000,768 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\msdtcprf.h
[2010/12/31 17:51:58 | 000,063,488 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\wmimgmt.msc
[2010/12/31 09:43:44 | 000,004,492 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\pid.PNF
[2010/12/31 09:43:37 | 000,005,129 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\ODBCINST.INI
[2010/12/31 09:42:53 | 001,685,606 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\sam.spd
[2010/12/31 09:42:53 | 000,000,888 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\sam.sdf
[2010/12/31 09:42:52 | 000,643,717 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\ltts1033.lxa
[2010/12/31 09:42:52 | 000,605,050 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\r1033tts.lxa
[2010/12/31 09:29:32 | 000,001,688 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\AUTOEXEC.NT
[2010/12/31 09:27:20 | 000,797,189 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\NT5IIS.CAT
[2010/12/31 09:27:20 | 000,399,645 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\MAPIMIG.CAT
[2010/12/31 09:27:20 | 000,144,484 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\netfx.cat
[2010/12/31 09:27:20 | 000,112,918 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\tabletpc.cat
[2010/12/31 09:27:20 | 000,037,484 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\MW770.CAT
[2010/12/31 09:27:20 | 000,034,747 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\mediactr.cat
[2010/12/31 09:27:20 | 000,034,063 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\FP4.CAT
[2010/12/31 09:27:20 | 000,026,991 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\msn7.cat
[2010/12/31 09:27:20 | 000,016,535 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\IMS.CAT
[2010/12/31 09:27:20 | 000,014,433 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\msn9.cat
[2010/12/31 09:27:20 | 000,013,472 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\HPCRDP.CAT
[2010/12/31 09:27:20 | 000,012,363 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\MSMSGS.CAT
[2010/12/31 09:27:20 | 000,010,027 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\MSTSWEB.CAT
[2010/12/31 09:27:20 | 000,008,574 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\IASNT4.CAT
[2010/12/31 09:27:20 | 000,007,382 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\OEMBIOS.CAT
[2010/12/31 09:27:20 | 000,007,334 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\wmerrenu.cat
[2010/12/31 09:27:19 | 002,144,487 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\NT5.CAT
[2010/12/31 09:27:19 | 001,296,669 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\SP3.CAT
[2010/12/31 09:27:19 | 000,522,220 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\NT5INF.CAT
[2010/12/31 09:11:39 | 000,090,296 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\FNTCACHE.DAT
[2010/12/31 09:10:51 | 000,000,640 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\$winnt$.inf
[2009/06/05 20:36:50 | 000,000,164 | ---- | C] () -- C:\Program Files\result.txt

========== LOP Check ==========

[2010/05/05 22:43:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\835f5d8
[2009/03/18 20:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2010/05/09 04:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grasssoft
[2010/12/30 20:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/05 18:40:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSGWSQE
[2010/05/06 22:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/28 22:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/08/18 06:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/10 21:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/31 18:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Application Data\Hitman Pro
[2010/08/06 13:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Audacity
[2009/03/18 20:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Bell
[2009/05/17 07:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\GetRightToGo
[2010/05/08 20:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Grasssoft
[2010/12/27 22:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\gtk-2.0
[2010/10/03 21:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\LimeWire
[2008/02/04 09:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\MSNInstaller
[2009/09/07 12:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Steinberg
[2010/02/02 18:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\TeamViewer
[2009/04/05 15:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Ulead Systems
[2009/05/20 18:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Uniblue
[2010/12/29 15:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\vwg1mdnwiekdyjhulloyyclswvoc3qx2
[2010/12/29 15:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\xssend2
[2010/12/29 18:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\xssenddqrikj3npwr33awzqw2vgnbdtljkbav
[2010/12/29 15:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\xssenddztdgqcsbra112aodnhvmv1xku3gug3
[2010/12/29 15:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\xssendtxppcqedr2htpw3edzxoxiw2ic113ej

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >




OTL Extras logfile created on: 1/1/2011 4:46:15 AM - Run 1
OTL by OldTimer - Version 3.2.19.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 81.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS\SYSTEM32\EXPLORER.EXE | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 13.41 Gb Free Space | 27.46% Space Free | Partition Type: NTFS
Drive D: | 104.55 Gb Total Space | 57.80 Gb Free Space | 55.29% Space Free | Partition Type: NTFS
Drive E: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WORKSTATION | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 1/1/2011 8:47:29 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:29 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:37 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:46 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:51 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:55 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:59 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:49:16 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:49:20 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:49:25 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.


< End of report >
  • 0

#19
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL logfile created on: 1/1/2011 4:46:15 AM - Run 1
OTL by OldTimer - Version 3.2.19.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 81.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS\SYSTEM32\EXPLORER.EXE | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 13.41 Gb Free Space | 27.46% Space Free | Partition Type: NTFS
Drive D: | 104.55 Gb Total Space | 57.80 Gb Free Space | 55.29% Space Free | Partition Type: NTFS
Drive E: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WORKSTATION | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\EXPLORER.EXE\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\hidserv.dll File not found


========== Driver Services (SafeList) ==========

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\EXPLORER.EXE\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\EXPLORER.EXE\system32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm






IE - HKU\S-1-5-21-854245398-343818398-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\EXPLORER.EXE\system32\blank.htm
IE - HKU\S-1-5-21-854245398-343818398-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/04/14 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\EXPLORER.EXE\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-343818398-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\system32\EXPLORER.EXE\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\system32\EXPLORER.EXE\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/29 21:45:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/01/24 03:37:24 | 000,120,128 | -H-- | M] () - D:\Autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 03:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\EXPLORER.EXE\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\EXPLORER.EXE\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ir50_32.dll (Intel Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\SYSTEM32\EXPLORER.EXE\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\SYSTEM32\EXPLORER.EXE\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\SYSTEM32\EXPLORER.EXE\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/01/01 04:44:20 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/01 03:15:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2010/12/31 19:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\OGPlanet Games
[2010/12/31 18:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Application Data\Hitman Pro
[2010/12/31 18:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/12/31 18:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/12/31 18:02:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/12/31 18:02:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/12/31 18:02:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/12/31 18:02:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/12/31 18:02:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/12/31 18:02:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/12/31 18:02:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/12/31 18:02:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2010/12/31 18:02:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/12/31 18:02:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/12/31 18:02:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/12/31 18:02:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2010/12/31 18:02:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/12/31 18:02:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/12/31 18:02:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/12/31 18:02:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/12/31 18:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/12/31 18:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/12/31 18:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\SoftwareDistribution
[2010/12/31 18:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Prefetch
[2010/12/31 18:02:03 | 000,000,000 | --SD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\Microsoft
[2010/12/31 18:00:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\rwia330.dll
[2010/12/31 18:00:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\rwia001.dll
[2010/12/31 17:59:59 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\rw330ext.dll
[2010/12/31 17:58:38 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\cap7146.sys
[2010/12/31 17:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\xircom
[2010/12/31 17:56:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\DRM
[2010/12/31 17:55:54 | 000,000,000 | --SD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Downloaded Program Files
[2010/12/31 17:55:54 | 000,000,000 | R--D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Offline Web Pages
[2010/12/31 17:55:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\DirectX
[2010/12/31 17:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/12/31 17:54:48 | 000,000,000 | --SD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Tasks
[2010/12/31 17:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/12/31 17:54:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\srchasst
[2010/12/31 17:54:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\Macromed
[2010/12/31 17:54:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\Restore
[2010/12/31 17:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/12/31 17:53:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Documents\My Pictures
[2010/12/31 17:53:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Start Menu\Programs\Games
[2010/12/31 17:52:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Start Menu\Programs\Administrative Tools
[2010/12/31 17:52:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Registration
[2010/12/31 17:52:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Documents\My Music
[2010/12/31 17:51:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\en-US
[2010/12/31 17:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\MsDtc
[2010/12/31 17:51:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\Com
[2010/12/31 17:50:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Documents\My Videos
[2010/12/31 17:50:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Start Menu\Programs\Accessories
[2010/12/31 09:43:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Installer
[2010/12/31 09:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/12/31 09:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/12/31 09:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/12/31 09:29:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Start Menu\Programs\Startup
[2010/12/31 09:29:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Start Menu
[2010/12/31 09:29:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Documents
[2010/12/31 09:29:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Templates
[2010/12/31 09:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Favorites
[2010/12/31 09:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Desktop
[2010/12/31 09:18:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\CatRoot2
[2010/12/31 09:18:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\CatRoot
[2010/12/31 09:18:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Application Data\Microsoft
[2010/12/31 09:18:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Application Data
[2010/12/31 09:10:46 | 000,000,000 | ---D | C] -- C:\DRIVERS
[2010/12/31 09:04:34 | 000,000,000 | R-SD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Fonts
[2010/12/31 09:04:34 | 000,000,000 | RHSD | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache
[2010/12/31 09:04:34 | 000,000,000 | R--D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Web
[2010/12/31 09:04:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\inf
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\WinSxS
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\wins
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\wbem
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\usmt
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\twain_32
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Temp
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\system32
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\system
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\spool
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ShellExt
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\Setup
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\security
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\scripting
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Resources
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\repair
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ras
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Provisioning
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\PeerNet
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\pchealth
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\oobe
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\npp
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Network Diagnostic
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\mui
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\mui
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\msapps
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\msagent
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Media
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\L2Schemas
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\java
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\inetsrv
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\IME
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\ime
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\icsxml
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\ias
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Help
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\export
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\drivers\etc
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\en
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\ehome
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\drivers
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Driver Cache
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\drivers\disdn
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dhcp
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Debug
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Cursors
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Connection Wizard
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\config
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Config
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\AppPatch
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\addins
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\3com_dmi
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\3076
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\2052
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1054
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1042
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1041
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1037
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1033
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1031
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1028
[2010/12/31 09:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\1025
[2010/12/30 14:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/12/29 03:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[3 C:\WINDOWS\SYSTEM32\EXPLORER.EXE\*.tmp files -> C:\WINDOWS\SYSTEM32\EXPLORER.EXE\*.tmp -> ]
[1 C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\*.tmp files -> C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/01 04:44:32 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/01 04:41:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\bootstat.dat
[2011/01/01 03:15:46 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\scantxt.zip
[2010/12/31 18:33:31 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 18:12:02 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/31 18:04:06 | 000,311,934 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\perfh009.dat
[2010/12/31 18:04:06 | 000,040,196 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\perfc009.dat
[2010/12/31 18:02:53 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/31 18:02:52 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/31 18:02:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\wpa.dbl
[2010/12/31 18:02:00 | 000,008,192 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\REGLOCS.OLD
[2010/12/31 18:01:43 | 000,090,296 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\FNTCACHE.DAT
[2010/12/31 18:00:52 | 000,000,640 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\$winnt$.inf
[2010/12/31 17:57:30 | 000,002,577 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\CONFIG.NT
[2010/12/31 17:57:20 | 000,316,640 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\WMSysPr9.prx
[2010/12/31 17:57:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\nscompat.tlb
[2010/12/31 17:57:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\amcompat.tlb
[2010/12/31 17:57:05 | 000,005,129 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\ODBCINST.INI
[2010/12/31 17:53:13 | 000,021,640 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\emptyregdb.dat
[2010/12/31 17:49:44 | 000,000,437 | -HS- | M] () -- C:\boot.ini
[2010/12/31 09:43:44 | 000,004,492 | ---- | M] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\pid.PNF
[3 C:\WINDOWS\SYSTEM32\EXPLORER.EXE\*.tmp files -> C:\WINDOWS\SYSTEM32\EXPLORER.EXE\*.tmp -> ]
[1 C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\*.tmp files -> C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/01 03:15:29 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\scantxt.zip
[2010/12/31 18:33:23 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 18:12:02 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/31 18:02:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/31 18:02:41 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/31 18:02:00 | 000,008,192 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\REGLOCS.OLD
[2010/12/31 18:00:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\bootstat.dat
[2010/12/31 17:59:52 | 000,175,104 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\pintlcsa.dll
[2010/12/31 17:59:29 | 001,158,818 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\korwbrkr.lex
[2010/12/31 17:59:20 | 000,059,392 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\imscinst.exe
[2010/12/31 17:59:19 | 000,196,665 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\imjpinst.exe
[2010/12/31 17:59:17 | 000,134,339 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\imekr.lex
[2010/12/31 17:59:07 | 013,463,552 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\hwxjpn.dll
[2010/12/31 17:59:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\hanja.lex
[2010/12/31 17:58:55 | 000,094,208 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\fpencode.dll
[2010/12/31 17:58:41 | 000,173,568 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\chtskf.dll
[2010/12/31 17:57:30 | 000,002,577 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\CONFIG.NT
[2010/12/31 17:57:20 | 000,023,392 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\nscompat.tlb
[2010/12/31 17:57:20 | 000,016,832 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\amcompat.tlb
[2010/12/31 17:57:18 | 000,316,640 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\WMSysPr9.prx
[2010/12/31 17:55:23 | 004,399,505 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\nls302en.lex
[2010/12/31 17:55:01 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\winnt256.bmp
[2010/12/31 17:55:01 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\winnt.bmp
[2010/12/31 17:54:54 | 000,000,984 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\srframe.mmf
[2010/12/31 17:54:08 | 000,376,832 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\msinfo.dll
[2010/12/31 17:53:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\emptyregdb.dat
[2010/12/31 17:52:12 | 000,065,954 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Prairie Wind.bmp
[2010/12/31 17:52:12 | 000,065,832 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Santa Fe Stucco.bmp
[2010/12/31 17:52:12 | 000,026,680 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\River Sumida.bmp
[2010/12/31 17:52:12 | 000,026,582 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Greenstone.bmp
[2010/12/31 17:52:12 | 000,017,362 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Rhododendron.bmp
[2010/12/31 17:52:12 | 000,009,522 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Zapotec.bmp
[2010/12/31 17:52:11 | 000,065,978 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Soap Bubbles.bmp
[2010/12/31 17:52:11 | 000,017,336 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Gone Fishing.bmp
[2010/12/31 17:52:11 | 000,017,062 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Coffee Bean.bmp
[2010/12/31 17:52:11 | 000,016,730 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\FeatherTexture.bmp
[2010/12/31 17:52:11 | 000,001,272 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\Blue Lace 16.bmp
[2010/12/31 17:52:08 | 000,003,286 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\tslabels.h
[2010/12/31 17:52:08 | 000,001,161 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\usrlogon.cmd
[2010/12/31 17:52:06 | 000,000,768 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\msdtcprf.h
[2010/12/31 17:51:58 | 000,063,488 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\wmimgmt.msc
[2010/12/31 09:43:44 | 000,004,492 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\pid.PNF
[2010/12/31 09:43:37 | 000,005,129 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\ODBCINST.INI
[2010/12/31 09:42:53 | 001,685,606 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\sam.spd
[2010/12/31 09:42:53 | 000,000,888 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\sam.sdf
[2010/12/31 09:42:52 | 000,643,717 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\ltts1033.lxa
[2010/12/31 09:42:52 | 000,605,050 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\r1033tts.lxa
[2010/12/31 09:29:32 | 000,001,688 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\AUTOEXEC.NT
[2010/12/31 09:27:20 | 000,797,189 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\NT5IIS.CAT
[2010/12/31 09:27:20 | 000,399,645 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\MAPIMIG.CAT
[2010/12/31 09:27:20 | 000,144,484 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\netfx.cat
[2010/12/31 09:27:20 | 000,112,918 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\tabletpc.cat
[2010/12/31 09:27:20 | 000,037,484 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\MW770.CAT
[2010/12/31 09:27:20 | 000,034,747 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\mediactr.cat
[2010/12/31 09:27:20 | 000,034,063 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\FP4.CAT
[2010/12/31 09:27:20 | 000,026,991 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\msn7.cat
[2010/12/31 09:27:20 | 000,016,535 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\IMS.CAT
[2010/12/31 09:27:20 | 000,014,433 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\msn9.cat
[2010/12/31 09:27:20 | 000,013,472 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\HPCRDP.CAT
[2010/12/31 09:27:20 | 000,012,363 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\MSMSGS.CAT
[2010/12/31 09:27:20 | 000,010,027 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\MSTSWEB.CAT
[2010/12/31 09:27:20 | 000,008,574 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\IASNT4.CAT
[2010/12/31 09:27:20 | 000,007,382 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\OEMBIOS.CAT
[2010/12/31 09:27:20 | 000,007,334 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\wmerrenu.cat
[2010/12/31 09:27:19 | 002,144,487 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\NT5.CAT
[2010/12/31 09:27:19 | 001,296,669 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\SP3.CAT
[2010/12/31 09:27:19 | 000,522,220 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\dllcache\NT5INF.CAT
[2010/12/31 09:11:39 | 000,090,296 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\FNTCACHE.DAT
[2010/12/31 09:10:51 | 000,000,640 | ---- | C] () -- C:\WINDOWS\SYSTEM32\EXPLORER.EXE\System32\$winnt$.inf
[2009/06/05 20:36:50 | 000,000,164 | ---- | C] () -- C:\Program Files\result.txt

========== LOP Check ==========

[2010/05/05 22:43:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\835f5d8
[2009/03/18 20:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2010/05/09 04:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grasssoft
[2010/12/30 20:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/05 18:40:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSGWSQE
[2010/05/06 22:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/28 22:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/08/18 06:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/10 21:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/31 18:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.EXPLORER.EXE\Application Data\Hitman Pro
[2010/08/06 13:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Audacity
[2009/03/18 20:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Bell
[2009/05/17 07:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\GetRightToGo
[2010/05/08 20:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Grasssoft
[2010/12/27 22:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\gtk-2.0
[2010/10/03 21:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\LimeWire
[2008/02/04 09:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\MSNInstaller
[2009/09/07 12:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Steinberg
[2010/02/02 18:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\TeamViewer
[2009/04/05 15:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Ulead Systems
[2009/05/20 18:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\Uniblue
[2010/12/29 15:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\vwg1mdnwiekdyjhulloyyclswvoc3qx2
[2010/12/29 15:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\xssend2
[2010/12/29 18:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\xssenddqrikj3npwr33awzqw2vgnbdtljkbav
[2010/12/29 15:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\xssenddztdgqcsbra112aodnhvmv1xku3gug3
[2010/12/29 15:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karvin\Application Data\xssendtxppcqedr2htpw3edzxoxiw2ic113ej

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >




OTL Extras logfile created on: 1/1/2011 4:46:15 AM - Run 1
OTL by OldTimer - Version 3.2.19.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 81.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS\SYSTEM32\EXPLORER.EXE | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 13.41 Gb Free Space | 27.46% Space Free | Partition Type: NTFS
Drive D: | 104.55 Gb Total Space | 57.80 Gb Free Space | 55.29% Space Free | Partition Type: NTFS
Drive E: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WORKSTATION | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 1/1/2011 8:47:29 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:29 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:37 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:46 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:51 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:55 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:48:59 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:49:16 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:49:20 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/1/2011 8:49:25 AM | Computer Name = WORKSTATION | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.


< End of report >
  • 0

#20
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Lol sorry double post.
  • 0

#21
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi,

Please follow my first instructions in post #2 (use the USB stick or CD whichever one is working). Don't worry I'll walk you through every step of the way.

Please refrain from using this new windows as it not your legal copy. :D
  • 0

#22
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Hi,

Please follow my first instructions in post #2 (use the USB stick or CD whichever one is working). Don't worry I'll walk you through every step of the way.

Please refrain from using this new windows as it not your legal copy. :D


Oh ok, I had no idea. I plan on deleting it once I get the first windows fixed. However, I don't know if the first one a legal copy because I got this computer from my uncle and I don't know where he got it... and I fear it will prevent me from fixing it ;) I'm really scared now...

I'm also stuck on step #11. I can't seem to find the scantxt in my usb :/
  • 0

#23
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts

I'm also stuck on step #11. I can't seem to find the scantxt in my usb :/


Ok, here it is. Attached File  Scan.txt   501bytes   116 downloads

Download and put it in a folder that you can find easily, i.e., c:\
  • 0

#24
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I managed to run scan but then I got Blue screen...
  • 0

#25
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
What does the blue screen says. Could you try it again.
  • 0

Advertisements


#26
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I think I will just whipe out everything and do a fresh start. I have no idea how though
  • 0

#27
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

What does the blue screen says. Could you try it again.


I dont really remember. It said something like unexpected error occured and windows shutted down to prevent damage on my computer.

I will try again
  • 0

#28
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
My computer froze trying torun the cd... I will try again later. I'm tired right now and will head to bed. Thanks a lot for trying to help and happy new year :D
  • 0

#29
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi, I give up... I decided I want to format and delete everything
  • 0

#30
iHateHitmanPro

iHateHitmanPro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
by the way, after I got the blue screen dvd/cd-room thing stopped working properly. My pc won't load any cdwhat do I do?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP