Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Nothing on Desktop...No Programs!


  • Please log in to reply

#1
Lee07666

Lee07666

    Member

  • Member
  • PipPip
  • 34 posts
Hello,

I ran Malware Removal but when i restarted my Windows XP, everything but the recycle bin was gone from my desktop. When I click start, there are no programs to be seen. I tried system retore but there were no restore points. I was able to start IE from the bottom taskbar on my desktop.

I ran OTL and received 2 files. One says OTL.txt and the other is Extras.txt. I am copying them here in that order.

OTL logfile created on: 6/8/2011 8:53:11 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Aliza\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.32% Memory free
3.84 Gb Paging File | 3.15 Gb Available in Paging File | 82.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 45.92 Gb Free Space | 30.83% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Aliza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/08 20:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aliza\desktop\OTL.exe
PRC - [2011/06/08 19:39:19 | 000,232,960 | -H-- | M] () -- C:\WINDOWS\Rmipyb.exe
PRC - [2011/06/08 19:39:18 | 000,240,128 | -H-- | M] () -- C:\Documents and Settings\Aliza\Local Settings\Temp\Rl3.exe
PRC - [2011/05/26 17:56:40 | 000,501,200 | RH-- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\SZOptions.exe
PRC - [2011/05/26 17:56:38 | 000,177,616 | RH-- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/05/26 17:56:32 | 000,062,928 | RH-- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/05/12 09:34:34 | 000,399,736 | -H-- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/04/27 14:20:43 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 17:29:26 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/05/14 13:59:44 | 000,455,944 | -H-- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/08 23:17:50 | 000,180,224 | -H-- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/05/21 11:14:02 | 001,025,264 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/09 05:19:11 | 000,144,792 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 10:28:20 | 000,204,800 | -H-- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | -H-- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2003/10/13 03:04:00 | 000,184,320 | -H-- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe


========== Modules (SafeList) ==========

MOD - [2011/06/08 20:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aliza\desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/09/12 01:00:00 | 000,053,248 | -H-- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/26 17:56:32 | 000,062,928 | RH-- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/04/27 14:20:43 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 17:29:26 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/14 13:59:44 | 000,455,944 | -H-- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/03 16:52:26 | 000,120,168 | -H-- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2009/04/26 20:05:00 | 002,870,429 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/09 21:00:13 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/14 00:04:44 | 000,201,968 | -H-- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/15 10:28:20 | 000,204,800 | -H-- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/10/11 10:49:46 | 000,076,016 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | -H-- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/03/09 16:31:02 | 000,065,795 | RH-- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 17:29:27 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 09:40:21 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/12 18:01:06 | 000,059,280 | RH-- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | RH-- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | RH-- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/08 23:21:18 | 000,059,388 | -H-- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/03 16:37:16 | 000,721,904 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/19 16:01:56 | 000,053,888 | -H-- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate)
DRV - [2008/05/19 16:01:50 | 000,027,904 | -H-- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software)
DRV - [2008/02/20 13:47:34 | 000,027,936 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/08/23 19:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/13 21:41:44 | 004,403,712 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/18 20:01:20 | 000,012,672 | -H-- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 17:07:28 | 000,004,736 | -H-- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | -H-- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | -H-- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/10/07 21:16:04 | 000,035,840 | -H-- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/26 11:55:12 | 000,091,241 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P1131Vid.sys -- (P1131VID) Creative WebCam NX Pro (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080415
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080415

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://uncyclopedia....ow_to_be_funny"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.0
FF - prefs.js..extensions.enabledItems: {21b88860-5e00-44dd-bdac-fca1f791837e}:0.2.0.7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:1.6.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.31
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: movepla[email protected]:7
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56283
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/05 22:14:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/26 21:28:36 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 18:35:35 | 000,000,000 | -H-D | M]

[2008/08/28 10:54:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Extensions
[2011/05/05 13:44:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions
[2009/09/02 13:26:40 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/27 12:32:32 | 000,000,000 | -H-D | M] (Kaboodle) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{21b88860-5e00-44dd-bdac-fca1f791837e}
[2010/08/19 10:38:20 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/27 22:49:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/10/31 16:15:23 | 000,000,000 | -H-D | M] ("SearchStatus") -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/01/03 14:31:36 | 000,000,000 | -H-D | M] (Firebug) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2009/04/26 14:23:15 | 000,000,000 | -H-D | M] (InstantAction.com Game Launcher) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2008/08/06 20:34:18 | 000,000,000 | -H-D | M] (RealArcade V3 Plugin) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2008/05/04 14:32:35 | 000,000,275 | -H-- | M] () -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\searchplugins\search.xml
[2011/05/05 13:44:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/02 19:56:47 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOVE NETWORKS
[2010/03/05 22:14:49 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/04/03 20:54:32 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2005/12/05 22:31:00 | 000,114,688 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/05/04 14:32:39 | 000,000,368 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml

O1 HOSTS File: ([2011/05/29 11:57:56 | 000,000,021 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Documents and Settings\Aliza\Application Data\Google Talk\googletalk.exe ()
O4 - HKCU..\Run: [hsRITIwubRlhk] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [YDZ1QVAGOJ] C:\Documents and Settings\Aliza\Local Settings\Temp\Rl3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1266631313843 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ll.g.gametap....pWebUpdater.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/12 14:04:00 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6b7a0b51-756b-11dd-8a8d-001d09944c17}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 20:52:53 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aliza\Desktop\OTL.exe
[2011/06/08 20:22:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Aliza\Recent
[2011/06/08 20:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\Google Talk
[2011/06/08 19:49:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Aliza\Start Menu\Programs\Windows XP Restore
[2011/06/08 19:48:46 | 000,352,256 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\17489700.exe
[2011/06/05 00:14:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Aliza\Desktop\CLEAN
[2011/06/04 13:39:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Aliza\Desktop\WEDDING BIZ
[2011/05/29 11:55:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/05/29 11:55:14 | 000,000,000 | -H-D | C] -- C:\Program Files\STOPzilla!
[2011/05/29 11:55:12 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\iS3
[2011/05/29 11:55:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/05/26 23:32:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/26 23:28:30 | 000,012,872 | -H-- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/26 23:18:44 | 000,000,000 | -H-D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/26 23:18:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/05/26 23:17:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/26 17:56:26 | 000,546,256 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/05/26 17:56:26 | 000,456,144 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/05/26 17:56:26 | 000,132,560 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/05/26 17:56:26 | 000,022,992 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/05/26 17:56:24 | 000,398,800 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/05/26 17:56:24 | 000,099,792 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/05/26 17:56:24 | 000,099,792 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/05/26 17:56:24 | 000,067,024 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/05/26 17:56:24 | 000,028,624 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/05/26 17:56:22 | 000,738,768 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/05/26 17:56:22 | 000,390,608 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/05/26 17:56:22 | 000,230,864 | RH-- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/05/26 01:13:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/26 01:13:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/05/25 21:11:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/05/25 20:22:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/25 20:22:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/21 21:56:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/21 21:56:00 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Skype
[25 C:\Documents and Settings\Aliza\My Documents\*.tmp files -> C:\Documents and Settings\Aliza\My Documents\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Aliza\Desktop\*.tmp files -> C:\Documents and Settings\Aliza\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/08 20:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aliza\Desktop\OTL.exe
[2011/06/08 20:50:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/08 20:46:53 | 000,001,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/08 20:46:20 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/08 20:43:12 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2011/06/08 20:43:11 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2011/06/08 20:42:59 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/06/08 20:42:33 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/08 20:42:31 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/08 20:42:28 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/08 20:42:28 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\kozmz.job
[2011/06/08 20:42:25 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\ksjurhc.job
[2011/06/08 20:42:21 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\PBBQDQYJFZ.job
[2011/06/08 20:42:21 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
[2011/06/08 20:42:14 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\fuui.job
[2011/06/08 20:42:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 20:42:05 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/08 20:11:03 | 000,000,926 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job
[2011/06/08 20:11:02 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job
[2011/06/08 19:49:30 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/08 19:49:29 | 000,000,817 | -H-- | M] () -- C:\Documents and Settings\Aliza\Desktop\Windows XP Restore.lnk
[2011/06/08 19:49:29 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/08 19:48:55 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/08 19:39:19 | 000,232,960 | -H-- | M] () -- C:\WINDOWS\Rmipyb.exe
[2011/06/08 19:39:17 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\kbdire.dll
[2011/06/08 19:39:17 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\kbdintele.dll
[2011/06/08 19:39:17 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\CatRoot2D.dll
[2011/06/08 19:39:16 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\wowdebb.dll
[2011/06/08 19:39:15 | 000,232,960 | -H-- | M] () -- C:\WINDOWS\Rmipya.exe
[2011/06/08 14:05:28 | 000,065,261 | -H-- | M] () -- C:\Documents and Settings\Aliza\Desktop\winding1.png
[2011/06/08 13:14:02 | 000,072,080 | -H-- | M] () -- C:\Documents and Settings\Aliza\g2mdlhlpx.exe
[2011/06/06 23:54:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/05 22:12:47 | 000,002,284 | -H-- | M] () -- C:\Documents and Settings\Aliza\Desktop\Google Chrome.lnk
[2011/06/05 20:55:26 | 000,000,083 | -H-- | M] () -- C:\WINDOWS\wwp.INI
[2011/06/04 14:37:47 | 000,000,494 | -H-- | M] () -- C:\hpfr5550.xml
[2011/06/03 08:59:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
[2011/06/02 22:04:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\null
[2011/05/29 11:57:56 | 000,000,021 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/26 23:35:37 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/26 23:28:30 | 000,012,872 | -H-- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/26 23:18:45 | 000,017,480 | -H-- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/26 17:56:26 | 000,546,256 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/05/26 17:56:26 | 000,456,144 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/05/26 17:56:26 | 000,132,560 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/05/26 17:56:26 | 000,022,992 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/05/26 17:56:24 | 000,398,800 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/05/26 17:56:24 | 000,099,792 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/05/26 17:56:24 | 000,099,792 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/05/26 17:56:24 | 000,067,024 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/05/26 17:56:24 | 000,028,624 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/05/26 17:56:22 | 000,738,768 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/05/26 17:56:22 | 000,390,608 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/05/26 17:56:22 | 000,230,864 | RH-- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[25 C:\Documents and Settings\Aliza\My Documents\*.tmp files -> C:\Documents and Settings\Aliza\My Documents\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Aliza\Desktop\*.tmp files -> C:\Documents and Settings\Aliza\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/08 20:44:46 | 000,001,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/08 20:42:05 | 2136,129,536 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/08 19:49:29 | 000,000,817 | -H-- | C] () -- C:\Documents and Settings\Aliza\Desktop\Windows XP Restore.lnk
[2011/06/08 19:49:29 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/08 19:49:29 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/08 19:48:55 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/08 19:39:35 | 000,232,960 | -H-- | C] () -- C:\WINDOWS\Rmipyb.exe
[2011/06/08 19:39:31 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/08 19:39:26 | 000,232,960 | -H-- | C] () -- C:\WINDOWS\Rmipya.exe
[2011/06/08 19:39:25 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\PBBQDQYJFZ.job
[2011/06/08 19:39:23 | 000,000,314 | -HS- | C] () -- C:\WINDOWS\tasks\fuui.job
[2011/06/08 19:39:23 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\kozmz.job
[2011/06/08 19:39:23 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\ksjurhc.job
[2011/06/08 19:39:18 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/08 19:39:17 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\kbdire.dll
[2011/06/08 19:39:17 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\kbdintele.dll
[2011/06/08 19:39:17 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\CatRoot2D.dll
[2011/06/08 19:39:16 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\wowdebb.dll
[2011/06/08 14:06:08 | 000,065,261 | -H-- | C] () -- C:\Documents and Settings\Aliza\Desktop\winding1.png
[2011/05/26 23:18:45 | 000,017,480 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/24 10:13:14 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\wwp.INI
[2011/03/24 15:18:42 | 000,104,552 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/25 19:19:58 | 000,020,454 | -H-- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2011/02/25 19:19:58 | 000,016,618 | -H-- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2011/01/20 18:45:34 | 000,023,886 | -H-- | C] () -- C:\Documents and Settings\Aliza\Application Data\EAFE.1FF
[2010/08/10 11:57:55 | 000,335,528 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/24 10:28:28 | 000,005,097 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako
[2010/04/18 09:44:35 | 001,592,106 | -H-- | C] () -- C:\WINDOWS\WANEUninstaller.exe
[2010/04/04 14:17:03 | 000,000,122 | -H-- | C] () -- C:\WINDOWS\WA.INI
[2010/03/29 23:02:52 | 000,020,454 | -H-- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/03/29 23:02:52 | 000,016,618 | -H-- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/03/29 16:05:33 | 000,017,888 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5lRk1
[2010/03/29 16:05:33 | 000,017,888 | -HS- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\5lRk1
[2010/02/28 18:54:12 | 000,085,504 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/28 10:22:22 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/28 10:12:36 | 000,006,940 | -H-- | C] () -- C:\Documents and Settings\Aliza\Application Data\PrimoPDFSet.xml
[2009/08/28 10:11:01 | 000,176,235 | -H-- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/06/07 22:23:31 | 001,820,358 | -H-- | C] () -- C:\WINDOWS\XSitePro2 Resource Pack 1 Uninstaller.exe
[2009/06/07 22:15:21 | 000,831,422 | -H-- | C] () -- C:\WINDOWS\XSitePro2 Uninstaller.exe
[2009/06/03 17:18:33 | 000,043,520 | -H-- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/24 16:30:23 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009/04/27 00:13:36 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/07 22:09:31 | 000,765,952 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/07 22:09:31 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/14 11:53:20 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/22 18:53:18 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\mf.dll
[2008/11/06 22:41:12 | 000,000,228 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/17 12:35:32 | 000,018,790 | -H-- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/10/09 21:09:12 | 002,463,976 | -H-- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/07 17:42:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/15 10:05:50 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/14 18:52:33 | 001,003,520 | -H-- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2008/08/06 18:25:23 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat
[2008/08/06 16:05:34 | 000,265,833 | -H-- | C] () -- C:\Documents and Settings\Aliza\Application Data\com.kennettnet.MusicRescue4.Profiles.plist
[2008/08/06 16:05:34 | 000,090,164 | -H-- | C] () -- C:\Documents and Settings\Aliza\Application Data\com.kennettnet.MusicRescue4.plist
[2008/07/09 22:44:52 | 000,000,108 | -H-- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/07/09 22:44:52 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/07/09 22:44:52 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2008/06/11 15:18:45 | 000,231,424 | -H-- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/06 20:29:17 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/06/06 17:58:40 | 001,936,528 | -H-- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/05/28 22:30:14 | 000,001,292 | -H-- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\FASTWiz.html
[2008/05/28 21:51:26 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\fusioncache.dat
[2008/05/25 14:00:34 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2008/05/18 18:51:31 | 000,000,127 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/14 18:22:49 | 000,001,507 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/30 14:02:45 | 000,561,152 | RH-- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2008/04/28 20:00:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/15 01:34:01 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/15 01:31:10 | 000,000,859 | -H-- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/04/15 01:29:41 | 000,056,056 | -H-- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/15 01:29:41 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/15 01:09:57 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/15 01:09:49 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/04/15 01:08:26 | 000,001,124 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/19 02:33:34 | 000,446,352 | -H-- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/18 17:36:54 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/08/06 11:07:30 | 000,008,784 | -H-- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/09 03:12:32 | 000,027,648 | -H-- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/11/07 05:25:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 000,520,192 | -H-- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 14:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,482,720 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:35 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 13:51:35 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 13:51:35 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 13:51:35 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 13:51:35 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/10 13:51:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,476,568 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,085,458 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 15:27:16 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ddcvt.exe
[2003/09/23 08:14:42 | 001,099,264 | -H-- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 10:59:20 | 000,980,992 | -H-- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/08 20:28:16 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\cygz.dll

========== LOP Check ==========

[2009/08/30 00:47:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\215711
[2009/05/22 20:26:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\Affilorama
[2009/02/06 16:24:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\DAEMON Tools
[2009/06/03 16:42:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\DAEMON Tools Lite
[2009/02/06 16:24:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\DAEMON Tools Pro
[2008/10/17 12:37:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\deskPDF
[2009/08/13 03:08:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\DNA
[2009/10/08 15:05:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\eBookPro6
[2008/06/20 01:23:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\Eltima Software
[2010/03/31 20:42:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\Facebook
[2011/05/19 22:05:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\FileZilla
[2011/02/22 19:39:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\FreeVideoConverter
[2009/04/26 14:30:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\GarageGames
[2010/07/18 12:20:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\GeoVid
[2008/06/06 17:57:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\GetRightToGo
[2008/05/04 18:14:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\GlarySoft
[2009/05/24 16:29:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\ijjigame
[2010/06/06 21:19:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\ImgBurn
[2008/07/23 21:38:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\Linksys
[2010/06/24 10:28:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\MOVAVI
[2010/04/27 15:25:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\NCH Swift Sound
[2010/07/18 13:58:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\Publish Providers
[2008/05/25 14:02:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\QQ Games Plugin
[2011/05/29 12:56:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\Research In Motion
[2011/04/12 22:25:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\Rovio
[2010/01/18 19:42:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\SmartDraw
[2010/07/18 13:58:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\Sony
[2009/07/11 15:31:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\StumbleUpon
[2010/05/13 16:36:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\SystemRequirementsLab
[2010/02/22 16:58:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\TeamViewer
[2008/06/06 20:24:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\Tunebite
[2011/06/08 20:52:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\uTorrent
[2008/05/25 14:03:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\Viewpoint
[2010/07/18 12:16:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aliza\Application Data\VisiFly
[2008/11/07 01:37:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner
[2009/08/19 22:38:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Bryxen Software
[2009/02/06 16:24:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/12 14:09:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/08/06 18:31:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap
[2011/05/26 23:28:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/26 17:28:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2008/07/23 21:52:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2010/05/04 15:25:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/15 18:30:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/06/06 20:30:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/04/15 01:31:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/07/18 14:09:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/06/08 20:59:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/04/15 01:32:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/01/21 22:32:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/13 21:13:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/14 21:42:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/06 21:43:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/29 23:21:35 | 000,000,354 | -H-- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1269919112.job
[2011/06/08 20:42:14 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\Tasks\fuui.job
[2011/06/08 20:42:33 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/06/08 20:42:28 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\Tasks\kozmz.job
[2011/06/08 20:42:25 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\ksjurhc.job
[2011/06/08 20:42:21 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\PBBQDQYJFZ.job
[2010/05/07 15:26:00 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job
[2011/06/08 20:42:59 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2011/02/02 19:17:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2010/12/14 16:32:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/06/08 20:42:31 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/08 20:46:20 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/06/02 19:13:28 | 000,010,225 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\???.kolachai.hebrewname.docx) -- C:\Documents and Settings\Aliza\My Documents\קול.kolachai.hebrewname.docx
[2010/06/02 19:13:28 | 000,010,225 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\???.kolachai.hebrewname.docx) -- C:\Documents and Settings\Aliza\My Documents\קול.kolachai.hebrewname.docx
[2007/06/19 22:56:49 | 000,139,776 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\??? ?????2.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיע2.doc
[2007/06/19 22:56:49 | 000,131,072 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\??? ??????.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיעו.doc
[2007/06/19 22:56:49 | 000,024,064 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\???? 1.doc) -- C:\Documents and Settings\Aliza\My Documents\עמוד 1.doc
[2007/06/19 22:54:11 | 000,090,624 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\4??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\4מתי היגיע1.doc
[2007/06/19 22:54:11 | 000,052,224 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\3??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\3מתי היגיע1.doc
[2007/06/19 22:54:11 | 000,028,672 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\5??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\5מתי היגיע1.doc
[2007/06/11 20:33:54 | 000,024,064 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\???? 1.doc) -- C:\Documents and Settings\Aliza\My Documents\עמוד 1.doc
[2007/06/11 20:26:51 | 000,028,672 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\5??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\5מתי היגיע1.doc
[2007/06/11 20:17:29 | 000,090,624 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\4??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\4מתי היגיע1.doc
[2007/06/11 19:13:24 | 000,052,224 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\3??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\3מתי היגיע1.doc
[2007/06/11 18:46:22 | 000,139,776 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\??? ?????2.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיע2.doc
[2007/06/11 18:33:36 | 000,131,072 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\??? ??????.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיעו.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >


OTL Extras logfile created on: 6/8/2011 8:53:11 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Aliza\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.32% Memory free
3.84 Gb Paging File | 3.15 Gb Available in Paging File | 82.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 45.92 Gb Free Space | 30.83% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Aliza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
"C:\Program Files\Team17 Software Ltd\Worms 4 Mayhem\Worms4Mayhem.exe" = C:\Program Files\Team17 Software Ltd\Worms 4 Mayhem\Worms4Mayhem.exe:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\desktop\Worms Armageddon\wa.exe" = C:\Documents and Settings\Aliza\desktop\Worms Armageddon\wa.exe:*:Enabled:Worms Armageddon
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.797\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.797\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.703\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.703\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX04.672\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX04.672\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX02.532\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX02.532\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.453\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.453\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX12.891\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX12.891\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.344\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.344\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo
"C:\Documents and Settings\Aliza\desktop\utorrent.exe" = C:\Documents and Settings\Aliza\desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Team17\Worms World Party\wwp.exe" = C:\Team17\Worms World Party\wwp.exe:*:Enabled:Worms World Party -- (Team17 Software Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3364BD16-5A28-4862-86A1-A8FF5FD23919}" = Music Rescue
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.8.0
"{795A3A1E-E06A-4214-A2EF-3DDF3BA05C2B}" = STOPzilla
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Box Shot 3D" = Box Shot 3D
"CCleaner" = CCleaner (remove only)
"Creative PC-CAM Center" = Creative PC-CAM Center
"Creative PD1131" = Creative WebCam NX Pro Driver (1.03.03.0326)
"Creative WebCam Monitor" = Creative WebCam Monitor
"Creative WebCam NX Pro User's Guide English" = Creative WebCam NX Pro User's Guide (English)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition
"Directory Submitter_is1" = Directory Submitter 1.0.29
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 3285] [2010-02-25]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free Video Converter_is1" = Free Video Converter V 2.91
"Glary Utilities_is1" = Glary Utilities 2.5.1
"Google Desktop" = Google Desktop
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"Health Secrets_is1" = Health Secrets
"HitmanPro35" = Hitman Pro 3.5
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PhotoPad" = PhotoPad Image Editor
"PhotoStage" = PhotoStage Slideshow Producer
"Pixillion" = Pixillion Image Converter
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Recover Files_is1" = Recover Files 3.21
"Replay_Converter_1" = Replay Converter 2.8
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"The Best-Seller Secret_is1" = The Best-Seller Secret
"Traffic Travis_is1" = Traffic Travis 3.1.14
"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 2.4.1127
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Worms Armageddon - New Edition" = Worms Armageddon - New Edition
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XSitePro2" = XSitePro2
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723
"Move Media Player" = Move Media Player
"SmartDraw 2010" = SmartDraw 2010
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2011 6:14:51 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.

Error - 6/3/2011 11:33:41 PM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/3/2011 11:33:41 PM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7891890

Error - 6/3/2011 11:33:41 PM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7891890

Error - 6/5/2011 12:06:37 AM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.0.1.434, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/5/2011 8:10:59 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/6/2011 11:24:51 PM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/6/2011 11:24:51 PM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1195047

Error - 6/6/2011 11:24:51 PM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1195047

Error - 6/8/2011 2:35:57 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.3.0.111, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

[ OSession Events ]
Error - 4/30/2008 1:08:04 AM | Computer Name = D7WHV1G1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 620
seconds with 180 seconds of active time. This session ended with a crash.

Error - 10/26/2009 10:16:39 AM | Computer Name = D7WHV1G1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 243080
seconds with 4380 seconds of active time. This session ended with a crash.

Error - 1/13/2010 1:18:16 AM | Computer Name = D7WHV1G1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23666
seconds with 1920 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/8/2011 8:36:06 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/8/2011 8:36:06 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb Fips iaStor intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu ssmdrv Tcpip

Error - 6/8/2011 8:36:13 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/8/2011 8:41:22 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/8/2011 8:42:57 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 6/8/2011 8:42:57 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 6/8/2011 8:42:57 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor

Error - 6/8/2011 8:42:57 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/8/2011 8:46:04 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/8/2011 8:49:05 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,187 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:Services
NMSAccess
AppMgmt

:OTL
PRC - [2011/06/08 19:39:19 | 000,232,960 | -H-- | M] () -- C:\WINDOWS\Rmipyb.exe
PRC - [2011/06/08 19:39:18 | 000,240,128 | -H-- | M] () -- C:\Documents and Settings\Aliza\Local Settings\Temp\Rl3.exe
SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56283
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKCU..\Run: [hsRITIwubRlhk] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [YDZ1QVAGOJ] C:\Documents and Settings\Aliza\Local Settings\Temp\Rl3.exe ()
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ll.g.gametap....pWebUpdater.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
[2011/06/08 19:49:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Aliza\Start Menu\Programs\Windows XP Restore
[2011/06/08 19:48:46 | 000,352,256 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\17489700.exe
[2011/06/08 19:49:29 | 000,000,817 | -H-- | C] () -- C:\Documents and Settings\Aliza\Desktop\Windows XP Restore.lnk
[2011/06/08 19:49:29 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/08 19:49:29 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/08 19:48:55 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/08 19:39:35 | 000,232,960 | -H-- | C] () -- C:\WINDOWS\Rmipyb.exe
[2011/06/08 19:39:31 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/08 19:39:26 | 000,232,960 | -H-- | C] () -- C:\WINDOWS\Rmipya.exe
[2011/06/08 19:39:25 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\PBBQDQYJFZ.job
[2011/06/08 19:39:23 | 000,000,314 | -HS- | C] () -- C:\WINDOWS\tasks\fuui.job
[2011/06/08 19:39:23 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\kozmz.job
[2011/06/08 19:39:23 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\ksjurhc.job
[2011/06/08 19:39:18 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/08 19:39:17 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\kbdire.dll
[2011/06/08 19:39:17 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\kbdintele.dll
[2011/06/08 19:39:17 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\CatRoot2D.dll
[2011/06/08 19:39:16 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\wowdebb.dll

     
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Download, Save and run unhide from

http://download.blee...nler/unhide.exe

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP