Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MS Removal Tool won't stop


  • This topic is locked This topic is locked

#1
sliapis

sliapis

    Member

  • Member
  • PipPip
  • 37 posts
My computer has some kind of virus on it and something called the MS Removal Tool keeps trying to scan and force me to buy some software to remove it. It seems like a hoax. The problem is I can't even access my malware or any other programs on my computer now b/c the removal tool keep blocking everything. Can someone please help me get rid of whatever is going on?

I'm working on my desktop but the infection is in my laptop
Operating system: Windows XP

The warnings I am getting are:

"Warning application cannot be executed. The file tfswctrl.exe is infected please activate software"
and
"warning windows detected spyware infection"

Edited by sliapis, 26 March 2011 - 01:27 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what you have first. If at any time you need to reboot before I prepare your fix you will need to rerun roguekiller option 1 again

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP
    CREATERESTOREPOINT
    SAVEMBR:0

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

FINALLY

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
sliapis

sliapis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I think it's fixed. I ran the roguekiller and for some reason that stopped the warnings.. then i ran malwarebytes twice and removed infections. things seem to be working fine now.

thanks for getting back to me!
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could run the other two programmes to ensure that all is gone - It would be no problem for me to check
  • 0

#5
sliapis

sliapis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Sure! And I appreciate it!

Here is the OTL report


OTL Extras logfile created on: 3/26/2011 3:19:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\SLiapis\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 590.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 35.44 Gb Free Space | 52.25% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: SLiapis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2403560203-1846807062-4164863509-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe" = C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe:*:Enabled:Mozilla Firefox 3.6 Beta 5
"C:\Program Files\Mozilla Firefox 4.0 Beta 2\firefox.exe" = C:\Program Files\Mozilla Firefox 4.0 Beta 2\firefox.exe:*:Enabled:Mozilla Firefox 4.0 Beta 2


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"GoToAssist" = GoToAssist 8.0.0.514
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMend Registry Defrag_is1" = WinMend Registry Defrag 1.3.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2403560203-1846807062-4164863509-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2011 3:55:01 AM | Computer Name = LAPPY | Source = Application Hang | ID = 1001
Description = Fault bucket 35273598.

Error - 3/12/2011 5:45:46 AM | Computer Name = LAPPY | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
mcbrwctl.dll, version 3.3.1.119, fault address 0x0003955d.

Error - 3/17/2011 3:41:18 AM | Computer Name = LAPPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/17/2011 3:41:18 AM | Computer Name = LAPPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/17/2011 3:41:18 AM | Computer Name = LAPPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/17/2011 3:41:18 AM | Computer Name = LAPPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/17/2011 3:41:18 AM | Computer Name = LAPPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/17/2011 3:41:18 AM | Computer Name = LAPPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/26/2011 6:18:45 PM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.22.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2011 6:18:46 PM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.22.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/26/2011 3:35:23 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 2 time(s).

Error - 3/26/2011 3:35:23 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 3 time(s).

Error - 3/26/2011 3:35:23 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 4 time(s).

Error - 3/26/2011 3:35:23 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 5 time(s).

Error - 3/26/2011 3:35:23 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 6 time(s).

Error - 3/26/2011 3:35:53 PM | Computer Name = LAPPY | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.

Error - 3/26/2011 3:35:54 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 7 time(s).

Error - 3/26/2011 3:38:12 PM | Computer Name = LAPPY | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 86163500, parameter3
86163674, parameter4 805d29b4.

Error - 3/26/2011 3:53:09 PM | Computer Name = LAPPY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 3/26/2011 4:40:22 PM | Computer Name = LAPPY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.


< End of report >

I'm running the others now
  • 0

#6
sliapis

sliapis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL logfile created on: 3/26/2011 3:28:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\SLiapis\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 415.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 35.41 Gb Free Space | 52.20% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: SLiapis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 15:19:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SLiapis\My Documents\Downloads\OTL (1).exe
PRC - [2011/03/23 10:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\SLiapis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/12/09 12:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 14:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/10/14 12:09:00 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\SLiapis\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 15:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/31 12:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/08/22 14:32:18 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/08/03 17:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/03/24 22:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/08/29 17:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 09:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 15:19:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SLiapis\My Documents\Downloads\OTL (1).exe
MOD - [2011/03/09 16:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll
MOD - [2008/04/13 17:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008/04/13 17:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2003/08/02 21:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/08/05 18:30:35 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/01/31 12:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2009/02/14 08:22:56 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/06/27 07:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 07:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/03/22 09:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 09:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/03/16 15:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 06:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/05/23 13:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 22:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/14 14:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 14:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 14:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 02:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 02:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 02:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061123
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061123


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061123
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061123
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://by129fd.bay12...b9ebfe3be34b479
IE - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/16 20:08:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/16 20:08:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/23 06:03:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/18 23:10:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/12 12:25:25 | 000,000,000 | ---D | M]

[2009/12/28 16:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SLiapis\Application Data\Mozilla\Extensions
[2011/03/22 01:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SLiapis\Application Data\Mozilla\Firefox\Profiles\otet2efv.default\extensions
[2010/04/27 13:07:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SLiapis\Application Data\Mozilla\Firefox\Profiles\otet2efv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/22 01:54:21 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\SLiapis\Application Data\Mozilla\Firefox\Profiles\otet2efv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/21 23:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/22 16:48:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/01/16 20:08:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/16 20:08:49 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/02/22 16:48:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/23 06:03:08 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/02/22 16:48:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/19 17:06:59 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2009/12/12 14:37:05 | 000,362,903 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 12473 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\SLiapis\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/05/04 18:44:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/05/04 18:44:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/05/04 18:44:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/05/04 18:44:37 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\..Trusted Domains: yelp.com ([biz] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1164925003062 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1164925153718 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\SLiapis\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SLiapis\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{058c7f68-3d58-11e0-910a-0015c5c568e3}\Shell - "" = AutoRun
O33 - MountPoints2\{058c7f68-3d58-11e0-910a-0015c5c568e3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{058c7f68-3d58-11e0-910a-0015c5c568e3}\Shell\AutoRun\command - "" = E:\SISetup.exe
O33 - MountPoints2\{8e345828-f058-11db-bb68-0015c5c568e3}\Shell - "" = AutoRun
O33 - MountPoints2\{8e345828-f058-11db-bb68-0015c5c568e3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e345828-f058-11db-bb68-0015c5c568e3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/26 11:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jIpObMcKaEe01804
[2011/03/13 01:33:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[1 C:\Documents and Settings\SLiapis\Desktop\*.tmp files -> C:\Documents and Settings\SLiapis\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/26 15:21:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/03/26 15:14:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/26 15:05:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2403560203-1846807062-4164863509-1006UA.job
[2011/03/26 13:43:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/26 13:43:40 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/26 13:43:40 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2403560203-1846807062-4164863509-1006.job
[2011/03/26 13:43:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/26 13:43:33 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/26 12:35:56 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/03/26 12:09:32 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ACBA6119-B1DD-46FA-86B9-EABDE27EF301}.job
[2011/03/26 12:09:11 | 000,461,312 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/26 12:09:11 | 000,080,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/25 10:07:00 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\Google Chrome.lnk
[2011/03/25 10:07:00 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\SLiapis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/25 10:05:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2403560203-1846807062-4164863509-1006Core.job
[2011/03/23 23:17:57 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\SLiapis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 18:32:22 | 000,057,649 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\rocket.jpg
[2011/03/20 18:17:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2403560203-1846807062-4164863509-1006.job
[2011/03/18 10:31:34 | 000,005,848 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\images.jpg
[2011/03/15 11:39:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/13 21:51:26 | 000,092,940 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\shapeimage_1.png
[2011/03/02 10:20:28 | 000,025,111 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\173036_10150101580466231_500066230_6941797_5737441_o.jpeg
[1 C:\Documents and Settings\SLiapis\Desktop\*.tmp files -> C:\Documents and Settings\SLiapis\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/26 15:21:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/03/26 12:35:56 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/21 18:32:30 | 000,057,649 | ---- | C] () -- C:\Documents and Settings\SLiapis\Desktop\rocket.jpg
[2011/03/18 10:31:38 | 000,005,848 | ---- | C] () -- C:\Documents and Settings\SLiapis\Desktop\images.jpg
[2011/03/13 21:51:34 | 000,092,940 | ---- | C] () -- C:\Documents and Settings\SLiapis\Desktop\shapeimage_1.png
[2011/03/02 10:20:32 | 000,025,111 | ---- | C] () -- C:\Documents and Settings\SLiapis\Desktop\173036_10150101580466231_500066230_6941797_5737441_o.jpeg
[2011/02/20 18:19:06 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2009/02/14 08:25:28 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/08/05 18:36:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/08/05 18:36:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/08/05 18:36:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/10/05 17:24:49 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/05 17:24:48 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/25 23:59:13 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\SLiapis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/30 19:25:30 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2006/11/30 19:14:16 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2006/11/30 19:09:41 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
[2006/11/30 14:57:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SLiapis\Application Data\wklnhst.dat
[2006/11/30 14:48:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/30 14:46:36 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\SLiapis\Local Settings\Application Data\fusioncache.dat
[2006/11/23 03:40:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/23 03:28:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/23 03:17:33 | 000,000,843 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/23 03:16:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/23 02:43:02 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/11/23 02:42:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/11/23 02:42:44 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/23 02:42:18 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,294,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,461,312 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,080,334 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/22 10:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2008/08/19 17:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/01/06 20:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/02/14 14:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2008/08/05 18:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2006/11/30 19:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2011/03/26 12:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jIpObMcKaEe01804
[2011/03/10 22:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/19 17:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/14 08:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2008/08/19 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\acccore
[2009/02/14 08:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\AT&T
[2009/02/14 08:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Bytemobile
[2009/02/14 08:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\DBUpdater
[2010/02/28 11:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Facebook
[2006/11/30 19:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Final Draft
[2007/07/21 12:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Leadertech
[2011/01/16 20:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Local
[2009/02/14 08:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Sierra Wireless
[2006/11/30 14:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Template
[2008/08/19 17:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Viewpoint
[2011/03/26 12:09:32 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ACBA6119-B1DD-46FA-86B9-EABDE27EF301}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP >
[2010/12/27 12:36:10 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP865\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/28 16:07:43 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP866\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/29 16:56:33 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP867\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/30 17:17:27 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP868\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/31 19:56:04 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP869\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/01 23:03:53 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP870\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/03 14:17:21 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP871\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/05 10:59:28 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP872\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/06 12:19:45 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP873\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/07 13:06:16 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP874\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/08 18:09:53 | 037,195,776 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP875\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/09 21:06:02 | 037,208,064 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/10 22:33:20 | 037,208,064 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP877\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/12 13:53:58 | 037,208,064 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP878\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/12 14:22:00 | 037,208,064 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP879\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/13 19:26:11 | 037,216,256 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP880\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/15 15:38:07 | 037,216,256 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP881\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/16 16:47:06 | 037,216,256 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP882\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/16 20:15:10 | 037,498,880 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP883\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/17 22:21:14 | 037,150,720 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP884\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/19 11:03:03 | 037,150,720 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP885\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/20 17:30:48 | 037,150,720 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP886\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/21 19:39:59 | 037,150,720 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP887\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/23 00:15:02 | 037,150,720 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP888\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/24 00:36:19 | 037,150,720 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP889\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/25 23:11:52 | 037,158,912 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP890\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/27 16:44:59 | 037,158,912 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP891\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/28 17:18:22 | 037,158,912 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP892\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/30 14:33:55 | 037,158,912 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP893\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/31 22:35:21 | 037,158,912 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP894\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/01 23:17:39 | 037,158,912 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP895\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/07 19:35:36 | 037,163,008 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP896\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/08 23:04:38 | 037,175,296 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP897\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/10 00:00:45 | 037,163,008 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP898\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/10 01:26:37 | 037,163,008 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP899\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/11 16:50:12 | 037,240,832 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP900\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/12 22:54:49 | 037,244,928 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP901\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/14 11:17:29 | 037,244,928 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP902\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/15 21:01:23 | 037,244,928 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP903\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/16 07:31:16 | 037,244,928 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP904\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/17 09:40:22 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP905\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/18 12:07:10 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP906\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/19 12:20:14 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP907\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/20 15:03:38 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP908\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/21 23:06:27 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP909\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/22 16:47:08 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP910\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/22 16:47:57 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP911\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/24 17:00:59 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP912\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/26 12:48:19 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP913\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/02/27 23:13:22 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP914\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/01 00:29:54 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP915\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/02 11:02:32 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP916\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/03 11:57:01 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP917\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/04 15:58:23 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP918\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/06 18:28:27 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP919\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/07 21:31:07 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP920\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/08 21:34:15 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP921\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/09 07:25:05 | 037,380,096 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP922\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/11 18:38:29 | 037,412,864 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP923\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/12 22:08:56 | 037,412,864 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP924\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/13 22:45:15 | 037,412,864 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP925\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/15 11:38:26 | 037,412,864 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP926\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/16 16:30:46 | 037,416,960 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP927\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/17 20:47:29 | 037,416,960 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP928\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/19 14:22:00 | 037,416,960 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP929\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/20 18:02:31 | 037,416,960 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP930\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/21 20:12:58 | 037,416,960 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP931\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/23 10:01:16 | 037,416,960 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP932\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/24 09:56:03 | 037,416,960 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP933\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/25 15:27:59 | 037,437,440 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP934\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/03/26 15:21:34 | 037,462,016 | ---- | M] () -- c:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP935\snapshot\_REGISTRY_MACHINE_SOFTWARE

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

#7
sliapis

sliapis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here is the rogue killer


RogueKiller V4.3.4 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: SLiapis [Admin rights]
Mode: Scan -- Date : 03/26/2011 15:33:04

Bad processes: 1
[APPDT/TMP/DESKTOP] GoogleCrashHandler.exe -- c:\documents and settings\sliapis\local settings\application data\google\update\1.2.183.39\googlecrashhandler.exe -> KILLED

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
[...]


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#8
sliapis

sliapis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
and here is the last


aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-26 15:34:20
-----------------------------
15:34:20.640 OS Version: Windows 5.1.2600 Service Pack 3
15:34:20.640 Number of processors: 2 586 0xE08
15:34:20.640 ComputerName: LAPPY UserName:
15:34:22.250 Initialize success
15:34:28.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:34:28.171 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 76319MB BusType: 3
15:34:30.250 Disk 0 MBR read successfully
15:34:30.250 Disk 0 MBR scan
15:34:32.250 Disk 0 scanning sectors +156296385
15:34:32.312 Disk 0 scanning C:\WINDOWS\system32\drivers
15:34:39.890 Service scanning
15:34:41.062 Disk 0 trace - called modules:
15:34:41.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:34:41.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8671aab8]
15:34:41.093 3 CLASSPNP.SYS[f7651fd7] -> nt!IofCallDriver -> \Device\0000006a[0x86789f18]
15:34:41.093 5 ACPI.sys[f74e8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8677bd98]
15:34:41.093 Scan finished successfully
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks good just a few bits to remove

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Secure Search"
    O3 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-2403560203-1846807062-4164863509-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    [2011/03/26 11:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jIpObMcKaEe01804
    [2011/03/26 15:21:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#10
sliapis

sliapis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here is the latest log


OTL logfile created on: 3/27/2011 9:05:46 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\SLiapis\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 460.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 37.36 Gb Free Space | 55.08% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: SLiapis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | 9:12 AM 3/27/2011Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/27 09:05:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SLiapis\My Documents\Downloads\OTL (3).exe
PRC - [2011/03/23 10:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\SLiapis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/12/09 12:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 14:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/10/14 12:09:00 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\SLiapis\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 15:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/31 12:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/08/22 14:32:18 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/08/03 17:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/03/24 22:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/08/29 17:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 09:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/03/27 09:05:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SLiapis\My Documents\Downloads\OTL (3).exe
MOD - [2011/03/09 16:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/08/05 18:30:35 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/01/31 12:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2009/02/14 08:22:56 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/06/27 07:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 07:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/03/22 09:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 09:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/03/16 15:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 06:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/05/23 13:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 22:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/14 14:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 14:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 14:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 02:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 02:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 02:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061123
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061123

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://by129fd.bay12...b9ebfe3be34b479
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/16 20:08:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/16 20:08:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/23 06:03:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/18 23:10:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/12 12:25:25 | 000,000,000 | ---D | M]

[2009/12/28 16:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SLiapis\Application Data\Mozilla\Extensions
[2011/03/22 01:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SLiapis\Application Data\Mozilla\Firefox\Profiles\otet2efv.default\extensions
[2010/04/27 13:07:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SLiapis\Application Data\Mozilla\Firefox\Profiles\otet2efv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/22 01:54:21 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\SLiapis\Application Data\Mozilla\Firefox\Profiles\otet2efv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/21 23:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/22 16:48:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/01/16 20:08:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/16 20:08:49 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/02/22 16:48:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/23 06:03:08 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/02/22 16:48:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/19 17:06:59 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/03/27 08:59:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\SLiapis\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/05/04 18:44:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/05/04 18:44:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/05/04 18:44:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/05/04 18:44:37 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: yelp.com ([biz] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1164925003062 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1164925153718 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\SLiapis\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SLiapis\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{058c7f68-3d58-11e0-910a-0015c5c568e3}\Shell - "" = AutoRun
O33 - MountPoints2\{058c7f68-3d58-11e0-910a-0015c5c568e3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{058c7f68-3d58-11e0-910a-0015c5c568e3}\Shell\AutoRun\command - "" = E:\SISetup.exe
O33 - MountPoints2\{8e345828-f058-11db-bb68-0015c5c568e3}\Shell - "" = AutoRun
O33 - MountPoints2\{8e345828-f058-11db-bb68-0015c5c568e3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e345828-f058-11db-bb68-0015c5c568e3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 08:59:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/26 11:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jIpObMcKaEe01804
[2011/03/13 01:33:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[1 C:\Documents and Settings\SLiapis\Desktop\*.tmp files -> C:\Documents and Settings\SLiapis\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/27 09:05:04 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2403560203-1846807062-4164863509-1006UA.job
[2011/03/27 09:03:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/27 09:03:33 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/27 09:03:32 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2403560203-1846807062-4164863509-1006.job
[2011/03/27 09:03:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/27 09:03:24 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/27 08:59:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/27 08:58:12 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ACBA6119-B1DD-46FA-86B9-EABDE27EF301}.job
[2011/03/27 06:14:13 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/26 15:34:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\MBR.dat
[2011/03/26 12:35:56 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/03/26 12:09:11 | 000,461,312 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/26 12:09:11 | 000,080,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/25 10:07:00 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\Google Chrome.lnk
[2011/03/25 10:07:00 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\SLiapis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/25 10:05:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2403560203-1846807062-4164863509-1006Core.job
[2011/03/23 23:17:57 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\SLiapis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 18:32:22 | 000,057,649 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\rocket.jpg
[2011/03/20 18:17:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2403560203-1846807062-4164863509-1006.job
[2011/03/18 10:31:34 | 000,005,848 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\images.jpg
[2011/03/15 11:39:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/13 21:51:26 | 000,092,940 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\shapeimage_1.png
[2011/03/02 10:20:28 | 000,025,111 | ---- | M] () -- C:\Documents and Settings\SLiapis\Desktop\173036_10150101580466231_500066230_6941797_5737441_o.jpeg
[1 C:\Documents and Settings\SLiapis\Desktop\*.tmp files -> C:\Documents and Settings\SLiapis\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/26 15:34:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\SLiapis\Desktop\MBR.dat
[2011/03/26 12:35:56 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/21 18:32:30 | 000,057,649 | ---- | C] () -- C:\Documents and Settings\SLiapis\Desktop\rocket.jpg
[2011/03/18 10:31:38 | 000,005,848 | ---- | C] () -- C:\Documents and Settings\SLiapis\Desktop\images.jpg
[2011/03/13 21:51:34 | 000,092,940 | ---- | C] () -- C:\Documents and Settings\SLiapis\Desktop\shapeimage_1.png
[2011/03/02 10:20:32 | 000,025,111 | ---- | C] () -- C:\Documents and Settings\SLiapis\Desktop\173036_10150101580466231_500066230_6941797_5737441_o.jpeg
[2011/02/20 18:19:06 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2009/02/14 08:25:28 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/08/05 18:36:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/08/05 18:36:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/08/05 18:36:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/10/05 17:24:49 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/05 17:24:48 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/25 23:59:13 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\SLiapis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/30 19:25:30 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2006/11/30 19:14:16 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2006/11/30 19:09:41 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
[2006/11/30 14:57:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SLiapis\Application Data\wklnhst.dat
[2006/11/30 14:48:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/30 14:46:36 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\SLiapis\Local Settings\Application Data\fusioncache.dat
[2006/11/23 03:40:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/23 03:28:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/23 03:17:33 | 000,000,843 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/23 03:16:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/23 02:43:02 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/11/23 02:42:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/11/23 02:42:44 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/23 02:42:18 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,294,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,461,312 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,080,334 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/22 10:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2008/08/19 17:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/01/06 20:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/02/14 14:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2008/08/05 18:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2006/11/30 19:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2011/03/26 12:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jIpObMcKaEe01804
[2011/03/10 22:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/19 17:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/19 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\acccore
[2009/02/14 08:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\AT&T
[2009/02/14 08:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Bytemobile
[2009/02/14 08:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\DBUpdater
[2010/02/28 11:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Facebook
[2006/11/30 19:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Final Draft
[2007/07/21 12:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Leadertech
[2011/01/16 20:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Local
[2009/02/14 08:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Sierra Wireless
[2006/11/30 14:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Template
[2008/08/19 17:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SLiapis\Application Data\Viewpoint
[2011/03/27 08:58:12 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ACBA6119-B1DD-46FA-86B9-EABDE27EF301}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further problems or are you ready for me to remove my tools ?
  • 0

#12
sliapis

sliapis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
i think that's it. Can't thank u enough!
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    [2011/03/26 12:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jIpObMcKaEe01804

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :D
  • 0

#14
sliapis

sliapis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks so much. I use malewarebytes already. I don't have an active anti virus though. Which do u recommend?
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I thought I saw McAfee on your system ?

I use Avast
But there is also MS Security Essentials
Or Avira
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP