Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malwarebytes and Avast cannot find it

Started by moe jr , May 02 2011 10:10 PM

This topic is locked

#1
moe jr

Posted 02 May 2011 - 10:10 PM

Member

Member
210 posts

I hope someone can help. A few weeks ago my computer slowed way, way down and I was instantly redirected when I did a toolbar search. I ran Malwarebytes and Avast detailed scans a number of times and they found a few infected files which I deleted. Since then I don't have the redirect problem but my computer speed is normal on some days and slow on others and everytime I power on I get a window which says:

ERROR/LOADING C:\WINDOWS\ i jammerihesogol.dll
The specific module could not be found

OTL logfile created on: 5/2/2011 8:49:31 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\catman3152\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 14.81 Gb Free Space | 39.77% Space Free | Partition Type: NTFS

Computer Name: NUMEROUNO | User Name: catman3152 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
PRC - [2011/02/23 07:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/20 12:24:50 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2003/08/13 08:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe

========== Modules (SafeList) ==========

MOD - [2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
MOD - [2011/02/23 07:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2006/06/11 17:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DGIVECP.SYS -- (DgiVecp)
DRV - [2004/08/03 21:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 21:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/04 18:37:15 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/07/26 19:09:20 | 000,005,593 | ---- | M] (VIEWQUEST THCHNOLOGIES LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VQ2101XP.SYS -- (VQ21FIL) ViewQuest USB Filter Driver (FILTER)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB}: C:\Documents and Settings\catman3152\Local Settings\Application Data\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB} [2011/03/12 21:42:11 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/02/15 16:12:33 | 000,378,447 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13042 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [USPTO Direct Recovery] C:\Program Files\USPTO\etdirrcv.exe (Entrust®)
O4 - HKLM..\Run: [Yvimemamerihes] File not found
O4 - HKCU..\Run: [MsnMsgr] File not found
O4 - HKCU..\Run: [Sonic RecordNow!] File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {13EC470D-6583-42A3-B07D-648F70BC5CA0} http://extranet.prot...rrent/setup.exe (ProtoView Class)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1083551604734 (MSSecurityAdvisor Class)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by15fd.bay15....ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c1574fb1-fc0b-11df-85d6-000d565d7445}\Shell - "" = AutoRun
O33 - MountPoints2\{c1574fb1-fc0b-11df-85d6-000d565d7445}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1574fb1-fc0b-11df-85d6-000d565d7445}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\catman3152\My Documents\Fwd_ Fw_ Fwd_ free blockbuster movies...
[2011/05/02 20:31:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\catman3152\My Documents\Fwd_ Fw_ Fwd_ free blockbuster movies...
[2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
[2011/05/02 20:19:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/02 20:19:40 | 1340,149,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 18:01:01 | 000,096,059 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt TEST PDF.pdf
[2011/04/25 18:37:09 | 000,096,116 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs L PDF.pdf
[2011/04/25 18:35:27 | 000,486,400 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/24 02:35:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/04/22 13:34:40 | 000,038,021 | ---- | M] () -- C:\invoice 3 EAST WEST.rtf
[2011/04/20 10:05:49 | 000,096,059 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt pdf final.pdf
[2011/04/20 09:58:37 | 000,956,928 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/19 09:08:10 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/19 09:08:10 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/04/18 14:03:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/18 14:03:52 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/18 13:59:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/18 13:43:17 | 000,003,162 | -HS- | M] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/18 13:43:17 | 000,003,162 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/15 08:39:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fmupeg.bin
[2011/04/15 08:11:40 | 000,007,932 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1204144926
[2011/04/15 08:11:39 | 000,007,932 | -HS- | M] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\1204144926
[2011/04/10 15:12:34 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Chuxusezej.dat

========== Files Created - No Company Name ==========

[2011/04/29 18:00:54 | 000,096,059 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt TEST PDF.pdf
[2011/04/25 18:37:03 | 000,096,116 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs L PDF.pdf
[2011/04/25 18:35:27 | 000,486,400 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/22 13:34:40 | 000,038,021 | ---- | C] () -- C:\invoice 3 EAST WEST.rtf
[2011/04/19 09:08:10 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/04/19 09:08:10 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/04/18 13:58:58 | 1340,149,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/18 13:39:35 | 000,003,162 | -HS- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/18 13:39:35 | 000,003,162 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/15 07:37:25 | 000,007,932 | -HS- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\1204144926
[2011/04/15 07:37:25 | 000,007,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1204144926
[2011/03/12 21:42:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Chuxusezej.dat
[2011/03/12 21:42:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fmupeg.bin
[2011/01/31 17:11:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/12/25 09:12:30 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/12/23 10:19:56 | 000,006,690 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\B40A.FB7
[2010/12/16 06:05:30 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\html.html
[2009/11/03 14:55:06 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/09/22 23:20:14 | 000,016,113 | ---- | C] () -- C:\WINDOWS\ziweg.exe
[2009/09/22 23:20:13 | 000,018,426 | ---- | C] () -- C:\WINDOWS\System32\uzos.bin
[2009/09/22 23:20:13 | 000,018,144 | ---- | C] () -- C:\WINDOWS\uzofedojyc.com
[2009/09/21 12:11:22 | 000,015,583 | ---- | C] () -- C:\WINDOWS\kovecyciq.com
[2009/09/21 11:38:44 | 000,011,562 | ---- | C] () -- C:\WINDOWS\System32\qivyn.dat
[2009/09/21 11:35:19 | 000,018,386 | ---- | C] () -- C:\WINDOWS\System32\ikyjuzeri.dat
[2009/09/21 11:21:27 | 000,015,054 | ---- | C] () -- C:\WINDOWS\edyzohewu.bin
[2009/09/21 11:21:26 | 000,014,415 | ---- | C] () -- C:\WINDOWS\ezobahu.exe
[2009/09/21 11:21:26 | 000,010,124 | ---- | C] () -- C:\WINDOWS\imebypit.bin
[2009/09/21 08:53:35 | 000,019,609 | ---- | C] () -- C:\WINDOWS\wuwijenybe.dat
[2009/09/21 08:53:35 | 000,019,010 | ---- | C] () -- C:\WINDOWS\System32\etun.exe
[2009/09/21 08:53:35 | 000,018,906 | ---- | C] () -- C:\WINDOWS\erydezul.com
[2009/09/20 22:06:37 | 000,014,215 | ---- | C] () -- C:\WINDOWS\osutiwum.dat
[2009/09/20 22:06:37 | 000,014,093 | ---- | C] () -- C:\WINDOWS\yripahuqik.com
[2009/09/20 21:57:07 | 000,019,706 | ---- | C] () -- C:\WINDOWS\ihicy.exe
[2009/09/20 21:57:07 | 000,019,089 | ---- | C] () -- C:\WINDOWS\vynozemiwo.dat
[2009/09/20 21:57:07 | 000,016,378 | ---- | C] () -- C:\WINDOWS\kidivi.com
[2009/09/20 21:57:07 | 000,010,569 | ---- | C] () -- C:\WINDOWS\System32\qovu.dat
[2009/09/20 21:38:42 | 000,014,752 | ---- | C] () -- C:\WINDOWS\System32\hivedexyco.exe
[2009/09/20 21:38:42 | 000,013,051 | ---- | C] () -- C:\WINDOWS\sypopakej.bin
[2009/09/20 18:41:45 | 000,017,165 | ---- | C] () -- C:\WINDOWS\giqinufole.dat
[2009/09/20 18:41:45 | 000,015,846 | ---- | C] () -- C:\WINDOWS\uledow.bin
[2009/09/20 18:41:45 | 000,013,700 | ---- | C] () -- C:\WINDOWS\System32\agyhape.com
[2009/09/20 18:41:45 | 000,013,224 | ---- | C] () -- C:\WINDOWS\System32\civusoqeka.dat
[2009/09/20 18:41:44 | 000,019,270 | ---- | C] () -- C:\WINDOWS\System32\agikygyr.exe
[2009/09/19 13:48:08 | 000,019,659 | ---- | C] () -- C:\WINDOWS\tycecyzax.dat
[2009/09/19 13:48:07 | 000,014,023 | ---- | C] () -- C:\WINDOWS\bulib.dll
[2009/09/19 13:48:07 | 000,011,769 | ---- | C] () -- C:\WINDOWS\fimaxewa.com
[2009/09/01 07:25:27 | 000,000,346 | --S- | C] () -- C:\WINDOWS\System32\2243651138.dat
[2009/06/30 14:42:35 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\tiff2pdf.dll
[2009/04/29 11:58:34 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2008/02/29 10:07:53 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/26 10:51:51 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/04 11:04:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstpw.exe
[2006/01/04 10:19:16 | 004,464,640 | ---- | C] () -- C:\WINDOWS\System32\ImageMagickObject.dll
[2004/12/08 12:22:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/10/02 08:09:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/22 08:11:00 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/02 18:32:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24581_up.exe
[2004/04/29 06:37:36 | 000,000,136 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/25 20:50:28 | 000,028,775 | ---- | C] () -- C:\WINDOWS\javaw.exe
[2004/02/25 20:50:28 | 000,024,677 | ---- | C] () -- C:\WINDOWS\java.exe
[2004/02/24 17:28:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/23 22:16:59 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\fusioncache.dat
[2004/02/23 22:05:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/02/20 20:57:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/02/20 20:57:19 | 000,000,014 | ---- | C] () -- C:\WINDOWS\exchng32.ini
[2004/02/20 20:57:19 | 000,000,012 | ---- | C] () -- C:\WINDOWS\datalink.ini
[2004/02/20 20:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2004/02/04 09:38:00 | 000,000,027 | ---- | C] () -- C:\WINDOWS\V2101LOC.INI
[2004/02/04 08:56:20 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2004/02/04 08:56:19 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2004/02/04 08:56:19 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2004/02/04 08:56:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2004/02/03 20:41:46 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\PFP110JPR.{PB
[2004/02/03 20:41:46 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\PFP110JCM.{PB
[2004/02/03 19:36:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/01/31 08:52:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/29 18:04:08 | 000,000,695 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/01/29 16:09:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/01/29 09:25:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2004/01/21 18:33:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 18:27:52 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/01/21 18:22:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/01/21 18:20:40 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/21 18:07:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/01/21 18:05:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/21 18:05:28 | 000,813,782 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/01/21 18:05:28 | 000,158,464 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/01/21 18:05:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/21 17:51:44 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/19 11:41:32 | 000,377,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/19 11:40:04 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/08/19 11:38:56 | 000,000,889 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/13 20:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/14 11:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/07/14 11:30:27 | 000,034,816 | ---- | C] () -- C:\WINDOWS\patch.exe
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2002/10/08 12:24:44 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2002/09/03 06:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 06:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\TRAFFIC.DLL
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/03/20 00:00:00 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1996/03/20 00:00:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI

========== LOP Check ==========

[2010/02/15 21:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/24 20:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2004/01/29 18:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/03/21 07:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/02/26 10:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/03/06 12:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dKiFoJf06510
[2006/02/02 11:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel
[2010/12/25 09:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pCiFh08200
[2011/03/18 07:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/02/22 17:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/15 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2007/06/19 10:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\ICAClient
[2004/01/31 08:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Leadertech
[2011/01/31 17:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\pdfforge
[2011/01/31 17:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Search Settings
[2011/04/24 02:35:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========

< End of report >

Thanks.

#2
Render

Posted 06 May 2011 - 09:54 AM

Trusted Helper

Malware Removal
4,195 posts

Hi, moe jr! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Forum and helpers has been busy and we're sorry about the delay.

Please do the following:

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

#3
moe jr

Posted 06 May 2011 - 07:21 PM

Member

Topic Starter
Member
210 posts

Render hi'

Thanks for helping me. I've attached the scan results.

Moe

#4
moe jr

Posted 06 May 2011 - 07:26 PM

Member

Topic Starter
Member
210 posts

Render,

I'm sorry I didn't read your instructions thoroughly. My first attempt was to copy and paste the scan results in my response. But I couldn't highlight the results to be able to click "copy" and everytime I tried to open the version I saved to my desktop I got a msg. that said I didn't have the proper software to open the file. When I tried to use the original program to open the scan it just defaulted to the original screen that I had when I first saved the program. What can I do to get you that scan?

Thanks
Art

#5
moe jr

Posted 06 May 2011 - 07:30 PM

Member

Topic Starter
Member
210 posts

Render hi,

I was able to open it with WORD:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-06 17:07:50
-----------------------------
17:07:50.968 OS Version: Windows 5.1.2600 Service Pack 2
17:07:50.968 Number of processors: 1 586 0x209
17:07:50.983 ComputerName: NUMEROUNO UserName:
17:07:52.046 Initialize success
17:07:54.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:07:54.327 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
17:07:56.374 Disk 0 MBR read successfully
17:07:56.390 Disk 0 MBR scan
17:07:56.390 Disk 0 Windows XP default MBR code
17:07:58.546 Disk 0 scanning sectors +78156225
17:07:58.577 Disk 0 PE file @ sector 78156225 !
17:07:58.577 Disk 0 scanning C:\WINDOWS\system32\drivers
17:08:12.171 Service scanning
17:08:13.890 Disk 0 trace - called modules:
17:08:13.921 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:08:13.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a199ab8]
17:08:13.937 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a19ad98]
17:08:13.952 Scan finished successfully

#6
Render

Posted 07 May 2011 - 04:39 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

No problem. Please do the following:

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Check the boxes beside LOP Check and Purity Check.

Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image

textbox.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

#7
moe jr

Posted 07 May 2011 - 08:04 AM

Member

Topic Starter
Member
210 posts

Here it is:

OTL logfile created on: 5/7/2011 5:42:28 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\catman3152\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 15.08 Gb Free Space | 40.51% Space Free | Partition Type: NTFS

Computer Name: NUMEROUNO | User Name: catman3152 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
PRC - [2011/02/23 07:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/20 12:24:50 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2003/08/13 08:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe

========== Modules (SafeList) ==========

MOD - [2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
MOD - [2011/02/23 07:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV - [2011/04/24 14:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2006/06/11 17:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DGIVECP.SYS -- (DgiVecp)
DRV - [2004/08/03 21:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 21:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/04 18:37:15 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/07/26 19:09:20 | 000,005,593 | ---- | M] (VIEWQUEST THCHNOLOGIES LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VQ2101XP.SYS -- (VQ21FIL) ViewQuest USB Filter Driver (FILTER)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB}: C:\Documents and Settings\catman3152\Local Settings\Application Data\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB} [2011/03/12 21:42:11 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/02/15 16:12:33 | 000,378,447 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13042 more lines...
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [USPTO Direct Recovery] C:\Program Files\USPTO\etdirrcv.exe (Entrust®)
O4 - HKLM..\Run: [Yvimemamerihes] File not found
O4 - HKCU..\Run: [MsnMsgr] File not found
O4 - HKCU..\Run: [Sonic RecordNow!] File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {13EC470D-6583-42A3-B07D-648F70BC5CA0} http://extranet.prot...rrent/setup.exe (ProtoView Class)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1083551604734 (MSSecurityAdvisor Class)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by15fd.bay15....ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c1574fb1-fc0b-11df-85d6-000d565d7445}\Shell - "" = AutoRun
O33 - MountPoints2\{c1574fb1-fc0b-11df-85d6-000d565d7445}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1574fb1-fc0b-11df-85d6-000d565d7445}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58278930930466816)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\catman3152\My Documents\Fwd_ Fw_ Fwd_ free blockbuster movies...
[2011/05/06 17:11:45 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\catman3152\Desktop\aswMBR.exe
[2011/05/04 11:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\catman3152\Local Settings\Application Data\PhotoChannel
[2011/05/04 11:15:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/05/04 11:15:28 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/05/03 08:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\catman3152\Application Data\QFX Software
[2011/05/03 08:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/05/03 07:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/05/03 07:21:50 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/05/03 07:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/05/02 20:31:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\catman3152\My Documents\Fwd_ Fw_ Fwd_ free blockbuster movies...
[2011/05/07 02:35:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/05/06 17:12:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\catman3152\Desktop\MBR.dat
[2011/05/06 17:11:45 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\catman3152\Desktop\aswMBR.exe
[2011/05/06 06:31:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/06 06:30:56 | 1340,149,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 18:43:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/05 18:43:45 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
[2011/04/29 18:01:01 | 000,096,059 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt TEST PDF.pdf
[2011/04/25 18:37:09 | 000,096,116 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs L PDF.pdf
[2011/04/25 18:35:27 | 000,486,400 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/24 14:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/04/22 13:34:40 | 000,038,021 | ---- | M] () -- C:\invoice 3 EAST WEST.rtf
[2011/04/20 10:05:49 | 000,096,059 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt pdf final.pdf
[2011/04/20 09:58:37 | 000,956,928 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/18 14:03:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/18 14:03:52 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/18 13:59:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/18 13:43:17 | 000,003,162 | -HS- | M] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/18 13:43:17 | 000,003,162 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/15 08:39:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fmupeg.bin
[2011/04/15 08:11:40 | 000,007,932 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1204144926
[2011/04/15 08:11:39 | 000,007,932 | -HS- | M] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\1204144926
[2011/04/10 15:12:34 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Chuxusezej.dat

========== Files Created - No Company Name ==========

[2011/05/06 17:08:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\catman3152\Desktop\MBR.dat
[2011/05/05 18:43:45 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/05/05 18:43:45 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/04/29 18:00:54 | 000,096,059 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt TEST PDF.pdf
[2011/04/25 18:37:03 | 000,096,116 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs L PDF.pdf
[2011/04/25 18:35:27 | 000,486,400 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/22 13:34:40 | 000,038,021 | ---- | C] () -- C:\invoice 3 EAST WEST.rtf
[2011/04/18 13:58:58 | 1340,149,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/18 13:39:35 | 000,003,162 | -HS- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/18 13:39:35 | 000,003,162 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/15 07:37:25 | 000,007,932 | -HS- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\1204144926
[2011/04/15 07:37:25 | 000,007,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1204144926
[2011/03/12 21:42:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Chuxusezej.dat
[2011/03/12 21:42:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fmupeg.bin
[2011/01/31 17:11:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/12/25 09:12:30 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/12/23 10:19:56 | 000,006,690 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\B40A.FB7
[2010/12/16 06:05:30 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\html.html
[2009/11/03 14:55:06 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/09/22 23:20:14 | 000,016,113 | ---- | C] () -- C:\WINDOWS\ziweg.exe
[2009/09/22 23:20:13 | 000,018,426 | ---- | C] () -- C:\WINDOWS\System32\uzos.bin
[2009/09/22 23:20:13 | 000,018,144 | ---- | C] () -- C:\WINDOWS\uzofedojyc.com
[2009/09/21 12:11:22 | 000,015,583 | ---- | C] () -- C:\WINDOWS\kovecyciq.com
[2009/09/21 11:38:44 | 000,011,562 | ---- | C] () -- C:\WINDOWS\System32\qivyn.dat
[2009/09/21 11:35:19 | 000,018,386 | ---- | C] () -- C:\WINDOWS\System32\ikyjuzeri.dat
[2009/09/21 11:21:27 | 000,015,054 | ---- | C] () -- C:\WINDOWS\edyzohewu.bin
[2009/09/21 11:21:26 | 000,014,415 | ---- | C] () -- C:\WINDOWS\ezobahu.exe
[2009/09/21 11:21:26 | 000,010,124 | ---- | C] () -- C:\WINDOWS\imebypit.bin
[2009/09/21 08:53:35 | 000,019,609 | ---- | C] () -- C:\WINDOWS\wuwijenybe.dat
[2009/09/21 08:53:35 | 000,019,010 | ---- | C] () -- C:\WINDOWS\System32\etun.exe
[2009/09/21 08:53:35 | 000,018,906 | ---- | C] () -- C:\WINDOWS\erydezul.com
[2009/09/20 22:06:37 | 000,014,215 | ---- | C] () -- C:\WINDOWS\osutiwum.dat
[2009/09/20 22:06:37 | 000,014,093 | ---- | C] () -- C:\WINDOWS\yripahuqik.com
[2009/09/20 21:57:07 | 000,019,706 | ---- | C] () -- C:\WINDOWS\ihicy.exe
[2009/09/20 21:57:07 | 000,019,089 | ---- | C] () -- C:\WINDOWS\vynozemiwo.dat
[2009/09/20 21:57:07 | 000,016,378 | ---- | C] () -- C:\WINDOWS\kidivi.com
[2009/09/20 21:57:07 | 000,010,569 | ---- | C] () -- C:\WINDOWS\System32\qovu.dat
[2009/09/20 21:38:42 | 000,014,752 | ---- | C] () -- C:\WINDOWS\System32\hivedexyco.exe
[2009/09/20 21:38:42 | 000,013,051 | ---- | C] () -- C:\WINDOWS\sypopakej.bin
[2009/09/20 18:41:45 | 000,017,165 | ---- | C] () -- C:\WINDOWS\giqinufole.dat
[2009/09/20 18:41:45 | 000,015,846 | ---- | C] () -- C:\WINDOWS\uledow.bin
[2009/09/20 18:41:45 | 000,013,700 | ---- | C] () -- C:\WINDOWS\System32\agyhape.com
[2009/09/20 18:41:45 | 000,013,224 | ---- | C] () -- C:\WINDOWS\System32\civusoqeka.dat
[2009/09/20 18:41:44 | 000,019,270 | ---- | C] () -- C:\WINDOWS\System32\agikygyr.exe
[2009/09/19 13:48:08 | 000,019,659 | ---- | C] () -- C:\WINDOWS\tycecyzax.dat
[2009/09/19 13:48:07 | 000,014,023 | ---- | C] () -- C:\WINDOWS\bulib.dll
[2009/09/19 13:48:07 | 000,011,769 | ---- | C] () -- C:\WINDOWS\fimaxewa.com
[2009/09/01 07:25:27 | 000,000,346 | --S- | C] () -- C:\WINDOWS\System32\2243651138.dat
[2009/06/30 14:42:35 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\tiff2pdf.dll
[2009/04/29 11:58:34 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2008/02/29 10:07:53 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/26 10:51:51 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/04 11:04:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstpw.exe
[2006/01/04 10:19:16 | 004,464,640 | ---- | C] () -- C:\WINDOWS\System32\ImageMagickObject.dll
[2004/12/08 12:22:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/10/02 08:09:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/22 08:11:00 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/02 18:32:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24581_up.exe
[2004/04/29 06:37:36 | 000,000,136 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/25 20:50:28 | 000,028,775 | ---- | C] () -- C:\WINDOWS\javaw.exe
[2004/02/25 20:50:28 | 000,024,677 | ---- | C] () -- C:\WINDOWS\java.exe
[2004/02/24 17:28:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/23 22:16:59 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\fusioncache.dat
[2004/02/23 22:05:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/02/20 20:57:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/02/20 20:57:19 | 000,000,014 | ---- | C] () -- C:\WINDOWS\exchng32.ini
[2004/02/20 20:57:19 | 000,000,012 | ---- | C] () -- C:\WINDOWS\datalink.ini
[2004/02/20 20:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2004/02/04 09:38:00 | 000,000,027 | ---- | C] () -- C:\WINDOWS\V2101LOC.INI
[2004/02/04 08:56:20 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2004/02/04 08:56:19 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2004/02/04 08:56:19 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2004/02/04 08:56:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2004/02/03 20:41:46 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\PFP110JPR.{PB
[2004/02/03 20:41:46 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\PFP110JCM.{PB
[2004/02/03 19:36:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/01/31 08:52:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/29 18:04:08 | 000,000,695 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/01/29 16:09:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/01/29 09:25:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2004/01/21 18:33:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 18:27:52 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/01/21 18:22:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/01/21 18:20:40 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/21 18:07:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/01/21 18:05:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/21 18:05:28 | 000,813,782 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/01/21 18:05:28 | 000,158,464 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/01/21 18:05:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/21 17:51:44 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/19 11:41:32 | 000,377,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/19 11:40:04 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/08/19 11:38:56 | 000,000,889 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/13 20:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/14 11:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/07/14 11:30:27 | 000,034,816 | ---- | C] () -- C:\WINDOWS\patch.exe
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2002/10/08 12:24:44 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2002/09/03 06:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 06:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\TRAFFIC.DLL
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/03/20 00:00:00 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1996/03/20 00:00:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI

========== LOP Check ==========

[2010/02/15 21:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/24 20:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2004/01/29 18:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/03/21 07:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/02/26 10:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/03/06 12:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dKiFoJf06510
[2006/02/02 11:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel
[2010/12/25 09:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pCiFh08200
[2011/03/18 07:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/05/03 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2010/02/22 17:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/15 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2007/06/19 10:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\ICAClient
[2004/01/31 08:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Leadertech
[2011/01/31 17:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\pdfforge
[2011/05/03 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\QFX Software
[2011/01/31 17:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Search Settings
[2011/05/07 02:35:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2006/01/04 10:17:03 | 005,743,477 | ---- | M] (USPTO) -- C:\ABX121.exe
[2006/01/13 12:23:26 | 008,054,797 | ---- | M] () -- C:\DesignWorkshop_Lite-Win.exe
[2006/01/17 19:12:33 | 006,054,832 | ---- | M] (SolidWorks Corporation ) -- C:\eDrawingsEnglish.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
[2004/08/03 23:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/03 23:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2002/08/29 03:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SYSTEM32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SYSTEM32\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2002/08/29 03:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SYSTEM32\winlogon.exe
[2002/08/29 03:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2002/08/29 03:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe
[2004/05/26 17:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

Thanks

#8
Render

Posted 07 May 2011 - 09:27 AM

Trusted Helper

Malware Removal
4,195 posts

You are using only Internet explorer?

Please follow the steps below:

Step 1

We need to run an OTL Fix

Please reopen on your desktop.
Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.

:OTL
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB}: C:\Documents and Settings\catman3152\Local Settings\Application Data\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB}
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2011/04/18 13:43:17 | 000,003,162 | -HS- | M] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/18 13:43:17 | 000,003,162 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/15 08:39:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fmupeg.bin
[2011/04/15 08:11:40 | 000,007,932 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1204144926
[2011/04/15 08:11:39 | 000,007,932 | -HS- | M] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\1204144926
[2011/04/10 15:12:34 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Chuxusezej.dat

:Files
C:\Documents and Settings\catman3152\Local Settings\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
C:\Documents and Settings\All Users\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
C:\WINDOWS\Fmupeg.bin
C:\Documents and Settings\All Users\Application Data\1204144926
C:\Documents and Settings\catman3152\Local Settings\Application Data\1204144926
C:\WINDOWS\Chuxusezej.dat
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Check the boxes beside LOP Check and Purity Check.

Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image

textbox.

netsvcs /all
drivers32 /all
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

OTLfix log
Fresh OTL scan log

#9
moe jr

Posted 07 May 2011 - 12:48 PM

Member

Topic Starter
Member
210 posts

Yes, only Internet Explorer.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB}\ not found.
C:\Documents and Settings\catman3152\Local Settings\Application Data\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB}\chrome\content folder moved successfully.
C:\Documents and Settings\catman3152\Local Settings\Application Data\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB}\chrome folder moved successfully.
C:\Documents and Settings\catman3152\Local Settings\Application Data\{E0067C6F-0097-48E0-8B8D-384CDFBB5ADB} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Documents and Settings\catman3152\Local Settings\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe moved successfully.
C:\Documents and Settings\All Users\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe moved successfully.
C:\WINDOWS\Fmupeg.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1204144926 moved successfully.
C:\Documents and Settings\catman3152\Local Settings\Application Data\1204144926 moved successfully.
C:\WINDOWS\Chuxusezej.dat moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\catman3152\Local Settings\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe not found.
File\Folder C:\WINDOWS\Fmupeg.bin not found.
File\Folder C:\Documents and Settings\All Users\Application Data\1204144926 not found.
File\Folder C:\Documents and Settings\catman3152\Local Settings\Application Data\1204144926 not found.
File\Folder C:\WINDOWS\Chuxusezej.dat not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\catman3152\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\catman3152\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 393216 bytes
->Temporary Internet Files folder emptied: 3865930 bytes
->Flash cache emptied: 702 bytes

User: All Users

User: catman3152
->Temp folder emptied: 3102417 bytes
->Temporary Internet Files folder emptied: 551647775 bytes
->Java cache emptied: 917809 bytes
->Flash cache emptied: 2879776 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 348 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53310273 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 36936410 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 512 bytes

Total Files Cleaned = 623.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: catman3152
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05072011_083222

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\catman3152\Local Settings\Temp\~DF47A1.tmp not found!
File\Folder C:\Documents and Settings\catman3152\Local Settings\Temp\~DFAA18.tmp not found!
File\Folder C:\Documents and Settings\catman3152\Local Settings\Temp\~DFAA37.tmp not found!
File\Folder C:\Documents and Settings\catman3152\Local Settings\Temp\~DFB77D.tmp not found!
File\Folder C:\Documents and Settings\catman3152\Local Settings\Temp\~DFC1FD.tmp not found!
File\Folder C:\Documents and Settings\catman3152\Local Settings\Temp\~DFC218.tmp not found!
File\Folder C:\Documents and Settings\catman3152\Local Settings\Temp\~DFC3C4.tmp not found!
File\Folder C:\Documents and Settings\catman3152\Local Settings\Temp\~DFC3D9.tmp not found!
C:\Documents and Settings\catman3152\Local Settings\Temporary Internet Files\Content.IE5\ZD1JB8Z3\like[1].htm moved successfully.
C:\Documents and Settings\catman3152\Local Settings\Temporary Internet Files\Content.IE5\WP5ENYK0\page__pid__2007185[1].htm moved successfully.
C:\Documents and Settings\catman3152\Local Settings\Temporary Internet Files\Content.IE5\TQSH1B8S\xd_proxy[1].htm moved successfully.
File\Folder C:\Documents and Settings\catman3152\Local Settings\Temporary Internet Files\Content.IE5\CHMN89U3\Fwd_ Fw_ Fwd_ free blockbuster movies... not found!
File\Folder C:\Documents and Settings\catman3152\Local Settings\Temporary Internet Files\Content.IE5\54BEFJXR\FW_ Which Presidential Candidate__...... not found!
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

OTL logfile created on: 5/7/2011 9:36:19 AM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\catman3152\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 15.47 Gb Free Space | 41.54% Space Free | Partition Type: NTFS

Computer Name: NUMEROUNO | User Name: catman3152 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
PRC - [2011/02/23 07:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/20 12:24:50 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2003/08/13 08:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe

========== Modules (SafeList) ==========

MOD - [2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
MOD - [2011/02/23 07:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV - [2011/04/24 14:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2006/06/11 17:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DGIVECP.SYS -- (DgiVecp)
DRV - [2004/08/03 21:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 21:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/04 18:37:15 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/07/26 19:09:20 | 000,005,593 | ---- | M] (VIEWQUEST THCHNOLOGIES LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VQ2101XP.SYS -- (VQ21FIL) ViewQuest USB Filter Driver (FILTER)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/05/07 08:32:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [USPTO Direct Recovery] C:\Program Files\USPTO\etdirrcv.exe (Entrust®)
O4 - HKLM..\Run: [Yvimemamerihes] File not found
O4 - HKCU..\Run: [MsnMsgr] File not found
O4 - HKCU..\Run: [Sonic RecordNow!] File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {13EC470D-6583-42A3-B07D-648F70BC5CA0} http://extranet.prot...rrent/setup.exe (ProtoView Class)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1083551604734 (MSSecurityAdvisor Class)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by15fd.bay15....ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c1574fb1-fc0b-11df-85d6-000d565d7445}\Shell - "" = AutoRun
O33 - MountPoints2\{c1574fb1-fc0b-11df-85d6-000d565d7445}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1574fb1-fc0b-11df-85d6-000d565d7445}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: AudioSrv - C:\WINDOWS\SYSTEM32\audiosrv.dll (Microsoft Corporation)
NetSvcs: Browser - C:\WINDOWS\SYSTEM32\browser.dll (Microsoft Corporation)
NetSvcs: CryptSvc - C:\WINDOWS\SYSTEM32\cryptsvc.dll (Microsoft Corporation)
NetSvcs: DMServer - C:\WINDOWS\SYSTEM32\dmserver.dll (Microsoft Corp.)
NetSvcs: DHCP - C:\WINDOWS\SYSTEM32\dhcpcsvc.dll (Microsoft Corporation)
NetSvcs: ERSvc - C:\WINDOWS\SYSTEM32\ersvc.dll (Microsoft Corporation)
NetSvcs: EventSystem - C:\WINDOWS\SYSTEM32\es.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - C:\WINDOWS\SYSTEM32\shsvcs.dll (Microsoft Corporation)
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanServer - C:\WINDOWS\SYSTEM32\srvsvc.dll (Microsoft Corporation)
NetSvcs: LanmanWorkstation - C:\WINDOWS\SYSTEM32\wkssvc.dll (Microsoft Corporation)
NetSvcs: Messenger - C:\WINDOWS\SYSTEM32\msgsvc.dll (Microsoft Corporation)
NetSvcs: Netman - C:\WINDOWS\SYSTEM32\netman.dll (Microsoft Corporation)
NetSvcs: Nla - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
NetSvcs: Ntmssvc - C:\WINDOWS\SYSTEM32\ntmssvc.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Rasauto - C:\WINDOWS\SYSTEM32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\WINDOWS\SYSTEM32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\WINDOWS\SYSTEM32\MPRDIM.DLL (Microsoft Corporation)
NetSvcs: Schedule - C:\WINDOWS\SYSTEM32\schedsvc.dll (Microsoft Corporation)
NetSvcs: Seclogon - C:\WINDOWS\SYSTEM32\seclogon.dll (Microsoft Corporation)
NetSvcs: SENS - C:\WINDOWS\SYSTEM32\sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\WINDOWS\SYSTEM32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: SRService - C:\WINDOWS\SYSTEM32\srsvc.dll (Microsoft Corporation)
NetSvcs: Tapisrv - C:\WINDOWS\SYSTEM32\tapisrv.dll (Microsoft Corporation)
NetSvcs: Themes - C:\WINDOWS\SYSTEM32\shsvcs.dll (Microsoft Corporation)
NetSvcs: TrkWks - C:\WINDOWS\SYSTEM32\trkwks.dll (Microsoft Corporation)
NetSvcs: W32Time - C:\WINDOWS\SYSTEM32\w32time.dll (Microsoft Corporation)
NetSvcs: WZCSVC - C:\WINDOWS\SYSTEM32\wzcsvc.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: winmgmt - C:\WINDOWS\SYSTEM32\WBEM\wmisvc.dll (Microsoft Corporation)
NetSvcs: TermService - C:\WINDOWS\SYSTEM32\termsrv.dll (Microsoft Corporation)
NetSvcs: wuauserv - C:\WINDOWS\System32\wuauserv.dll (Microsoft Corporation)
NetSvcs: BITS - C:\WINDOWS\SYSTEM32\qmgr.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\WINDOWS\SYSTEM32\shsvcs.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: WmdmPmSN - C:\WINDOWS\SYSTEM32\mspmsnsv.dll (Microsoft Corporation)
NetSvcs: xmlprov - C:\WINDOWS\SYSTEM32\xmlprov.dll (Microsoft Corporation)
NetSvcs: wscsvc - C:\WINDOWS\SYSTEM32\wscsvc.dll (Microsoft Corporation)

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - C:\DOCUME~1\CATMAN~1\LOCALS~1\Temp\xtcggd.bak 2yAPFDOFNF File not found
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\MSG711.ACM (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\MSG723.ACM (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\MSGSM32.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\Dvc.dll (Adaptec)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\MSACM32.DRV (Microsoft Corporation)

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58278930930466816)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\catman3152\My Documents\Fwd_ Fw_ Fwd_ free blockbuster movies...
[2011/05/07 08:32:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 17:11:45 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\catman3152\Desktop\aswMBR.exe
[2011/05/04 11:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\catman3152\Local Settings\Application Data\PhotoChannel
[2011/05/04 11:15:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/05/04 11:15:28 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/05/03 08:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\catman3152\Application Data\QFX Software
[2011/05/03 08:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/05/03 07:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/05/03 07:21:50 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/05/03 07:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/05/02 20:31:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\catman3152\My Documents\Fwd_ Fw_ Fwd_ free blockbuster movies...
[2011/05/07 09:03:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/07 09:03:14 | 1340,149,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 08:32:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/05/07 02:35:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/05/06 17:12:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\catman3152\Desktop\MBR.dat
[2011/05/06 17:11:45 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\catman3152\Desktop\aswMBR.exe
[2011/05/05 18:43:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/05 18:43:45 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
[2011/04/29 18:01:01 | 000,096,059 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt TEST PDF.pdf
[2011/04/25 18:37:09 | 000,096,116 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs L PDF.pdf
[2011/04/25 18:35:27 | 000,486,400 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/24 14:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/04/22 13:34:40 | 000,038,021 | ---- | M] () -- C:\invoice 3 EAST WEST.rtf
[2011/04/20 10:05:49 | 000,096,059 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt pdf final.pdf
[2011/04/20 09:58:37 | 000,956,928 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/18 14:03:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/18 14:03:52 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/18 13:59:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

========== Files Created - No Company Name ==========

[2011/05/06 17:08:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\catman3152\Desktop\MBR.dat
[2011/05/05 18:43:45 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/05/05 18:43:45 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/04/29 18:00:54 | 000,096,059 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt TEST PDF.pdf
[2011/04/25 18:37:03 | 000,096,116 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs L PDF.pdf
[2011/04/25 18:35:27 | 000,486,400 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/22 13:34:40 | 000,038,021 | ---- | C] () -- C:\invoice 3 EAST WEST.rtf
[2011/04/18 13:58:58 | 1340,149,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/31 17:11:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/12/25 09:12:30 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/12/23 10:19:56 | 000,006,690 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\B40A.FB7
[2010/12/16 06:05:30 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\html.html
[2009/11/03 14:55:06 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/09/22 23:20:14 | 000,016,113 | ---- | C] () -- C:\WINDOWS\ziweg.exe
[2009/09/22 23:20:13 | 000,018,426 | ---- | C] () -- C:\WINDOWS\System32\uzos.bin
[2009/09/22 23:20:13 | 000,018,144 | ---- | C] () -- C:\WINDOWS\uzofedojyc.com
[2009/09/21 12:11:22 | 000,015,583 | ---- | C] () -- C:\WINDOWS\kovecyciq.com
[2009/09/21 11:38:44 | 000,011,562 | ---- | C] () -- C:\WINDOWS\System32\qivyn.dat
[2009/09/21 11:35:19 | 000,018,386 | ---- | C] () -- C:\WINDOWS\System32\ikyjuzeri.dat
[2009/09/21 11:21:27 | 000,015,054 | ---- | C] () -- C:\WINDOWS\edyzohewu.bin
[2009/09/21 11:21:26 | 000,014,415 | ---- | C] () -- C:\WINDOWS\ezobahu.exe
[2009/09/21 11:21:26 | 000,010,124 | ---- | C] () -- C:\WINDOWS\imebypit.bin
[2009/09/21 08:53:35 | 000,019,609 | ---- | C] () -- C:\WINDOWS\wuwijenybe.dat
[2009/09/21 08:53:35 | 000,019,010 | ---- | C] () -- C:\WINDOWS\System32\etun.exe
[2009/09/21 08:53:35 | 000,018,906 | ---- | C] () -- C:\WINDOWS\erydezul.com
[2009/09/20 22:06:37 | 000,014,215 | ---- | C] () -- C:\WINDOWS\osutiwum.dat
[2009/09/20 22:06:37 | 000,014,093 | ---- | C] () -- C:\WINDOWS\yripahuqik.com
[2009/09/20 21:57:07 | 000,019,706 | ---- | C] () -- C:\WINDOWS\ihicy.exe
[2009/09/20 21:57:07 | 000,019,089 | ---- | C] () -- C:\WINDOWS\vynozemiwo.dat
[2009/09/20 21:57:07 | 000,016,378 | ---- | C] () -- C:\WINDOWS\kidivi.com
[2009/09/20 21:57:07 | 000,010,569 | ---- | C] () -- C:\WINDOWS\System32\qovu.dat
[2009/09/20 21:38:42 | 000,014,752 | ---- | C] () -- C:\WINDOWS\System32\hivedexyco.exe
[2009/09/20 21:38:42 | 000,013,051 | ---- | C] () -- C:\WINDOWS\sypopakej.bin
[2009/09/20 18:41:45 | 000,017,165 | ---- | C] () -- C:\WINDOWS\giqinufole.dat
[2009/09/20 18:41:45 | 000,015,846 | ---- | C] () -- C:\WINDOWS\uledow.bin
[2009/09/20 18:41:45 | 000,013,700 | ---- | C] () -- C:\WINDOWS\System32\agyhape.com
[2009/09/20 18:41:45 | 000,013,224 | ---- | C] () -- C:\WINDOWS\System32\civusoqeka.dat
[2009/09/20 18:41:44 | 000,019,270 | ---- | C] () -- C:\WINDOWS\System32\agikygyr.exe
[2009/09/19 13:48:08 | 000,019,659 | ---- | C] () -- C:\WINDOWS\tycecyzax.dat
[2009/09/19 13:48:07 | 000,014,023 | ---- | C] () -- C:\WINDOWS\bulib.dll
[2009/09/19 13:48:07 | 000,011,769 | ---- | C] () -- C:\WINDOWS\fimaxewa.com
[2009/09/01 07:25:27 | 000,000,346 | --S- | C] () -- C:\WINDOWS\System32\2243651138.dat
[2009/06/30 14:42:35 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\tiff2pdf.dll
[2009/04/29 11:58:34 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2008/02/29 10:07:53 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/26 10:51:51 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/04 11:04:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstpw.exe
[2006/01/04 10:19:16 | 004,464,640 | ---- | C] () -- C:\WINDOWS\System32\ImageMagickObject.dll
[2004/12/08 12:22:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/10/02 08:09:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/22 08:11:00 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/02 18:32:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24581_up.exe
[2004/04/29 06:37:36 | 000,000,136 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/25 20:50:28 | 000,028,775 | ---- | C] () -- C:\WINDOWS\javaw.exe
[2004/02/25 20:50:28 | 000,024,677 | ---- | C] () -- C:\WINDOWS\java.exe
[2004/02/24 17:28:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/23 22:16:59 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\fusioncache.dat
[2004/02/23 22:05:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/02/20 20:57:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/02/20 20:57:19 | 000,000,014 | ---- | C] () -- C:\WINDOWS\exchng32.ini
[2004/02/20 20:57:19 | 000,000,012 | ---- | C] () -- C:\WINDOWS\datalink.ini
[2004/02/20 20:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2004/02/04 09:38:00 | 000,000,027 | ---- | C] () -- C:\WINDOWS\V2101LOC.INI
[2004/02/04 08:56:20 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2004/02/04 08:56:19 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2004/02/04 08:56:19 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2004/02/04 08:56:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2004/02/03 20:41:46 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\PFP110JPR.{PB
[2004/02/03 20:41:46 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\PFP110JCM.{PB
[2004/02/03 19:36:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/01/31 08:52:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/29 18:04:08 | 000,000,695 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/01/29 16:09:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/01/29 09:25:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2004/01/21 18:33:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 18:27:52 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/01/21 18:22:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/01/21 18:20:40 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/21 18:07:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/01/21 18:05:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/21 18:05:28 | 000,813,782 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/01/21 18:05:28 | 000,158,464 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/01/21 18:05:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/21 17:51:44 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/19 11:41:32 | 000,377,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/19 11:40:04 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/08/19 11:38:56 | 000,000,889 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/13 20:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/14 11:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/07/14 11:30:27 | 000,034,816 | ---- | C] () -- C:\WINDOWS\patch.exe
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2002/10/08 12:24:44 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2002/09/03 06:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 06:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\TRAFFIC.DLL
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/03/20 00:00:00 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1996/03/20 00:00:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI

========== LOP Check ==========

[2010/02/15 21:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/24 20:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2004/01/29 18:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/03/21 07:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/02/26 10:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/03/06 12:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dKiFoJf06510
[2006/02/02 11:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel
[2010/12/25 09:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pCiFh08200
[2011/03/18 07:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/05/03 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2010/02/22 17:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/15 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2007/06/19 10:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\ICAClient
[2004/01/31 08:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Leadertech
[2011/01/31 17:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\pdfforge
[2011/05/03 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\QFX Software
[2011/01/31 17:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Search Settings
[2011/05/07 02:35:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2006/01/04 10:17:03 | 005,743,477 | ---- | M] (USPTO) -- C:\ABX121.exe
[2006/01/13 12:23:26 | 008,054,797 | ---- | M] () -- C:\DesignWorkshop_Lite-Win.exe
[2006/01/17 19:12:33 | 006,054,832 | ---- | M] (SolidWorks Corporation ) -- C:\eDrawingsEnglish.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
[2004/08/03 23:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/03 23:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2002/08/29 03:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SYSTEM32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SYSTEM32\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2002/08/29 03:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SYSTEM32\winlogon.exe
[2002/08/29 03:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2002/08/29 03:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe
[2004/05/26 17:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

#10
Render

Posted 07 May 2011 - 01:06 PM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Computer is still slow?

Please do the following:

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

How to add an attachment to a new topic or reply

#11
moe jr

Posted 07 May 2011 - 03:41 PM

Member

Topic Starter
Member
210 posts

I'm running the autoscan right now but it would not let me check all the boxes. The ones that were already checked were: Hidden Startup, System memory and Disc boot.

#12
Render

Posted 07 May 2011 - 04:21 PM

Trusted Helper

Malware Removal
4,195 posts

What boxes you couldn't check?

#13
moe jr

Posted 07 May 2011 - 05:18 PM

Member

Topic Starter
Member
210 posts

Surprise! It would not let me check: emai, documents and computer. But when it finished I opened it again and it let me check them this time. As soon as it finishes I'll post it. Thanks.

#14
Render

Posted 07 May 2011 - 05:43 PM

Trusted Helper

Malware Removal
4,195 posts

OK.

#15
moe jr

Posted 07 May 2011 - 07:55 PM

Member

Topic Starter
Member
210 posts

I'm having a problem with the autoscan. It finally completed with all the proper boxes checked. When I clicked 'Report' It showed the 3 scans that I tried. I highlihted the last one and clicked 'show all events', which it did. But I tried to highlight the results so I could copy and paste and it wouldn't respond to my cursor?