Avira has been deleted.
Creating the EXE application still does not work. Before restarting, I created it, then closed the box. When I went back, it was already gone. I created again and restarted; it was gone again.
Here is the OTL log:
OTL logfile created on: 5/24/2011 7:23:05 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop\Recent Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.91 Gb Total Space | 163.19 Gb Free Space | 89.71% Space Free | Partition Type: NTFS
Drive D: | 4.39 Gb Total Space | 2.72 Gb Free Space | 61.96% Space Free | Partition Type: FAT32
Computer Name: YOUR-F9E528998D | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/05/24 19:02:47 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/17 20:16:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\Recent Downloads\OTL.scr
PRC - [2011/04/14 14:08:02 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:08:02 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/12/16 09:11:52 | 001,195,920 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/01/15 19:02:04 | 001,275,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\mfp.exe
PRC - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
========== Modules (SafeList) ========== MOD - [2011/05/17 20:16:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\Recent Downloads\OTL.scr
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/14 14:08:02 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:08:02 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:08:02 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/24 10:21:40 | 000,118,784 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/04/14 18:47:40 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/11 14:10:42 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Stopped] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/07 16:04:42 | 000,228,352 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (fpUpdateSvc)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/02/16 08:27:20 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
========== Driver Services (SafeList) ========== DRV - [2011/04/14 14:08:02 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:08:02 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:08:02 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:08:02 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:08:02 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:08:02 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:08:02 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:08:02 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:08:02 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:08:02 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/10/18 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/02/16 08:22:46 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/12/19 22:37:42 | 004,127,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/29 16:12:32 | 001,391,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/17 12:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 12:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 12:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/04/14 00:14:12 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.c...s=DTP&M=GT5062EIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/18 20:25:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/24 19:03:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/24 19:03:01 | 000,000,000 | ---D | M]
[2011/05/15 19:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/17 19:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dmrlh3ny.default\extensions
[2011/05/15 21:01:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dmrlh3ny.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/01 14:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/18 20:25:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 14:08:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
O1 HOSTS File: ([2011/05/20 07:19:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110509184949.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\mfp.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: vzTCPConfig
http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/05/22 19:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Recent Downloads
[2011/05/21 07:01:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/20 07:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/20 07:11:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/20 07:07:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/20 07:07:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/20 07:07:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/20 07:07:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/20 07:07:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/20 07:05:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/18 20:16:23 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/05/17 19:23:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 23:15:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/15 22:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/15 22:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/15 19:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/05/15 19:23:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/15 19:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/15 19:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/15 19:23:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/15 19:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/15 19:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/05/15 19:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/05/15 19:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[21 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/05/24 19:20:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/24 19:17:34 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/24 19:17:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/24 19:13:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 16:43:40 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/21 07:49:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/20 07:19:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/20 07:11:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/16 17:43:15 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2011/05/16 11:44:54 | 000,048,187 | ---- | M] () -- C:\crash.dmp
[2011/05/15 19:23:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/15 19:14:31 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/15 18:55:58 | 002,203,242 | ---- | M] () -- C:\logfile
[2011/05/15 10:56:53 | 001,523,712 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/05/15 10:56:51 | 002,969,600 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[21 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/05/20 07:11:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/20 07:11:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/20 07:07:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/20 07:07:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/20 07:07:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/20 07:07:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/20 07:07:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/17 21:28:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/15 19:23:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/11 20:50:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/05/27 12:04:53 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/11/04 12:19:16 | 000,224,696 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_engine.dll
[2007/03/26 13:42:39 | 000,000,102 | ---- | C] () -- C:\WINDOWS\DISCOVER.INI
[2006/08/14 14:48:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/08/14 14:48:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/02/16 08:44:52 | 000,110,293 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/16 08:21:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/16 08:20:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/02/16 08:16:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/16 08:16:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/16 08:10:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 14:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 12:12:43 | 000,001,206 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 12:12:10 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 12:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 12:12:10 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 12:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 12:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 12:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 12:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 12:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 12:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 12:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 06:54:01 | 000,184,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ========== [2006/02/16 09:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2006/02/16 08:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/03/03 17:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2006/02/16 08:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/05/30 16:24:37 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2006/05/30 16:24:38 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2011/05/24 19:20:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ========== ========== Custom Scans ========== < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/24 19:02:54 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/24 19:02:54 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/24 19:02:54 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/24 19:02:47 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/24 19:02:47 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/24 19:02:47 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/24 19:02:54 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/24 19:02:54 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/24 19:02:54 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/24 19:02:47 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/24 19:02:47 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/24 19:02:47 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< End of report >
This topic is locked
xp_fileassoc.zip 2.1KB
110 downloads
Sign In
Create Account
