[bob999]

I will perform these steps when I get home.

On a quick note - the program that I was originally infected with was Internet Security 2011.

I ran Malwarebytes and apparently my userinit file was deleted by Malwarebytes

After seeing your new post I did a little digging and remembered that it was Internet Security 2011 that originally infected my system. I guess Internet Security 2011 corrupts the userinit.exe file and is causing my current problems.

Hope this helps.

Thanks

Bob

[Advertisements]

Could be... These rogue malwares are changing rapidly so you never now what problems they are causing. Please let me know when you done with the fix.

[maliprog]

Could be... These rogue malwares are changing rapidly so you never now what problems they are causing. Please let me know when you done with the fix.

[bob999]

Copied userinit.exe to my C:\windows\system32 folder as instructed

Restarted my computer and still got same log in screen as before and it wouldn't take my password, like before.

[maliprog]

Hi bob999,

Let's replace one more file the same way. What happens when you enter your password and press Enter? Does windows try to log you on and then get you back again to logon screen or you get prompt with error message?

Step 1

Please download

 logonui.zip   149.2KB   104 downloads

to your Desktop.
Insert your USB memory and unzip logonui.exe to it.

Step 2

Start OTLPE as you did previously from CD

• Insert your USB drive with logonui.exe on it
• Go to My Computer and copy logonui.exe from USB memory to C:\windows\system32\
• Double check to make sure you copy it to right place
  

Restart your system now and try to login to your windows normally.

Step 3

Start OTLPE as you did previously from CD
Copy the attached Scan.txt to a USB

 scan.txt   46bytes   100 downloads

• Insert your USB drive with scan.txt on it
• Start OTLPE
• Drag and drop scan.txt into the Custom scans and fixes box
• Then click the Run Scan button at the top
• When finished, the file will be saved in drive C:\\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• Post this OTL.txt here for me

[bob999]

Copied logonui.exe to my Windows/sys32 folder

REstarted my computer and SUCCESS! System started up just like before.

Here is my OTL Log file

OTL logfile created on: 5/27/2011 12:22:45 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 655.00 Mb Available Physical Memory | 73.00% Memory free
806.00 Mb Paging File | 704.00 Mb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.40 Gb Total Space | 2.53 Gb Free Space | 3.65% Space Free | Partition Type: NTFS
Drive E: | 69.89 Gb Total Space | 69.50 Gb Free Space | 99.45% Space Free | Partition Type: NTFS
Drive F: | 3.65 Gb Total Space | 1.12 Gb Free Space | 30.60% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (aswUpdSv)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/27 11:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/08/24 18:02:08 | 001,104,656 | ---- | M] (TiVo Inc.) [Disabled] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/01/08 20:31:04 | 000,057,640 | ---- | M] () [On_Demand] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 20:30:28 | 000,234,032 | ---- | M] () [Auto] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 19:42:42 | 000,285,744 | ---- | M] () [Auto] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/01/08 19:42:40 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/12/10 23:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/11/12 17:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2008/05/20 05:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/29 00:37:48 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 00:37:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/07 04:54:50 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...8&m=le1200&c=bb
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...8&m=le1200&c=bb
IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://bl145w.blu145...1.0&n=458994228
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 218.201.21.176:80


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/26 00:51:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 23:28:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/25 08:26:13 | 000,000,000 | ---D | M]

[2009/01/19 23:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/01/19 23:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\363hrlrn.default\extensions
[2011/04/29 08:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/03 23:13:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/17 23:07:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/18 23:46:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Wisdom-soft toolbar) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WhiteSmoke Tools Toolbar) - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\prxtbWhi0.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Wisdom-soft toolbar) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Tools Toolbar) - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\prxtbWhi0.dll (Conduit Ltd.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Wisdom-soft toolbar) - {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (WhiteSmoke Tools Toolbar) - {EBBA2A2F-7B79-462A-A550-E500FE0DD556} - C:\Program Files\WhiteSmoke_IE\prxtbWhi0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Administrator_ON_C..\Run: [Power2GoExpress] File not found
O4 - HKU\LogMeInRemoteUser_ON_C..\Run: [Power2GoExpress] File not found
O4 - HKU\Owner_ON_C..\Run: [{F9A9D613-88E9-EC3B-51B2-A845CF2F44CA}] File not found
O4 - HKU\Owner_ON_C..\Run: [Auslogics BoostSpeed] C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe (Auslogics)
O4 - HKU\Owner_ON_C..\Run: [MSMSGS] File not found
O4 - HKU\Owner_ON_C..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKU\Owner_ON_C..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKU\Owner_ON_C..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
O4 - HKU\Owner_ON_C..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe ()
O4 - HKU\Owner_ON_C..\Run: [WMPNSCFG] File not found
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe ()
O4 - HKU\Owner_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe (Insight Software Solutions)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O20 - AppInit_DLLs: (zafubuyu.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\wvUoNGXO) - File not found
O31 - SafeBoot: AlternateShell -
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/21 18:15:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 23:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/29 10:13:38 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/29 10:13:24 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2008/11/21 00:45:20 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/06 07:33:21 | 000,019,547 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\makeRes5.cfm.htm
[2011/05/26 23:04:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 23:53:04 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/25 00:44:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 00:30:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/25 00:30:33 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/16 22:25:40 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3275455987-2673572317-3754695004-1003.job
[2011/05/16 22:25:38 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3275455987-2673572317-3754695004-1003.job
[2011/05/02 22:31:05 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/04/29 20:58:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/29 10:13:38 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\vajosoti
[2011/08/06 07:33:21 | 000,019,547 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\makeRes5.cfm.htm
[2011/05/16 22:44:44 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/22 22:15:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/06 23:39:35 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/17 23:52:38 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/02/17 23:39:34 | 000,001,302 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/06/26 00:44:44 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Owner\data.bmd5
[2010/05/24 15:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 15:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 15:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 15:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 15:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 15:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 15:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 15:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 15:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 15:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 15:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 15:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 15:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 15:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 15:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 16:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 16:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 16:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 16:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 16:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 16:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 16:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 16:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 16:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 16:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/04/10 22:55:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\chrtmp
[2010/02/08 10:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2009/12/16 09:43:35 | 000,000,195 | ---- | C] () -- C:\WINDOWS\keywordsetting.ini
[2009/09/06 00:32:27 | 000,000,709 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2009/08/29 00:18:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/08/29 00:18:42 | 000,236,557 | ---- | C] () -- C:\WINDOWS\XSite Pro Uninstaller.exe
[2009/08/04 22:35:22 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2009/08/04 22:35:11 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2009/05/02 22:21:54 | 000,054,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/07 10:58:32 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2009/03/23 22:58:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/05 09:22:20 | 000,000,559 | -HS- | C] () -- C:\WINDOWS\System32\OXGNoUvw.ini2
[2009/01/05 09:22:19 | 000,000,559 | -HS- | C] () -- C:\WINDOWS\System32\OXGNoUvw.ini
[2008/12/11 04:58:38 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 01:41:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/21 01:04:48 | 000,005,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/08/22 18:38:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/22 18:23:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/22 18:13:38 | 000,601,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/08/22 18:13:38 | 000,124,948 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/21 18:52:38 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/21 18:38:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll
[2008/08/21 18:38:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll
[2008/08/21 18:37:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/08/21 18:37:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/08/21 18:14:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/21 18:13:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/30 04:20:40 | 000,023,634 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/02/25 00:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/25 00:29:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/25 00:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/25 00:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/25 00:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/16 18:17:56 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/28 03:45:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/01/13 00:53:52 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 05:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 05:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/08/20 23:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe

========== LOP Check ==========

[2010/11/02 00:35:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2011/02/18 00:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AnvSoft
[2010/07/02 00:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artisteer
[2009/08/30 22:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/12/21 23:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bluefive software
[2011/04/26 08:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreFTP
[2010/11/02 01:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dealio
[2011/05/02 20:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Doaki
[2011/04/25 07:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dylawy
[2009/10/03 09:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KeywordRockstar
[2010/07/03 08:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KSS Keyword Suggestion Scraper
[2009/09/03 23:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/06/18 22:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/11/02 00:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2011/02/22 09:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2009/01/12 23:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/10/12 19:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WhiteSmoke
[2010/12/11 00:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/12/11 09:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/06/01 23:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/02/17 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/01/28 23:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2009/01/29 00:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/04/03 07:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Keyword Sniper Pro
[2011/05/25 08:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/08/09 22:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2008/09/11 04:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/01/27 23:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpreadsheetGear
[2010/02/09 10:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/18 00:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TiVo
[2008/09/11 04:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/09/11 04:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: LOGONUI.EXE >
[2008/04/14 14:00:00 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=2081A5B5E4ABA206A0A8A1A97DF0FB23 -- C:\WINDOWS\system32\logonui.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53A46A33
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679ABA25
< End of report >

[maliprog]

Hi bob999,

Good job! Let's continue with the clean. We will download OTL on your system now.

Step 1

Download OTL to your Desktop

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
  IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 218.201.21.176:80
  O4 - HKU\Owner_ON_C..\Run: [{F9A9D613-88E9-EC3B-51B2-A845CF2F44CA}] File not found
  O20 - AppInit_DLLs: (zafubuyu.dll) - File not found
  O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\wvUoNGXO) - File not found
  [2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\vajosoti
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please don't forget to include these items in your reply:

• OTL fix log
• Malwarebytes log

It would be helpful if you could post each log in separate post

[bob999]

I am including my OTL file as an attatchment. I cound not open it because my notepad is gone, I can't access it among other functions on my syatem now, like system restore, things that are suppose to be in c:/windows/system32 are gone. Anyway will run Malwarebytes and post in next reply.

Thank You

Bob

Attached Files

•  05282011_220526.log   2.36KB   103 downloads

[bob999]

Opened malwarebytes and hit Update.

System updated and requested restart which I did.

Upon restart got this message before windows loaded..don't know if this is important or not.

"Windows cannot find regsvr32.exe. Make sure you typed the name corectly and then try again. To search ect...."

Here is the Log file which when I clicked on it I had to select from a list of programs to open it with because my notepad program is gone.


Here is the log file - thanks



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6701

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/28/2011 11:45:41 PM
mbam-log-2011-05-28 (23-45-41).txt

Scan type: Quick scan
Objects scanned: 185393
Time elapsed: 1 hour(s), 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F9A9D613-88E9-EC3B-51B2-A845CF2F44CA} (Trojan.ZbotR.Gen) -> Value: {F9A9D613-88E9-EC3B-51B2-A845CF2F44CA} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by bob999, 28 May 2011 - 09:51 AM.

[maliprog]

Hi bob999,

When does this happened? Did you have these problems before OTL Fix? Can you pin point the moment you notice these problems?

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  

  C:\_OTL\MovedFiles\*.* /s
  

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

[bob999]

I noticed these issues of missing files when I was able to get back into my system after the Internet Security 2011 infection.

Ran scan as instructed.

Here is copy of OTL scan log file

OTL logfile created on: 5/31/2011 7:49:07 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 130.07 Mb Available Physical Memory | 14.54% Memory free
2.12 Gb Paging File | 0.94 Gb Available in Paging File | 44.56% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.40 Gb Total Space | 2.35 Gb Free Space | 3.38% Space Free | Partition Type: NTFS
Drive D: | 69.89 Gb Total Space | 69.50 Gb Free Space | 99.45% Space Free | Partition Type: NTFS

Computer Name: EMACHINE-3E20C6 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 22:04:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/27 11:51:05 | 007,626,104 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/01/27 11:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/26 00:51:24 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/09/17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/08/24 18:02:20 | 000,608,528 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
PRC - [2010/08/24 18:02:18 | 002,264,336 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoServer.exe
PRC - [2010/08/24 18:02:14 | 000,437,520 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/08 20:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 20:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 19:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/01/08 19:42:40 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/11/23 11:30:52 | 000,736,464 | ---- | M] ( James J. Jones, LLC.) -- C:\Program Files\Micro Niche Finder\bggoogle.exe
PRC - [2009/08/04 22:06:46 | 000,475,760 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 23:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2003/04/18 15:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Micro Niche Finder\srvany.exe


========== Modules (SafeList) ==========

MOD - [2011/05/28 22:04:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/27 11:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/08/24 18:02:08 | 001,104,656 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/01/08 20:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 20:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 19:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/01/08 19:42:40 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/12/10 23:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2003/04/18 15:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Micro Niche Finder\srvany.exe -- (Micro Niche Finder Background Download Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/11/12 17:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2008/05/20 05:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/29 00:37:48 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 00:37:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/07 04:54:50 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bl145w.blu145...1.0&n=458994228
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 218.201.21.176:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-flv"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.41
FF - prefs.js..extensions.enabledItems: {289F3A4A-F3FF-4173-B994-DBC887E9C468}:0.3.5
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.12
FF - prefs.js..extensions.enabledItems: [email protected]:4.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://search.yahoo....type=616163&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/26 00:51:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/27 10:59:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/27 10:59:24 | 000,000,000 | ---D | M]

[2008/11/21 01:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/28 23:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions
[2010/09/03 23:15:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/03 01:22:36 | 000,000,000 | ---D | M] (Objection) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\{289F3A4A-F3FF-4173-B994-DBC887E9C468}
[2010/10/19 22:48:07 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/08/03 00:13:41 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/04/29 07:46:50 | 000,000,000 | ---D | M] (www.dotu.ru) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2009/10/19 08:54:46 | 000,000,000 | ---D | M] ("KeywordSpy SEO") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
[2010/08/24 00:09:15 | 000,000,000 | ---D | M] ("LinkDiagnosis 2.2") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\[email protected]
[2010/09/03 23:15:24 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\[email protected]
[2010/11/01 17:31:32 | 000,000,000 | ---D | M] (MP4 Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\[email protected]
[2011/02/17 22:52:33 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\[email protected]
[2011/02/09 00:02:00 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\extensions\[email protected]
[2010/10/28 23:01:12 | 000,004,153 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xa1ox773.default\searchplugins\youtube.xml
[2011/05/27 11:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/03 23:13:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/26 00:51:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/11/02 00:35:46 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2010/11/02 00:35:47 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2010/06/17 23:07:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/18 23:46:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Wisdom-soft toolbar) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WhiteSmoke Tools Toolbar) - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\prxtbWhi0.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Wisdom-soft toolbar) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Tools Toolbar) - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\prxtbWhi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Wisdom-soft toolbar) - {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke Tools Toolbar) - {EBBA2A2F-7B79-462A-A550-E500FE0DD556} - C:\Program Files\WhiteSmoke_IE\prxtbWhi0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Auslogics BoostSpeed] C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe (Auslogics)
O4 - HKCU..\Run: [MSMSGS] File not found
O4 - HKCU..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe ()
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe (Insight Software Solutions)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell -
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/21 18:15:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7fa32146-c34b-11dd-b78c-001d72a78bea}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa32146-c34b-11dd-b78c-001d72a78bea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7fa32146-c34b-11dd-b78c-001d72a78bea}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/28 22:04:03 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2011/05/18 23:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2008/11/21 00:45:20 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/06 07:33:21 | 000,019,547 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\makeRes5.cfm.htm
[2011/05/31 19:49:17 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3275455987-2673572317-3754695004-1003.job
[2011/05/31 19:49:17 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3275455987-2673572317-3754695004-1003.job
[2011/05/28 22:25:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/28 22:25:54 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/28 22:23:53 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/28 22:04:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2011/05/27 20:58:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/27 00:41:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 00:30:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/06 07:33:21 | 000,019,547 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\makeRes5.cfm.htm
[2011/05/16 22:44:44 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/22 22:15:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/06 23:39:35 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/17 23:52:38 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/02/17 23:39:34 | 000,001,302 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/24 15:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 15:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 15:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 15:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 15:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 15:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 15:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 15:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 15:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 15:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 15:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 15:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 15:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 15:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 15:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 16:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 16:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 16:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 16:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 16:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 16:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 16:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 16:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 16:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 16:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/04/10 22:55:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\chrtmp
[2010/02/08 10:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2009/12/16 09:43:35 | 000,000,195 | ---- | C] () -- C:\WINDOWS\keywordsetting.ini
[2009/09/06 00:32:27 | 000,000,709 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2009/08/29 00:18:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/08/29 00:18:42 | 000,236,557 | ---- | C] () -- C:\WINDOWS\XSite Pro Uninstaller.exe
[2009/08/04 22:35:22 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2009/08/04 22:35:11 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2009/05/02 22:21:54 | 000,054,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/23 22:58:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/05 09:22:20 | 000,000,559 | -HS- | C] () -- C:\WINDOWS\System32\OXGNoUvw.ini2
[2009/01/05 09:22:19 | 000,000,559 | -HS- | C] () -- C:\WINDOWS\System32\OXGNoUvw.ini
[2008/12/11 04:58:38 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 01:41:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/21 01:04:48 | 000,005,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/08/22 18:38:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/22 18:23:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/22 18:13:38 | 000,601,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/08/22 18:13:38 | 000,124,948 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/21 18:52:38 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/21 18:38:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll
[2008/08/21 18:38:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll
[2008/08/21 18:37:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/08/21 18:37:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/08/21 18:14:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/21 18:13:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/30 04:20:40 | 000,023,634 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/02/25 00:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/25 00:29:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/25 00:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/25 00:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/25 00:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/16 18:17:56 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/28 03:45:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/01/13 00:53:52 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 05:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 05:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/08/20 23:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe

========== LOP Check ==========

[2010/06/01 23:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/02/17 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/01/28 23:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2009/01/29 00:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/04/03 07:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Keyword Sniper Pro
[2011/05/31 00:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/08/09 22:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2008/09/11 04:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/01/27 23:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpreadsheetGear
[2010/02/09 10:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/18 00:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TiVo
[2008/09/11 04:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/09/11 04:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/02/18 00:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AnvSoft
[2010/07/02 00:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artisteer
[2009/08/30 22:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/12/21 23:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bluefive software
[2011/04/26 08:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreFTP
[2010/11/02 01:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dealio
[2011/05/02 20:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Doaki
[2011/04/25 07:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dylawy
[2009/10/03 09:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KeywordRockstar
[2010/07/03 08:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KSS Keyword Suggestion Scraper
[2009/09/03 23:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/06/18 22:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/11/02 00:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2011/02/22 09:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2009/01/12 23:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/10/12 19:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WhiteSmoke
[2010/12/11 00:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/12/11 09:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< C:\_OTL\MovedFiles\*.* /s >
[2011/05/18 23:46:08 | 000,003,210 | ---- | M] () -- C:\_OTL\MovedFiles\05182011_234607.log
[2011/05/28 22:05:26 | 000,002,416 | ---- | M] () -- C:\_OTL\MovedFiles\05282011_220526.log
[2011/04/17 12:35:10 | 000,049,246 | ---- | M] () -- C:\_OTL\MovedFiles\05182011_234607\C_Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/04/30 09:50:07 | 000,008,398 | ---- | M] () -- C:\_OTL\MovedFiles\05182011_234607\C_Documents and Settings\Owner\Local Settings\Application Data\dfl18z32.dll
[2011/04/30 09:49:49 | 000,000,050 | ---- | M] () -- C:\_OTL\MovedFiles\05182011_234607\C_Documents and Settings\Owner\Local Settings\Application Data\wsr18zt32.dll
[2009/03/30 23:22:28 | 000,001,108 | ---- | M] () -- C:\_OTL\MovedFiles\05182011_234607\C_WINDOWS\System32\drivers\etc\hosts
[2011/05/17 22:33:39 | 000,000,310 | ---- | M] () -- C:\_OTL\MovedFiles\05182011_234607\C_WINDOWS\tasks\kcvihcvs.job
[2010/02/08 10:25:34 | 000,011,168 | -H-- | M] () -- C:\_OTL\MovedFiles\05282011_220526\C_WINDOWS\system32\vajosoti

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53A46A33
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679ABA25

< End of report >

Edited by bob999, 31 May 2011 - 06:08 AM.

[maliprog]

OTL log should be saved in the same location from where you run OTL.exe. Can you find it now?

[maliprog]

OK. Let's try to restore some functions to your system.

Step 1

Please download UnHide.exe and run it.

Step 2

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)


Step 3

Please test your system and try to confirm is there notepad.exe (and other files) in C:\windows\system32\notepad.exe after this two steps.

[maliprog]

I would also like you to run this step.

Download SREng

• Extract it to Desktop and double click SREngLdr.EXE to run it
• Select System Repair from the left pane.
• Click on File Association
• Select all entries that has an Error status click [Repair]
• Refer to this image for an example:
  
  
  
• Close SREng now.

[bob999]

Downloaded and ran UnHide.exe but got an error message when trying to run it.

I took a screencap of the message - screencap attached.

Attached Thumbnails

• 

[bob999]

Downloaded and ran exehelper

Here is the log file.

exeHelper by Raktor
Build 20100414
Run at 19:10:22 on 05/31/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--