Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"explorer.exe" won't load after infection of W32-Nimba"


  • This topic is locked This topic is locked

#1
stringwizard

stringwizard

    New Member

  • Member
  • Pip
  • 7 posts
I got lazy and apparently got the W32-Nimba worm ?. I was getting a new "theme" and I guess it was hid inside ?. I was changing anti-virus programs at the same time and apparently it took advantage of that. I think I got it all cleaned out but now my "explorer.exe" won't load, so I don't have any desktop icons or task bar .... the only thing I see is the background picture ?. I have to load the explorer.exe through the task manager. I have the program "Erunt" and I went back and loaded a previous backup thinking that would cure the problem but I still get the same thing ?. When I bought this Dell Opti-Plex GX270 it was already loaded with Windows XP and I have since updated to service pack 3. I have a copy of a Windows XP Professional set up disc that a PC tech made for me but since I have updated to the service pack 3, the disc says that "a newer version of Windows is already running and set up cannot continue" ?.

So, my question is: how to I get explorer.exe to load again, like it is supposed to without having to manually do it through task manager ?.OTL logfile created on: 9/20/2011 8:06:51 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 89.45 Mb Available Physical Memory | 17.54% Memory free
1.21 Gb Paging File | 0.65 Gb Available in Paging File | 53.69% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 2.41 Gb Free Space | 24.68% Space Free | Partition Type: NTFS
Drive E: | 27.48 Gb Total Space | 5.82 Gb Free Space | 21.18% Space Free | Partition Type: NTFS

Computer Name: KING-F49F949A48 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - E:\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\WeatherMate\WeatherMate.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\WeatherMate\WeatherMate.exe ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\SpywareGuard\sgmain.exe ()
MOD - C:\Program Files\SpywareGuard\sgbhp.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 C9 D4 D8 E2 9E CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: CLSID key missing. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {f69e22c7-bc50-414a-9269-0f5c344cd94c}:0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 2\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 2\plugins

[2011/07/31 11:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/09/18 19:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions
[2011/09/14 12:58:01 | 000,000,000 | ---D | M] (Browser Backgrounds) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}
[2011/07/10 20:45:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/07/31 11:18:43 | 000,000,000 | ---D | M] (DriverZone Plugin for Firefox and Opera) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{C57D6078-75B4-11E0-9B04-07284924019B}
[2011/09/14 12:58:12 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2011/09/07 08:15:12 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\[email protected]
[2010/05/26 16:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\searchplugins\askcom.xml
[2011/04/04 13:08:31 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\searchplugins\free-weather-by-zip-code.xml
[2011/08/21 09:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/08 19:04:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{DAD0F81A-CF67-4EED-98D6-26F6E47274CA}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{FEBB9F99-4FA2-49EF-9CDA-CC2AE24B30D1}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\[email protected]
[2011/07/08 19:03:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/11 12:05:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/03 01:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/08 19:03:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/19 22:50:55 | 000,422,409 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14566 more lines...
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Avira AntiVir Control Center.lnk = C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = E:\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WeatherMate.lnk = C:\Program Files\WeatherMate\WeatherMate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = E2 FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E2 FF FF 03 [binary data]
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: dell.com ([support] http in Local intranet)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277437016153 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1277436987075 (MUWebControl Class)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://supportapj.de...lSystemLite.CAB (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E280CE56-BFDD-43F7-9C9E-8EDD9A1429DB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\System32\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) -C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - No CLSID value found.
O24 - Desktop WallPaper: E:\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 14:45:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/22 00:11:47 | 000,078,160 | ---- | M] (Microsoft Corporation) - E:\AutoFix.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative32)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/19 22:53:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/09/19 22:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools
[2011/09/19 22:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2011/09/19 21:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/09/19 21:03:50 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/09/19 21:00:30 | 000,063,352 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicEtCo.dll
[2011/09/19 21:00:30 | 000,035,704 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInst.dll
[2011/09/19 21:00:30 | 000,028,536 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo.dll
[2011/09/16 20:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sunbelt Software
[2011/09/16 20:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatFire
[2011/09/16 20:12:10 | 000,069,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/09/16 20:12:10 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/09/16 20:12:09 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/09/16 20:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011/09/16 20:09:20 | 009,876,312 | ---- | C] (PC Tools ) -- C:\Program Files\tfinstall.exe
[2011/09/16 17:29:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/09/16 17:29:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/09/16 17:29:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/09/16 17:29:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/09/16 17:29:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2011/09/16 17:29:04 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/09/16 17:29:04 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2011/09/16 17:29:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/09/16 17:29:03 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/09/16 17:29:03 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2011/09/16 17:29:03 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/09/16 17:29:02 | 005,969,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/16 17:29:01 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/09/16 17:29:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2011/09/16 07:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2011/09/16 07:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2011/09/16 07:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2011/09/14 18:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/09/14 18:51:25 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2011/09/14 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/09/14 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2011/09/14 18:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/09/14 15:37:57 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/14 15:09:08 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/09/14 15:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/14 15:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/09/14 15:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/09/14 13:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/14 13:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/14 13:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/13 19:51:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/09/13 15:12:19 | 000,975,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\explorer.exe
[2011/09/13 14:51:12 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/09/13 14:51:11 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/09/13 14:51:11 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/09/13 14:51:10 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2011/09/13 14:51:10 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2011/09/13 14:51:10 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/09/13 14:51:10 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2011/09/13 14:51:04 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/09/13 14:51:04 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/09/13 14:51:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/09/13 14:51:03 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/09/13 14:51:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/09/13 14:51:02 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/09/13 14:51:02 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/09/13 14:51:01 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/09/13 14:50:59 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/09/13 14:50:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/09/13 14:50:49 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011/09/13 14:50:49 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011/09/13 14:50:48 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011/09/13 14:50:47 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011/09/13 14:50:47 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011/09/13 14:50:47 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011/09/13 14:50:46 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011/09/13 14:50:46 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011/09/13 14:50:45 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011/09/13 14:50:43 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011/09/13 14:50:43 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011/09/13 14:50:42 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/09/13 14:50:42 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/09/13 14:50:41 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/09/13 14:50:41 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011/09/13 14:50:40 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011/09/13 14:50:40 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011/09/13 14:50:39 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/09/13 14:50:39 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/09/13 14:50:38 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/09/13 14:50:31 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011/09/13 14:50:30 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/09/13 14:50:30 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011/09/13 14:50:29 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/09/13 14:50:29 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/09/13 14:50:28 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011/09/13 14:50:28 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011/09/13 14:50:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011/09/13 14:50:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/09/13 14:50:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011/09/13 14:50:23 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/09/13 14:50:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/09/13 14:50:22 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/09/13 14:50:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/09/13 14:50:19 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/09/13 14:50:19 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/09/13 14:50:18 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/09/13 14:50:18 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/09/13 14:50:17 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/09/13 14:50:16 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/09/13 14:50:14 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/09/13 14:50:13 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/09/13 14:50:09 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/09/13 14:50:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/09/13 14:50:08 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll
[2011/09/13 14:50:07 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011/09/13 14:49:42 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/09/13 14:49:41 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/09/13 14:49:41 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/09/13 14:49:40 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2011/09/13 14:49:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/09/13 14:49:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/09/13 14:49:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/09/13 14:49:30 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/09/13 14:49:26 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/09/13 14:49:25 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/09/13 14:49:21 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/09/13 14:49:17 | 002,180,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/09/13 14:49:14 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/09/13 14:49:13 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/09/13 14:49:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/09/13 14:49:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/09/13 14:49:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/09/13 14:49:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/09/13 14:49:08 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/09/13 14:48:57 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/09/13 14:48:51 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/09/13 14:48:43 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/09/13 14:48:41 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/09/13 14:48:04 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/09/13 14:47:58 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/09/13 14:47:56 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/09/13 14:47:56 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/09/13 14:47:55 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/09/13 14:47:55 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/09/13 14:47:54 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/09/13 14:47:53 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/09/13 14:47:52 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/09/13 14:47:50 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/09/13 14:47:47 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/09/13 14:47:46 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/09/13 14:47:45 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/09/13 14:47:34 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/09/13 14:47:30 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/09/12 18:59:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/09/12 17:50:19 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.backup
[2011/09/11 15:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Windupdt
[2011/09/10 09:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/08 11:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/09/08 10:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/09/08 10:37:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/09/08 10:37:11 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/08 10:37:11 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/09/08 10:37:11 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/09/08 10:37:11 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/09/08 10:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/09/08 10:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/09/07 10:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/07 10:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/07 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/09/07 10:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/09/07 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/09/07 10:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/09/06 21:33:28 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/09/06 10:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2011/09/06 10:14:33 | 000,207,488 | R--- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\vinyl97.sys
[2011/09/06 10:10:36 | 000,225,280 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxeud.dll
[2011/09/06 10:10:36 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxhk.dll
[2011/09/06 10:10:36 | 000,045,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdgps.dll
[2011/09/06 10:10:35 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdiag.exe
[2011/09/06 10:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SlimWare Utilities Inc
[2011/09/06 10:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimDrivers
[2011/09/06 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2011/09/06 09:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/09/06 09:25:47 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2011/09/06 09:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com
[2011/09/06 09:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/09/06 09:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Explorer
[2011/09/06 09:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\System Explorer
[2011/09/03 11:04:03 | 000,000,000 | -HSD | C] -- C:\Cleanup
[2011/08/28 08:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/27 14:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\iColorFolder
[2011/08/27 14:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2011/08/25 21:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/20 20:08:10 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B2DA6C96-4354-475E-8AD7-2EF290FBF43F}.job
[2011/09/20 08:15:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/20 08:15:16 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/09/20 08:15:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/19 22:55:30 | 000,030,764 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225524.reg
[2011/09/19 22:54:45 | 000,570,268 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225409.reg
[2011/09/19 22:50:55 | 000,422,409 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/09/19 20:57:46 | 000,011,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/09/19 20:43:50 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Avira AntiVir Control Center.lnk
[2011/09/19 20:28:19 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/19 20:19:00 | 000,455,712 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/19 20:19:00 | 000,075,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/19 20:09:41 | 000,102,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/19 19:08:37 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.bak
[2011/09/19 06:26:40 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2011/09/18 22:03:42 | 000,027,660 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110918_220334.reg
[2011/09/18 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/09/16 20:35:02 | 000,383,148 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_203442.reg
[2011/09/16 20:29:38 | 000,437,605 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110919-203227.backup
[2011/09/16 20:12:16 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2011/09/16 20:11:41 | 009,876,312 | ---- | M] (PC Tools ) -- C:\Program Files\tfinstall.exe
[2011/09/16 17:59:21 | 000,362,178 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_175914.reg
[2011/09/16 17:18:23 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2011/09/16 14:00:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2011/09/15 02:03:30 | 000,371,546 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110915_020323.reg
[2011/09/15 01:33:01 | 000,437,605 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110916-202933.backup
[2011/09/14 20:54:25 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/14 20:16:35 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-FK4SR.exe
[2011/09/14 20:16:35 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-FK4SR.msg
[2011/09/14 20:16:35 | 000,000,391 | ---- | M] () -- C:\WINDOWS\is-FK4SR.lst
[2011/09/14 20:16:34 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/14 18:50:25 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/09/14 15:37:56 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/14 15:37:50 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/13 18:41:20 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf
[2011/09/13 10:25:23 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2011/09/13 00:34:50 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/13 00:10:41 | 000,011,600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110913_001035.reg
[2011/09/12 19:01:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/12 19:01:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/09 04:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/08 09:33:58 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/08 09:31:40 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/09/07 10:58:48 | 000,687,580 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/07 10:17:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2011/09/06 09:25:46 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2011/09/03 07:40:54 | 008,465,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logonuiX.exe
[2011/09/01 13:26:01 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/28 09:19:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/26 13:31:56 | 000,000,029 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2011/08/23 11:48:26 | 000,000,053 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/19 22:55:26 | 000,030,764 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225524.reg
[2011/09/19 22:54:14 | 000,570,268 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225409.reg
[2011/09/19 20:43:50 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Avira AntiVir Control Center.lnk
[2011/09/18 22:03:37 | 000,027,660 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110918_220334.reg
[2011/09/16 20:34:44 | 000,383,148 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_203442.reg
[2011/09/16 20:12:16 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2011/09/16 17:59:18 | 000,362,178 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_175914.reg
[2011/09/15 02:03:26 | 000,371,546 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110915_020323.reg
[2011/09/14 20:16:35 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-FK4SR.exe
[2011/09/14 20:16:35 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-FK4SR.msg
[2011/09/14 20:16:35 | 000,000,391 | ---- | C] () -- C:\WINDOWS\is-FK4SR.lst
[2011/09/14 18:50:25 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/09/14 18:10:38 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/14 15:11:20 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/14 13:57:41 | 000,000,981 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/13 14:50:52 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/09/13 14:50:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/09/13 14:50:52 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/09/13 14:50:51 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/09/13 14:50:51 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/09/13 14:50:50 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/09/13 14:50:50 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/09/13 14:50:50 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/09/13 14:50:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/09/13 14:50:45 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/09/13 00:10:38 | 000,011,600 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110913_001035.reg
[2011/09/12 19:01:20 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/12 19:01:20 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/07 10:58:26 | 000,687,580 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/06 10:16:52 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vinyl Deck.lnk
[2011/09/06 10:01:55 | 000,011,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/08/23 11:48:26 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/07/19 21:07:41 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/19 21:07:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/23 21:28:45 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\DownloadManagerFiles.xml
[2011/06/01 10:33:10 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/04/03 11:10:58 | 000,002,160 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/03/06 17:23:25 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2010/12/20 00:50:31 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/12/04 19:53:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/04 19:52:07 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2010/12/04 19:52:06 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\downloads.m3u
[2010/11/24 17:26:19 | 000,000,564 | ---- | C] () -- C:\WINDOWS\DcmLtBox.ini
[2010/11/14 13:11:00 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2010/11/09 14:20:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/24 21:52:24 | 000,528,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/15 14:23:56 | 001,546,229 | ---- | C] () -- C:\Program Files\akamai_multiplayer_user_guide.pdf
[2010/08/06 21:16:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/07/23 17:01:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 10:20:27 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/06/25 14:46:32 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2010/06/25 14:44:07 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2010/06/25 10:20:22 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 22:49:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/10 14:48:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/10 14:42:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/10 08:34:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/10 08:33:09 | 000,102,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/03 20:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 20:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 20:07:00 | 000,455,712 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/03 20:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 20:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 20:07:00 | 000,075,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/03 20:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 20:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 20:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 20:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 20:07:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 20:07:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/01/18 22:56:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\mp3enc.dll

========== LOP Check ==========

[2011/07/31 11:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2011/07/08 17:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/01/08 00:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bidgood Svcs
[2011/07/24 11:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2011/08/07 10:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\driveridentifier
[2011/08/29 10:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2011/09/11 17:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/01/05 23:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JGoodies
[2011/07/24 11:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Unleashed Online
[2011/07/07 11:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCDr
[2010/10/24 13:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Stardock
[2010/06/26 10:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Styler
[2011/08/07 10:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2011/07/09 12:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2011/09/19 22:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/01/05 23:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/06/01 16:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2011/09/13 00:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/08 08:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/09/29 16:13:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/06 17:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/10/24 13:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/09/16 07:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2011/07/22 18:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/09/07 10:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/03/06 17:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/08/26 13:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/09/16 14:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2011/09/07 10:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/31 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Unleashed Online
[2011/07/22 17:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/09/16 14:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2010/10/24 13:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/09/06 09:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/09/16 14:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/31 11:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/06/17 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2011/07/26 14:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/06 20:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/09/14 20:54:25 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/09/20 08:15:16 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/05/02 14:56:12 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job
[2011/09/18 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/09/16 14:00:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Schedule.job
[2011/09/20 20:08:10 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B2DA6C96-4354-475E-8AD7-2EF290FBF43F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\explorer.scf:SummaryInformation
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >OTL Extras logfile created on: 9/20/2011 8:06:51 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 89.45 Mb Available Physical Memory | 17.54% Memory free
1.21 Gb Paging File | 0.65 Gb Available in Paging File | 53.69% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 2.41 Gb Free Space | 24.68% Space Free | Partition Type: NTFS
Drive E: | 27.48 Gb Total Space | 5.82 Gb Free Space | 21.18% Space Free | Partition Type: NTFS

Computer Name: KING-F49F949A48 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
Drive [find] -- %SystemRoot%\Explorer.exe

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Secunia\PSI\psi.exe" = C:\Program Files\Secunia\PSI\psi.exe:*:Enabled:Secunia PSI


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9369FA-AED8-47E7-B01F-0A3BEA7F24E4}" = Dell Client Configuration Toolkit
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89d0574a-69af-4080-a633-bceaf93f8866}" = Nero 9 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"3D Windows XP" = 3D Windows XP Screen Saver
"7-Zip" = 7-Zip 9.22beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"FilmX DICOM LiteBox 2.02f_is1" = FilmX DICOM LiteBox 2.02f
"Foxit Creator" = Foxit Creator
"ie8" = Windows Internet Explorer 8
"Kenja's Native American Screen Saver" = Kenja's Native American Screen Saver
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PFPortChecker" = PFPortChecker 1.0.36
"Recuva" = Recuva
"Speccy" = Speccy
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2011 9:14:31 PM | Computer Name = KING-F49F949A48 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7924, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 9/19/2011 9:21:56 PM | Computer Name = KING-F49F949A48 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/19/2011 9:22:39 PM | Computer Name = KING-F49F949A48 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/19/2011 9:51:04 PM | Computer Name = KING-F49F949A48 | Source = MsiInstaller | ID = 1013
Description = Product: Platform -- 1: This installation can not be run by directly
launching the MSI package; you must run setup.exe.

Error - 9/19/2011 10:05:46 PM | Computer Name = KING-F49F949A48 | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 9/19/2011 10:05:46 PM | Computer Name = KING-F49F949A48 | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 9/19/2011 10:05:46 PM | Computer Name = KING-F49F949A48 | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 9/19/2011 10:05:46 PM | Computer Name = KING-F49F949A48 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 9/19/2011 10:12:43 PM | Computer Name = KING-F49F949A48 | Source = MsiInstaller | ID = 1013
Description = Product: Platform -- 1: This installation can not be run by directly
launching the MSI package; you must run setup.exe.

Error - 9/19/2011 10:13:39 PM | Computer Name = KING-F49F949A48 | Source = MsiInstaller | ID = 1013
Description = Product: Platform -- 1: This installation can not be run by directly
launching the MSI package; you must run setup.exe.

[ System Events ]
Error - 9/18/2011 8:05:07 PM | Computer Name = KING-F49F949A48 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9/19/2011 7:10:30 AM | Computer Name = KING-F49F949A48 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter

Error - 9/19/2011 7:30:48 AM | Computer Name = KING-F49F949A48 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9/19/2011 9:10:25 PM | Computer Name = KING-F49F949A48 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%3

Error - 9/19/2011 9:10:25 PM | Computer Name = KING-F49F949A48 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter

Error - 9/19/2011 9:24:15 PM | Computer Name = KING-F49F949A48 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9/19/2011 10:05:46 PM | Computer Name = KING-F49F949A48 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 9/20/2011 12:15:15 AM | Computer Name = KING-F49F949A48 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter

Error - 9/20/2011 9:15:47 AM | Computer Name = KING-F49F949A48 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter

Error - 9/20/2011 9:26:10 AM | Computer Name = KING-F49F949A48 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}


< End of report >

Edited by stringwizard, 19 September 2011 - 07:19 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello stringwizard and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Looks like malware did played with your explorer.exe. Let's see what we can do to fix this.

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Please don't forget to include these items in your reply:

  • OTL log
It would be helpful if you could post each log in separate post
  • 0

#3
stringwizard

stringwizard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello maliprog, and thanks for taking on my problem.

I downloaded the OTL program a ran the scan per your instructions however, there was only this one Notepad file that appeared ?.



OTL logfile created on: 9/21/2011 8:20:53 PM - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 100.04 Mb Available Physical Memory | 19.62% Memory free
1.42 Gb Paging File | 0.93 Gb Available in Paging File | 65.76% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 2.25 Gb Free Space | 23.06% Space Free | Partition Type: NTFS
Drive E: | 27.48 Gb Total Space | 5.81 Gb Free Space | 21.13% Space Free | Partition Type: NTFS

Computer Name: KING-F49F949A48 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - E:\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\WeatherMate\WeatherMate.exe ()
PRC - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\WeatherMate\WeatherMate.exe ()
MOD - C:\Program Files\SpywareGuard\sgmain.exe ()
MOD - C:\Program Files\SpywareGuard\sgbhp.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (SDHookService) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (NSL) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe (Symantec Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- File not found
DRV - (TfFsMon) -- File not found
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (SDHookDriver) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 C9 D4 D8 E2 9E CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: CLSID key missing. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {f69e22c7-bc50-414a-9269-0f5c344cd94c}:0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/09/20 22:31:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 2\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 2\plugins

[2011/07/31 11:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/09/20 20:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions
[2011/09/14 12:58:01 | 000,000,000 | ---D | M] (Browser Backgrounds) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}
[2011/07/10 20:45:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/07/31 11:18:43 | 000,000,000 | ---D | M] (DriverZone Plugin for Firefox and Opera) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{C57D6078-75B4-11E0-9B04-07284924019B}
[2011/09/14 12:58:12 | 000,000,000 | ---D | M] (Theme Font &amp; Size Changer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2011/09/07 08:15:12 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\[email protected]
[2010/05/26 16:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\searchplugins\askcom.xml
[2011/04/04 13:08:31 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\searchplugins\free-weather-by-zip-code.xml
[2011/08/21 09:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/08 19:04:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{DAD0F81A-CF67-4EED-98D6-26F6E47274CA}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{FEBB9F99-4FA2-49EF-9CDA-CC2AE24B30D1}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\[email protected]
[2011/07/08 19:03:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/11 12:05:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/03 01:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/08 19:03:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/21 18:42:39 | 000,434,062 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14939 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Documents and Settings\Administrator\Local Settings\Temp\nro.tmp\" File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = E:\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WeatherMate.lnk = C:\Program Files\WeatherMate\WeatherMate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = E2 FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E2 FF FF 03 [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: dell.com ([support] http in Local intranet)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277437016153 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1277436987075 (MUWebControl Class)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://supportapj.de...lSystemLite.CAB (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E280CE56-BFDD-43F7-9C9E-8EDD9A1429DB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\System32\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) -C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - No CLSID value found.
O24 - Desktop WallPaper: E:\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 14:45:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/22 00:11:47 | 000,078,160 | ---- | M] (Microsoft Corporation) - E:\AutoFix.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative32)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/21 20:17:02 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/09/21 19:54:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/09/21 19:09:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/09/21 18:18:49 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011/09/21 15:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/09/21 15:48:30 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011/09/21 15:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/09/20 22:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Runtime Software
[2011/09/20 22:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2011/09/20 22:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/09/20 22:30:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST
[2011/09/20 22:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Safe Web Lite
[2011/09/20 22:30:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\0102000.006
[2011/09/20 22:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/09/20 22:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/09/20 22:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/09/20 20:42:27 | 000,021,504 | ---- | C] (Doug Knox) -- C:\Program Files\SysRestorePoint.exe
[2011/09/19 22:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools
[2011/09/19 22:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2011/09/19 21:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/09/19 21:03:50 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/09/16 20:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sunbelt Software
[2011/09/16 20:09:20 | 009,876,312 | ---- | C] (PC Tools ) -- C:\Program Files\tfinstall.exe
[2011/09/16 07:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2011/09/16 07:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2011/09/16 07:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2011/09/14 18:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/09/14 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/09/14 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2011/09/14 18:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/09/14 15:37:57 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/14 15:09:08 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/09/14 15:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/14 15:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/09/14 15:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/09/14 13:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/14 13:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/14 13:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/13 19:51:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/09/13 14:51:12 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/09/13 14:51:04 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/09/13 14:51:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/09/13 14:51:03 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/09/13 14:51:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/09/13 14:51:02 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/09/13 14:51:02 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/09/13 14:51:01 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/09/13 14:50:41 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/09/13 14:50:30 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/09/13 14:50:22 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/09/13 14:50:19 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/09/13 14:50:19 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/09/13 14:50:18 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/09/13 14:50:16 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/09/13 14:50:09 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/09/13 14:49:42 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/09/13 14:49:41 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/09/13 14:49:41 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/09/12 18:59:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/09/11 15:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Windupdt
[2011/09/10 09:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/07 10:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/07 10:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/07 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/09/07 10:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/09/07 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/09/07 10:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/09/06 10:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2011/09/06 10:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SlimWare Utilities Inc
[2011/09/06 10:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimDrivers
[2011/09/06 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2011/09/06 09:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/09/06 09:25:47 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2011/09/06 09:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com
[2011/09/06 09:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/09/06 09:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Explorer
[2011/09/06 09:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\System Explorer
[2011/09/03 11:04:03 | 000,000,000 | -HSD | C] -- C:\Cleanup
[2011/08/28 08:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/27 14:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\iColorFolder
[2011/08/27 14:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2011/08/25 21:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/21 20:06:55 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B2DA6C96-4354-475E-8AD7-2EF290FBF43F}.job
[2011/09/21 19:55:03 | 000,047,722 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110921_195456.reg
[2011/09/21 19:06:53 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/09/21 18:42:39 | 000,434,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/09/21 18:37:10 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/21 18:37:10 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/09/21 16:52:44 | 000,434,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110921-184238.backup
[2011/09/21 15:48:59 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/21 15:48:38 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/09/21 15:10:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/21 12:46:29 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/21 12:46:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/21 07:16:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/21 07:16:02 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/09/21 07:15:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/20 22:42:36 | 010,153,984 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.bak
[2011/09/20 22:35:31 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2011/09/20 22:35:31 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2011/09/20 22:32:51 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Update Checker.lnk
[2011/09/20 20:25:19 | 000,009,334 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint_v13.zip
[2011/09/19 22:55:30 | 000,030,764 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225524.reg
[2011/09/19 22:54:45 | 000,570,268 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225409.reg
[2011/09/19 22:50:55 | 000,422,409 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110921-165243.backup
[2011/09/19 20:57:46 | 000,011,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/09/19 20:28:19 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/19 20:19:00 | 000,455,712 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/19 20:19:00 | 000,075,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/19 20:09:41 | 000,102,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/19 06:26:40 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2011/09/18 22:03:42 | 000,027,660 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110918_220334.reg
[2011/09/18 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/09/16 20:35:02 | 000,383,148 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_203442.reg
[2011/09/16 20:29:38 | 000,437,605 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110919-203227.backup
[2011/09/16 20:11:41 | 009,876,312 | ---- | M] (PC Tools ) -- C:\Program Files\tfinstall.exe
[2011/09/16 17:59:21 | 000,362,178 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_175914.reg
[2011/09/16 14:00:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2011/09/15 02:03:30 | 000,371,546 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110915_020323.reg
[2011/09/15 01:33:01 | 000,437,605 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110916-202933.backup
[2011/09/14 20:16:35 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-FK4SR.exe
[2011/09/14 20:16:35 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-FK4SR.msg
[2011/09/14 20:16:35 | 000,000,391 | ---- | M] () -- C:\WINDOWS\is-FK4SR.lst
[2011/09/14 19:59:56 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/09/14 18:50:25 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/09/14 15:37:56 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/14 15:37:50 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/13 18:41:20 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf
[2011/09/13 10:25:23 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2011/09/13 00:34:50 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/13 00:10:41 | 000,011,600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110913_001035.reg
[2011/09/12 19:01:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/12 19:01:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/08 09:33:58 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/08 09:31:40 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/09/07 10:58:48 | 000,687,580 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/07 10:17:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2011/09/06 09:25:46 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2011/09/01 13:26:01 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/28 09:19:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/26 13:31:56 | 000,000,029 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2011/08/23 11:48:26 | 000,000,053 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/21 19:55:00 | 000,047,722 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110921_195456.reg
[2011/09/21 15:48:59 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/09/21 15:48:59 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/21 15:48:58 | 000,000,366 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/21 15:48:38 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/09/21 15:48:38 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/09/21 12:46:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/20 22:35:31 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2011/09/20 22:35:31 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2011/09/20 22:32:51 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Update Checker.lnk
[2011/09/20 22:32:51 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Update Checker.lnk
[2011/09/20 22:30:54 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\0102000.006\isolate.ini
[2011/09/20 20:25:19 | 000,009,334 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint_v13.zip
[2011/09/19 22:55:26 | 000,030,764 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225524.reg
[2011/09/19 22:54:14 | 000,570,268 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225409.reg
[2011/09/18 22:03:37 | 000,027,660 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110918_220334.reg
[2011/09/16 20:34:44 | 000,383,148 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_203442.reg
[2011/09/16 19:03:55 | 010,153,984 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.bak
[2011/09/16 17:59:18 | 000,362,178 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_175914.reg
[2011/09/15 02:03:26 | 000,371,546 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110915_020323.reg
[2011/09/14 20:16:35 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-FK4SR.exe
[2011/09/14 20:16:35 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-FK4SR.msg
[2011/09/14 20:16:35 | 000,000,391 | ---- | C] () -- C:\WINDOWS\is-FK4SR.lst
[2011/09/14 18:50:25 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/09/14 18:10:38 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/14 15:11:20 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/14 13:57:41 | 000,000,981 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/13 14:50:52 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/09/13 14:50:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/09/13 14:50:52 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/09/13 14:50:51 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/09/13 14:50:51 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/09/13 14:50:50 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/09/13 14:50:50 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/09/13 14:50:50 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/09/13 14:50:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/09/13 14:50:45 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/09/13 00:10:38 | 000,011,600 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110913_001035.reg
[2011/09/12 19:01:20 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/12 19:01:20 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/07 10:58:26 | 000,687,580 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/06 10:16:52 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vinyl Deck.lnk
[2011/09/06 10:01:55 | 000,011,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/08/23 11:48:26 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/07/19 21:07:41 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/19 21:07:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/23 21:28:45 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\DownloadManagerFiles.xml
[2011/06/01 10:33:10 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/04/03 11:10:58 | 000,002,160 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/03/06 17:23:25 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2010/12/20 00:50:31 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/12/04 19:53:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/04 19:52:07 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2010/12/04 19:52:06 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\downloads.m3u
[2010/11/24 17:26:19 | 000,000,564 | ---- | C] () -- C:\WINDOWS\DcmLtBox.ini
[2010/11/14 13:11:00 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2010/11/09 14:20:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/24 21:52:24 | 000,528,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/15 14:23:56 | 001,546,229 | ---- | C] () -- C:\Program Files\akamai_multiplayer_user_guide.pdf
[2010/08/06 21:16:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/07/23 17:01:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 10:20:27 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/06/25 14:46:32 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2010/06/25 14:44:07 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2010/06/25 10:20:22 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 22:49:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/10 14:48:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/10 14:42:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/10 08:34:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/10 08:33:09 | 000,102,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/03 20:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 20:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 20:07:00 | 000,455,712 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/03 20:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 20:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 20:07:00 | 000,075,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/03 20:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 20:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 20:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 20:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 20:07:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 20:07:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/01/18 22:56:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\mp3enc.dll

========== LOP Check ==========

[2011/07/31 11:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2011/07/08 17:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/01/08 00:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bidgood Svcs
[2011/07/24 11:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2011/08/07 10:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\driveridentifier
[2011/08/29 10:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2011/09/11 17:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/01/05 23:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JGoodies
[2011/07/24 11:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Unleashed Online
[2011/07/07 11:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCDr
[2010/10/24 13:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Stardock
[2010/06/26 10:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Styler
[2011/08/07 10:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2011/07/09 12:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2011/09/19 22:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/01/05 23:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/06/01 16:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2011/09/13 00:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/08 08:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/09/29 16:13:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/06 17:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/10/24 13:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/09/16 07:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2011/07/22 18:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/09/07 10:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/03/06 17:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/08/26 13:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/09/16 14:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2011/09/07 10:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/31 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Unleashed Online
[2011/07/22 17:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/09/16 14:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2010/10/24 13:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/09/06 09:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/09/16 14:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/31 11:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/06/17 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2011/07/26 14:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/06 20:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/09/21 15:10:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/09/21 07:16:02 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/09/21 18:37:10 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2011/05/02 14:56:12 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job
[2011/09/21 15:48:59 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/21 18:37:10 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
[2011/09/18 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/09/16 14:00:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Schedule.job
[2011/09/21 20:06:55 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B2DA6C96-4354-475E-8AD7-2EF290FBF43F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/08/04 16:17:58 | 003,148,200 | ---- | M] (Safer-Networking Ltd.) MD5=1B5F8B17F6E5A65394E6EB761A2D381C -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2008/04/13 19:12:19 | 000,975,872 | ---- | M] (Microsoft Corporation) MD5=561A50497324F378E30F55D09B4E1258 -- C:\WINDOWS\Service_Pack_Files\i386\explorer.exe
[2008/04/13 19:12:19 | 000,975,872 | ---- | M] (Microsoft Corporation) MD5=561A50497324F378E30F55D09B4E1258 -- C:\WINDOWS\system32\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\Service_Pack_Files\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\Service_Pack_Files\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\Service_Pack_Files\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\explorer.scf:SummaryInformation
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi stringwizard,

Please test your system after these steps and report here to me.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\System32\explorer.exe (Microsoft Corporation)
    O32 - AutoRun File - [2010/12/22 00:11:47 | 000,078,160 | ---- | M] (Microsoft Corporation) - E:\AutoFix.exe -- [ NTFS ]
    O34 - HKLM BootExecute: (sasnative32)
    [2011/09/13 18:41:20 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\explorer.scf:SummaryInformation

    :Files
    C:\WINDOWS\explorer.exe|C:\WINDOWS\Service_Pack_Files\i386\explorer.exe /replace

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
  • New OTL scan log
It would be helpful if you could post each log in separate post
  • 0

#5
stringwizard

stringwizard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello maliprog,
Ok, I ran the OTL program, with the text you said to paste, and it hung up (not responding) ..... at this point : "Processing 034 - HKLM BootExecute (sasnative 32)" ?.

Sorry, but I didn't get very far ?.
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's rewrite Step 1. Restart your system and try to run this new Step 1 :)

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\System32\explorer.exe (Microsoft Corporation)
    O32 - AutoRun File - [2010/12/22 00:11:47 | 000,078,160 | ---- | M] (Microsoft Corporation) - E:\AutoFix.exe -- [ NTFS ]
    [2011/09/13 18:41:20 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\explorer.scf:SummaryInformation

    :Files
    C:\WINDOWS\explorer.exe|C:\WINDOWS\Service_Pack_Files\i386\explorer.exe /replace

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#7
stringwizard

stringwizard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi again,

I re-ran the OTL program and inserted the new text and it ran completely this time. When I rebooted, the desktop icons and other programs returned as originally.

Here is the OTL report:

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:explorer.exe deleted successfully.
File plorer.exe) -C:\WINDOWS\System32\explorer.exe not found.
File E:\AutoFix.exe not found.
C:\WINDOWS\explorer.scf moved successfully.
Unable to delete ADS C:\WINDOWS\explorer.scf:SummaryInformation .
========== FILES ==========
File C:\WINDOWS\explorer.exe successfully replaced with C:\WINDOWS\Service_Pack_Files\i386\explorer.exe
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.29.1 log created on 09222011_143622

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi stringwizard,

Nice to hear that your system is better now. Please do Step 2 and Step 3 and post logs here for me.
  • 0

#9
stringwizard

stringwizard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey again maliprog,

Ok, so I downloaded the ComboFix to the desktop and ran it, as you instructed, but I can't seem to find the log file anywhere ?. I've looked in C:\ drive but found nothing. However, I ran the OTL again and here is that log:


OTL logfile created on: 9/23/2011 8:10:56 AM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 304.10 Mb Available Physical Memory | 59.63% Memory free
1.21 Gb Paging File | 0.83 Gb Available in Paging File | 68.68% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 2.52 Gb Free Space | 25.79% Space Free | Partition Type: NTFS
Drive E: | 27.48 Gb Total Space | 5.79 Gb Free Space | 21.06% Space Free | Partition Type: NTFS

Computer Name: KING-F49F949A48 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - E:\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\WeatherMate\WeatherMate.exe ()
PRC - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\WeatherMate\WeatherMate.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SDHookService) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (NSL) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe (Symantec Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SDHookDriver) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 C9 D4 D8 E2 9E CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {f69e22c7-bc50-414a-9269-0f5c344cd94c}:0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/09/20 22:31:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 2\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 2\plugins

[2011/07/31 11:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/09/20 20:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions
[2011/09/14 12:58:01 | 000,000,000 | ---D | M] (Browser Backgrounds) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}
[2011/07/10 20:45:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/07/31 11:18:43 | 000,000,000 | ---D | M] (DriverZone Plugin for Firefox and Opera) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{C57D6078-75B4-11E0-9B04-07284924019B}
[2011/09/14 12:58:12 | 000,000,000 | ---D | M] (Theme Font &amp; Size Changer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2011/09/07 08:15:12 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\extensions\[email protected]
[2010/05/26 16:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\searchplugins\askcom.xml
[2011/04/04 13:08:31 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\19c52tr2.default\searchplugins\free-weather-by-zip-code.xml
[2011/08/21 09:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/08 19:04:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{DAD0F81A-CF67-4EED-98D6-26F6E47274CA}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\{FEBB9F99-4FA2-49EF-9CDA-CC2AE24B30D1}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\19C52TR2.DEFAULT\EXTENSIONS\[email protected]
[2011/07/08 19:03:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/11 12:05:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/03 01:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/08 19:03:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/21 18:42:39 | 000,434,062 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14939 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = E:\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WeatherMate.lnk = C:\Program Files\WeatherMate\WeatherMate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = E2 FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E2 FF FF 03 [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: dell.com ([support] http in Local intranet)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277437016153 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1277436987075 (MUWebControl Class)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://supportapj.de...lSystemLite.CAB (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E280CE56-BFDD-43F7-9C9E-8EDD9A1429DB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\System32\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) -C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - No CLSID value found.
O24 - Desktop WallPaper: E:\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 14:45:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/23 07:47:15 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/09/23 07:40:51 | 004,223,304 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/09/22 21:10:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/09/22 12:14:19 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/09/22 08:38:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/21 18:18:49 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011/09/21 15:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/09/21 15:48:30 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011/09/21 15:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/09/20 22:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Runtime Software
[2011/09/20 22:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2011/09/20 22:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/09/20 22:30:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST
[2011/09/20 22:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Safe Web Lite
[2011/09/20 22:30:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\0102000.006
[2011/09/20 22:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/09/20 22:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/09/20 22:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/09/20 20:42:27 | 000,021,504 | ---- | C] (Doug Knox) -- C:\Program Files\SysRestorePoint.exe
[2011/09/19 22:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools
[2011/09/19 22:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2011/09/19 21:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/09/19 21:03:50 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/09/16 20:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sunbelt Software
[2011/09/16 20:09:20 | 009,876,312 | ---- | C] (PC Tools ) -- C:\Program Files\tfinstall.exe
[2011/09/16 07:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2011/09/16 07:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2011/09/16 07:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2011/09/14 18:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/09/14 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/09/14 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2011/09/14 18:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/09/14 15:37:57 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/14 15:09:08 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/09/14 15:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/14 15:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/09/14 15:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/09/14 13:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/14 13:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/14 13:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/13 19:51:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/09/13 14:51:12 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/09/13 14:51:04 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/09/13 14:51:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/09/13 14:51:03 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/09/13 14:51:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/09/13 14:51:02 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/09/13 14:51:02 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/09/13 14:51:01 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/09/13 14:50:41 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/09/13 14:50:30 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/09/13 14:50:22 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/09/13 14:50:19 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/09/13 14:50:19 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/09/13 14:50:18 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/09/13 14:50:16 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/09/13 14:50:09 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/09/13 14:49:42 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/09/13 14:49:41 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/09/13 14:49:41 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/09/12 18:59:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/09/11 15:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Windupdt
[2011/09/10 09:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/07 10:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/07 10:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/07 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/09/07 10:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/09/07 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/09/07 10:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/09/06 10:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2011/09/06 10:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SlimWare Utilities Inc
[2011/09/06 10:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimDrivers
[2011/09/06 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2011/09/06 09:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/09/06 09:25:47 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2011/09/06 09:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com
[2011/09/06 09:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/09/06 09:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Explorer
[2011/09/06 09:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\System Explorer
[2011/09/03 11:04:03 | 000,000,000 | -HSD | C] -- C:\Cleanup
[2011/08/28 08:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/27 14:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\iColorFolder
[2011/08/27 14:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2011/08/25 21:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/23 08:10:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B2DA6C96-4354-475E-8AD7-2EF290FBF43F}.job
[2011/09/23 07:41:42 | 004,223,304 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/09/23 06:55:16 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/23 06:54:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/23 06:53:11 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/09/23 06:53:11 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/23 06:53:11 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/09/23 06:53:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/22 12:14:26 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/09/21 19:55:03 | 000,047,722 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110921_195456.reg
[2011/09/21 19:06:53 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/09/21 18:42:39 | 000,434,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/09/21 16:52:44 | 000,434,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110921-184238.backup
[2011/09/21 15:48:38 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/09/21 15:10:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/21 12:46:29 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/21 12:46:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/20 22:42:36 | 010,153,984 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.bak
[2011/09/20 22:35:31 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2011/09/20 22:35:31 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2011/09/20 22:32:51 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Update Checker.lnk
[2011/09/20 20:25:19 | 000,009,334 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint_v13.zip
[2011/09/19 22:55:30 | 000,030,764 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225524.reg
[2011/09/19 22:54:45 | 000,570,268 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225409.reg
[2011/09/19 22:50:55 | 000,422,409 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110921-165243.backup
[2011/09/19 20:57:46 | 000,011,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/09/19 20:28:19 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/19 20:19:00 | 000,455,712 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/19 20:19:00 | 000,075,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/19 20:09:41 | 000,102,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/19 06:26:40 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2011/09/18 22:03:42 | 000,027,660 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110918_220334.reg
[2011/09/18 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/09/16 20:35:02 | 000,383,148 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_203442.reg
[2011/09/16 20:29:38 | 000,437,605 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110919-203227.backup
[2011/09/16 20:11:41 | 009,876,312 | ---- | M] (PC Tools ) -- C:\Program Files\tfinstall.exe
[2011/09/16 17:59:21 | 000,362,178 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_175914.reg
[2011/09/16 14:00:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2011/09/15 02:03:30 | 000,371,546 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110915_020323.reg
[2011/09/15 01:33:01 | 000,437,605 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110916-202933.backup
[2011/09/14 20:16:35 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-FK4SR.exe
[2011/09/14 20:16:35 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-FK4SR.msg
[2011/09/14 20:16:35 | 000,000,391 | ---- | M] () -- C:\WINDOWS\is-FK4SR.lst
[2011/09/14 18:50:25 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/09/14 15:37:56 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/14 15:37:50 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/13 10:25:23 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2011/09/13 00:34:50 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/13 00:10:41 | 000,011,600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110913_001035.reg
[2011/09/12 19:01:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/12 19:01:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/08 09:33:58 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/08 09:31:40 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/09/07 10:58:48 | 000,687,580 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/07 10:17:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2011/09/06 09:25:46 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2011/09/01 13:26:01 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/28 09:19:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/26 13:31:56 | 000,000,029 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/21 19:55:00 | 000,047,722 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110921_195456.reg
[2011/09/21 15:48:59 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/09/21 15:48:59 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/21 15:48:58 | 000,000,366 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/21 15:48:38 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/09/21 15:48:38 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/09/21 12:46:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/20 22:35:31 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2011/09/20 22:35:31 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2011/09/20 22:32:51 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Update Checker.lnk
[2011/09/20 22:32:51 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Update Checker.lnk
[2011/09/20 22:30:54 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\0102000.006\isolate.ini
[2011/09/20 20:25:19 | 000,009,334 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint_v13.zip
[2011/09/19 22:55:26 | 000,030,764 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225524.reg
[2011/09/19 22:54:14 | 000,570,268 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110919_225409.reg
[2011/09/18 22:03:37 | 000,027,660 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110918_220334.reg
[2011/09/16 20:34:44 | 000,383,148 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_203442.reg
[2011/09/16 19:03:55 | 010,153,984 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.bak
[2011/09/16 17:59:18 | 000,362,178 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110916_175914.reg
[2011/09/15 02:03:26 | 000,371,546 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110915_020323.reg
[2011/09/14 20:16:35 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-FK4SR.exe
[2011/09/14 20:16:35 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-FK4SR.msg
[2011/09/14 20:16:35 | 000,000,391 | ---- | C] () -- C:\WINDOWS\is-FK4SR.lst
[2011/09/14 18:50:25 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/09/14 18:10:38 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/14 15:11:20 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/14 13:57:41 | 000,000,981 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/13 14:50:52 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/09/13 14:50:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/09/13 14:50:52 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/09/13 14:50:51 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/09/13 14:50:51 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/09/13 14:50:50 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/09/13 14:50:50 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/09/13 14:50:50 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/09/13 14:50:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/09/13 14:50:45 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/09/13 00:10:38 | 000,011,600 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110913_001035.reg
[2011/09/12 19:01:20 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/12 19:01:20 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/07 10:58:26 | 000,687,580 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/06 10:16:52 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vinyl Deck.lnk
[2011/09/06 10:01:55 | 000,011,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/08/23 11:48:26 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/07/19 21:07:41 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/19 21:07:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/23 21:28:45 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\DownloadManagerFiles.xml
[2011/06/01 10:33:10 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/04/03 11:10:58 | 000,002,160 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/03/06 17:23:25 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2010/12/20 00:50:31 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/12/04 19:53:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/04 19:52:07 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2010/12/04 19:52:06 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\downloads.m3u
[2010/11/24 17:26:19 | 000,000,564 | ---- | C] () -- C:\WINDOWS\DcmLtBox.ini
[2010/11/14 13:11:00 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2010/11/09 14:20:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/24 21:52:24 | 000,528,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/15 14:23:56 | 001,546,229 | ---- | C] () -- C:\Program Files\akamai_multiplayer_user_guide.pdf
[2010/08/06 21:16:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/07/23 17:01:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 10:20:27 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/06/25 14:46:32 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2010/06/25 14:44:07 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2010/06/25 10:20:22 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 22:49:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/10 14:48:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/10 14:42:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/10 08:34:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/10 08:33:09 | 000,102,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/03 20:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 20:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 20:07:00 | 000,455,712 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/03 20:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 20:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 20:07:00 | 000,075,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/03 20:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 20:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 20:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 20:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 20:07:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 20:07:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/01/18 22:56:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\mp3enc.dll

========== LOP Check ==========

[2011/07/31 11:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2011/07/08 17:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/01/08 00:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bidgood Svcs
[2011/07/24 11:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2011/08/07 10:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\driveridentifier
[2011/09/22 20:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2011/09/11 17:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/01/05 23:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JGoodies
[2011/07/24 11:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Unleashed Online
[2011/07/07 11:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCDr
[2010/10/24 13:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Stardock
[2010/06/26 10:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Styler
[2011/08/07 10:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2011/07/09 12:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2011/09/19 22:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/01/05 23:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/06/01 16:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2011/09/13 00:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/08 08:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/09/29 16:13:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/06 17:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/10/24 13:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/09/16 07:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2011/07/22 18:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/09/07 10:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/03/06 17:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/08/26 13:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/09/16 14:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2011/09/07 10:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/31 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Unleashed Online
[2011/07/22 17:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/09/16 14:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2010/10/24 13:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/09/06 09:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/09/16 14:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/31 11:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/06/17 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2011/07/26 14:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/06 20:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/09/21 15:10:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/09/23 06:53:11 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/09/23 06:55:16 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2011/05/02 14:56:12 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job
[2011/09/23 06:53:11 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/23 06:53:11 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
[2011/09/18 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/09/16 14:00:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Schedule.job
[2011/09/23 08:10:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B2DA6C96-4354-475E-8AD7-2EF290FBF43F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi stringwizard,

Please make sure to restart your system after this step then test it. Let me know how is it now.

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Shell"="C:\\Windows\\explorer.exe"

    :Commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#11
stringwizard

stringwizard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello maliprog.

My PC seems to be running now like it did before the infection ?. Desktop icons and taskbar load as before and the speed is about like it was.

Here is the new OTL log:


========== OTL ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"C:\\Windows\\explorer.exe" /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.29.1 log created on 09242011_091917
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi stringwizard,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#13
stringwizard

stringwizard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi mailprog,

I want to first say .... THANK YOU ! for helping me with the problem I had. I will no longer be without good protection, even a little while !. I will also, just be content with the look of XP and not go hunting for more "themes or suites" ?.
You done an excellent job of diagnosing and then guiding me through the repair. Your instructions were clear and easy to follow and just the right fix for my problem. My old Dell is "back to normal" now and is booting up and running like it did before. Once again, thank you for your time and expertise !.



One last question: after looking over my programs, what would you recommend that I keep or get, as far as, .....anti-virus, firewall etc ?. I have really more of these kinds of programs than I need and I would just like to know, what I can "do with and do without" ... if you know what I mean ?. I need to thin out some of the "bloat" that I've accumulated and free up some space on both of my drives. As you can see ..... they are not very big anyway and I think this thing would run better, if I would free up some space. And of course, I could also use an upgrade of my RAM too ?. But, that will come later, for now I'm just thankful it's running better and I'll try to keep it that way.



MANY THANKS ......... !
Carl

Edited by stringwizard, 23 September 2011 - 01:30 PM.

  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi stringwizard,

The only problem I see is that you have three anti-spyware solutions on your system. SpywareGuard, Malwarebytes and SpyBot. It would be nice to leave only one on your system and uninstall all other.

I use Malwarebytes on my system and I'm more than happy. It's you choice but please leave only one with real time protection.

Hope this helps. Goodbye and stay safe :)
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP