Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

codec failure lie [Solved]

Started by M2mouse , Nov 10 2011 06:29 PM

This topic is locked

#1
M2mouse

Posted 10 November 2011 - 06:29 PM

Member

Member
175 posts

Ok lets get started. I have the pop up "media codec failure". All scans found nothing(Avast, Spy-bot, MS malware tool).
OTL list:
OTL logfile created on: 11/10/2011 5:52:30 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mitch\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 67.43% Memory free
5.74 Gb Paging File | 4.57 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 433.06 Gb Free Space | 92.98% Space Free | Partition Type: NTFS
Drive D: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 465.76 Gb Total Space | 456.88 Gb Free Space | 98.09% Space Free | Partition Type: NTFS

Computer Name: MITCH | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 17:51:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTL.exe
PRC - [2011/11/07 17:25:58 | 001,558,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio\SmartGearnqlvrtykeeobzf.exe
PRC - [2011/11/07 17:25:42 | 003,649,536 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio\nqlvrtykeeobzf.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/02/18 06:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/06/14 22:54:00 | 000,212,992 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/10 13:33:14 | 000,065,536 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio\FRed32.dll
MOD - [2011/11/09 16:41:14 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\Mitch\Local Settings\Application Data\winnetServices\winobjcdrom.dll
MOD - [2011/11/07 17:25:58 | 001,558,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio\SmartGearnqlvrtykeeobzf.exe
MOD - [2011/11/07 17:25:42 | 003,649,536 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio\nqlvrtykeeobzf.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/17 12:01:44 | 000,099,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2006/11/03 20:36:20 | 000,014,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2010/07/01 03:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/12/21 13:53:44 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/02/03 21:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 06:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/02/18 06:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/09/15 12:13:34 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2009/09/15 12:13:34 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009/09/15 12:13:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/15 12:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/18 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A FD 9C 87 BE 9C CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

Hosts file not found
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CreoLab] C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio\nqlvrtykeeobzf.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [winobjcdrom] C:\Documents and Settings\Mitch\Local Settings\Application Data\winnetServices\winobjcdrom.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://support.att.n...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1227376629640 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1189CE54-EA73-4ED2-A5AB-6B5A06331B6E}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF4A47C-0547-478B-8AD5-E1BE5A38C5BC}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D97A4C06-2153-42D8-84C7-333CA178C503}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) -C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: E:\Media\My Documets\vulcansr21024.bmp
O24 - Desktop BackupWallPaper: E:\Media\My Documets\vulcansr21024.bmp
O28:64bit: - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/20 20:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 17:51:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTL.exe
[2011/11/10 13:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\ElevatedDiagnostics
[2011/11/10 13:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/11/10 13:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\windowspowershell
[2011/11/10 13:38:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/10 13:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Defender
[2011/11/10 13:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/11/10 12:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Local Settings\Application Data\winnetServices
[2011/11/10 10:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\OpenOffice.org
[2011/11/07 17:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio
[2011/11/05 19:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\InterVideo
[2011/11/02 13:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2011/11/02 13:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2011/11/02 13:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/11/02 13:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATT-SST
[2011/11/02 10:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Windows Search
[2011/11/01 14:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/01 14:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/28 21:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Nikon
[2011/10/23 16:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Local Settings\Application Data\Identities
[2011/10/23 16:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\MSNInstaller
[2011/10/23 15:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Macromedia
[2011/10/23 15:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Local Settings\Application Data\Adobe
[2011/10/23 13:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Adobe
[2011/10/23 13:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Sun
[2011/10/23 13:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\BOINC
[2011/10/23 13:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2011/10/23 13:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/10/23 13:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2011/10/23 13:27:30 | 012,754,672 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mitch\Desktop\MP10Setup.exe
[2011/10/23 13:27:30 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Mitch\Desktop\JavaSetup6u17-rv.exe
[2011/10/23 13:27:07 | 086,086,376 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Mitch\Desktop\11-9_xp64_dd_ccc_ocl.exe
[2011/10/23 13:21:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mitch\PrivacIE
[2011/10/23 12:54:00 | 000,000,000 | R--D | C] -- E:\Media\My Documets\My Videos
[2011/10/23 12:54:00 | 000,000,000 | ---D | C] -- E:\Media\My Documets\old photos
[2011/10/23 12:54:00 | 000,000,000 | ---D | C] -- E:\Media\My Documets\My Received Files
[2011/10/23 12:51:17 | 000,000,000 | R--D | C] -- E:\Media\My Documets\My Pictures
[2011/10/23 12:51:17 | 000,000,000 | R--D | C] -- E:\Media\My Documets\My Music
[2011/10/23 12:51:16 | 000,000,000 | ---D | C] -- E:\Media\My Documets\InterVideo
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 17:51:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTL.exe
[2011/11/10 13:39:41 | 000,000,984 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/10 13:39:34 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/10 13:39:34 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\Windows Media Player.lnk
[2011/11/10 13:35:13 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/10 13:33:45 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/10 13:33:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb
[2011/11/10 13:33:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb
[2011/11/10 13:31:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 13:10:12 | 007,308,288 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\WindowsDefenderX64.msi
[2011/11/10 10:32:07 | 000,000,388 | ---- | M] () -- C:\Documents and Settings\Mitch\Application Data\SamsungLiveUpdateConfig.ini
[2011/11/07 17:51:28 | 005,068,225 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\EP9_2-8geol.pdf
[2011/11/07 17:43:53 | 002,863,130 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\mcbee.pdf
[2011/11/06 13:40:31 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/04 17:38:08 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to spybotsd162.lnk
[2011/11/02 10:08:29 | 000,001,944 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2011/11/01 14:51:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2011/11/01 14:50:35 | 059,854,808 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\setup_av_free_cnet.exe
[2011/10/30 09:31:00 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/10/24 18:30:05 | 000,001,026 | ---- | M] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/23 14:14:10 | 000,571,736 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/10/23 13:28:34 | 086,086,376 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Mitch\Desktop\11-9_xp64_dd_ccc_ocl.exe
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/10 13:39:34 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Windows Media Player.lnk
[2011/11/10 13:14:11 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/10 13:11:06 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/11/10 13:10:07 | 007,308,288 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\WindowsDefenderX64.msi
[2011/11/10 10:05:22 | 000,023,392 | ---- | C] () -- C:\WINDOWS\SysWow64\nscompat.tlb
[2011/11/10 10:05:22 | 000,016,832 | ---- | C] () -- C:\WINDOWS\SysWow64\amcompat.tlb
[2011/11/09 14:01:12 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/07 17:51:28 | 005,068,225 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\EP9_2-8geol.pdf
[2011/11/07 17:43:53 | 002,863,130 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\mcbee.pdf
[2011/11/06 13:40:31 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/06 13:40:31 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/04 17:38:08 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to spybotsd162.lnk
[2011/11/01 14:50:01 | 059,854,808 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\setup_av_free_cnet.exe
[2011/10/24 18:30:05 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/23 16:44:49 | 000,001,944 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2011/10/23 13:27:32 | 000,807,998 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\3400_Swap_Guide_v2.5.6[1].pdf
[2011/10/23 13:27:31 | 009,809,336 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\WhiteCap_522.exe
[2011/10/23 13:27:31 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Shortcut to Pop3uidl.lnk
[2011/10/23 13:27:31 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Shortcut (2) to Outlook Express.lnk
[2011/10/23 13:27:31 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Shortcut to Address Book.lnk
[2011/10/23 13:27:31 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Shortcut to Outlook Express.lnk
[2011/10/23 13:27:30 | 001,767,325 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Ammasaikutty-2003.pdf
[2011/10/23 13:27:30 | 000,568,320 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\HDViewInstall_1_20_IE.msi
[2011/10/23 13:27:30 | 000,061,456 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\EZWebUpdateRevJ.exe
[2011/10/23 12:54:16 | 000,412,675 | ---- | C] () -- E:\Media\My Documets\AIAA-2004-1206_Fluidic%20Nozzle.pdf
[2011/10/23 12:51:17 | 000,343,320 | ---- | C] () -- E:\Media\My Documets\t3203.pdf
[2011/10/23 12:51:17 | 000,195,040 | ---- | C] () -- E:\Media\My Documets\STM-9450-2.jpg
[2011/10/23 12:51:17 | 000,125,198 | ---- | C] () -- E:\Media\My Documets\pr141592img2sma.jpg
[2011/10/23 12:51:17 | 000,124,376 | ---- | C] () -- E:\Media\My Documets\pr136826img2sma.jpg
[2011/10/23 12:51:17 | 000,119,781 | ---- | C] () -- E:\Media\My Documets\CA-CA-5048G-Black.jpg
[2011/10/23 12:51:17 | 000,118,173 | ---- | C] () -- E:\Media\My Documets\pr147866img1sma.jpg
[2011/10/23 12:51:17 | 000,084,949 | ---- | C] () -- E:\Media\My Documets\sado-vinyl-teddy-146087big.jpg
[2011/10/23 12:51:17 | 000,080,885 | ---- | C] () -- E:\Media\My Documets\185404_10150249629467735_504502734_7932327_981111_n.jpg
[2011/10/23 12:51:17 | 000,076,727 | ---- | C] () -- E:\Media\My Documets\UJE-J273.jpg
[2011/10/23 12:51:17 | 000,057,046 | ---- | C] () -- E:\Media\My Documets\pr138298img1sma.jpg
[2011/10/23 12:51:17 | 000,046,293 | ---- | C] () -- E:\Media\My Documets\pr138298img2sma.jpg
[2011/10/23 12:51:17 | 000,041,295 | ---- | C] () -- E:\Media\My Documets\lg_96168sh_rd_fv.jpg
[2011/10/23 12:51:17 | 000,037,756 | ---- | C] () -- E:\Media\My Documets\lg_96168sh_rd_bv.jpg
[2011/10/23 12:51:17 | 000,019,412 | ---- | C] () -- E:\Media\My Documets\lg_21661esc_bv.jpg
[2011/10/23 12:51:17 | 000,006,923 | ---- | C] () -- E:\Media\My Documets\lg_VTG_Sexy.jpg
[2011/10/23 12:51:16 | 007,953,299 | ---- | C] () -- E:\Media\My Documets\xg_a_manual.pdf
[2011/10/23 12:51:16 | 004,258,271 | ---- | C] () -- E:\Media\My Documets\DSCN2218.JPG
[2011/10/23 12:51:16 | 002,359,350 | ---- | C] () -- E:\Media\My Documets\vulcansr21024.bmp
[2011/10/23 12:51:16 | 000,439,094 | ---- | C] () -- E:\Media\My Documets\Ammasaikutty-2003.pdf - Adobe Reader.bmp
[2011/10/23 12:51:16 | 000,061,436 | ---- | C] () -- E:\Media\My Documets\thumbnailCAZN1J0H.jpg
[2011/10/23 12:51:16 | 000,055,026 | ---- | C] () -- E:\Media\My Documets\mediaCATGM7WW.jpg
[2011/10/23 12:51:16 | 000,052,191 | ---- | C] () -- E:\Media\My Documets\thumbnail.jpg
[2011/10/23 12:51:16 | 000,051,118 | ---- | C] () -- E:\Media\My Documets\mediaCAVY3NZI.jpg
[2011/10/23 12:51:16 | 000,032,407 | ---- | C] () -- E:\Media\My Documets\erotic_nights_camisette_5384lar.jpg
[2011/10/23 12:51:16 | 000,024,137 | ---- | C] () -- E:\Media\My Documets\beyonce.jpg
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\OVDecode.dll
[2010/09/20 21:25:32 | 000,000,388 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\SamsungLiveUpdateConfig.ini
[2010/09/20 20:07:18 | 011,878,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/04/01 20:47:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/02/28 14:14:51 | 000,663,552 | ---- | C] () -- C:\WINDOWS\SysWow64\ati2saag.exe
[2009/02/28 14:09:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/07 16:10:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\programs
[2009/02/07 16:10:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/02/07 16:10:05 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Alerts
[2009/01/23 21:32:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeW7.dll
[2009/01/23 21:32:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeA6.dll
[2009/01/23 21:32:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeP6.dll
[2009/01/23 21:32:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeM6.dll
[2009/01/23 21:32:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizePX.dll
[2009/01/23 21:32:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresize.dll
[2009/01/23 21:32:07 | 000,831,600 | ---- | C] () -- C:\WINDOWS\SysWow64\Ctaa1.dat
[2009/01/23 21:32:07 | 000,122,880 | ---- | C] () -- C:\WINDOWS\SysWow64\cddvdint.dll
[2009/01/19 23:18:21 | 000,000,331 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/23 22:23:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/11/23 22:12:11 | 000,571,736 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2008/11/20 21:54:13 | 000,037,376 | R--- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2008/11/20 20:27:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/20 13:55:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/18 06:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2007/02/18 06:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 06:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 06:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 06:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 06:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 06:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 06:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 06:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 06:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 06:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2007/02/18 06:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2007/02/18 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 06:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2007/02/18 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2007/02/18 06:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Mitch\Desktop\EZWebUpdateRevJ.exe:SummaryInformation

< End of report >

Edited by M2mouse, 10 November 2011 - 09:52 PM.

#2
SweetTech

Posted 15 November 2011 - 12:08 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :yes:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running OTL

We need to create a FULL OTL Report

Please download OTL from here:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

#3
M2mouse

Posted 15 November 2011 - 01:03 PM

Member

Topic Starter
Member
175 posts

Thank you, I'll get the new OTL. I'm just about out of my mind and may screw up from time to time. Please forgive me.

#4
SweetTech

Posted 15 November 2011 - 01:10 PM

Sir SpamAlot

Retired Staff
7,671 posts

Thank you, I'll get the new OTL. I'm just about out of my mind and may screw up from time to time. Please forgive me.

Okay. No worries, I've been in your shoes before, so I know how stressful of a time this can be. If you get frustrated or are unsure about my instructions, please stop and post back letting me know.

Don't forget that we are in this together now!

#5
M2mouse

Posted 15 November 2011 - 01:12 PM

Member

Topic Starter
Member
175 posts

OTL logfile created on: 11/15/2011 1:09:55 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mitch\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 61.92% Memory free
5.74 Gb Paging File | 4.36 Gb Available in Paging File | 76.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 431.50 Gb Free Space | 92.65% Space Free | Partition Type: NTFS
Drive D: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 465.76 Gb Total Space | 456.87 Gb Free Space | 98.09% Space Free | Partition Type: NTFS

Computer Name: MITCH | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/15 13:09:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTL.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/27 15:58:48 | 000,793,416 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/02/18 06:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/06/14 22:54:00 | 000,212,992 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/05/25 10:53:14 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2011/05/25 10:53:12 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2011/05/25 10:53:12 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/17 12:01:44 | 000,099,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/01 03:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/02/03 21:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 06:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2007/02/18 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 18 30 DE 31 A0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/11/14 15:50:29 | 000,000,000 | ---D | M]

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\ARO 2011\aro.exe (Support.com)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://support.att.n...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1227376629640 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1189CE54-EA73-4ED2-A5AB-6B5A06331B6E}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF4A47C-0547-478B-8AD5-E1BE5A38C5BC}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D97A4C06-2153-42D8-84C7-333CA178C503}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) -C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: E:\Media\My Documets\vulcansr21024.bmp
O24 - Desktop BackupWallPaper: E:\Media\My Documets\vulcansr21024.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/20 20:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 13:09:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTL.exe
[2011/11/15 12:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\AVG
[2011/11/15 12:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/15 12:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/11/15 12:32:27 | 008,143,904 | ---- | C] (AVG ) -- C:\Documents and Settings\Mitch\Desktop\avg_pct_stf_all_2012_26_c4.exe
[2011/11/15 10:44:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mitch\Start Menu\Programs\Administrative Tools
[2011/11/14 20:15:48 | 003,903,608 | ---- | C] (AVG Technologies) -- E:\Media\My Documets\avg_avct_stb_all_2012_1869_free.exe
[2011/11/14 16:04:58 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/11/14 15:51:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/14 15:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\AVG2012
[2011/11/14 15:50:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\AVG
[2011/11/14 15:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/14 15:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/14 15:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/14 15:43:00 | 003,903,608 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Mitch\Desktop\avg_avct_stb_all_2012_1869_free.exe
[2011/11/14 14:20:46 | 000,646,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTS.exe
[2011/11/14 12:26:02 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\SysWow64\VCCLSID.exe
[2011/11/14 12:26:02 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\SysWow64\SrchSTS.exe
[2011/11/14 12:26:02 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\SysWow64\swreg.exe
[2011/11/14 12:26:02 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\VACFix.exe
[2011/11/14 12:26:02 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\IEDFix.exe
[2011/11/14 12:26:02 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\IEDFix.C.exe
[2011/11/14 12:26:02 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\404Fix.exe
[2011/11/14 12:26:02 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\o4Patch.exe
[2011/11/14 12:26:02 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\SysWow64\swxcacls.exe
[2011/11/14 12:26:02 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\Agent.OMZ.Fix.exe
[2011/11/14 12:26:02 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\SysWow64\Process.exe
[2011/11/13 14:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2011/11/11 15:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Windows Search
[2011/11/10 22:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Local Settings\Application Data\AskToolbar
[2011/11/10 22:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/11/10 22:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Sammsoft
[2011/11/10 22:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2011
[2011/11/10 13:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\ElevatedDiagnostics
[2011/11/10 13:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\windowspowershell
[2011/11/10 13:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/11/10 10:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\OpenOffice.org
[2011/11/07 17:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio
[2011/11/02 13:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2011/11/02 13:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2011/11/02 13:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/11/01 14:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/01 14:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/28 21:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Nikon
[2011/10/24 18:28:16 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Mitch\Desktop\spybotsd162.exe
[2011/10/23 16:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Local Settings\Application Data\Identities
[2011/10/23 16:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\MSNInstaller
[2011/10/23 15:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Macromedia
[2011/10/23 15:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Local Settings\Application Data\Adobe
[2011/10/23 13:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Adobe
[2011/10/23 13:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Sun
[2011/10/23 13:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\BOINC
[2011/10/23 13:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2011/10/23 13:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/10/23 13:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2011/10/23 13:27:30 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mitch\Desktop\dotNetFx35setup.exe
[2011/10/23 13:27:30 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Mitch\Desktop\JavaSetup6u17-rv.exe
[2011/10/23 13:27:07 | 086,086,376 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Mitch\Desktop\11-9_xp64_dd_ccc_ocl.exe
[2011/10/23 13:21:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mitch\PrivacIE
[2011/10/23 12:54:00 | 000,000,000 | R--D | C] -- E:\Media\My Documets\My Videos
[2011/10/23 12:54:00 | 000,000,000 | ---D | C] -- E:\Media\My Documets\old photos
[2011/10/23 12:54:00 | 000,000,000 | ---D | C] -- E:\Media\My Documets\My Received Files
[2011/10/23 12:51:17 | 000,000,000 | R--D | C] -- E:\Media\My Documets\My Pictures
[2011/10/23 12:51:17 | 000,000,000 | R--D | C] -- E:\Media\My Documets\My Music
[2011/10/23 12:51:16 | 000,000,000 | ---D | C] -- E:\Media\My Documets\InterVideo
[9 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/15 13:09:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTL.exe
[2011/11/15 12:33:20 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\AVG PC Tuneup 2011.lnk
[2011/11/15 12:32:32 | 008,143,904 | ---- | M] (AVG ) -- C:\Documents and Settings\Mitch\Desktop\avg_pct_stf_all_2012_26_c4.exe
[2011/11/14 22:10:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/14 17:11:47 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy (2).lnk
[2011/11/14 15:50:29 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/14 15:50:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\AVG\incavi.avm
[2011/11/14 15:50:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\AVG\iavichjw.avm
[2011/11/14 15:43:12 | 003,903,608 | ---- | M] (AVG Technologies) -- E:\Media\My Documets\avg_avct_stb_all_2012_1869_free.exe
[2011/11/14 15:43:12 | 003,903,608 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Mitch\Desktop\avg_avct_stb_all_2012_1869_free.exe
[2011/11/14 14:20:54 | 000,646,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTS.exe
[2011/11/14 13:47:18 | 000,001,898 | ---- | M] () -- C:\WINDOWS\SysWow64\tmp.reg
[2011/11/11 00:02:29 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/10 22:59:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2011/11/10 13:41:13 | 000,000,984 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/07 17:51:28 | 005,068,225 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\EP9_2-8geol.pdf
[2011/11/07 17:43:53 | 002,863,130 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\mcbee.pdf
[2011/10/30 09:31:00 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/10/24 18:30:05 | 000,001,026 | ---- | M] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/24 18:30:05 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\Spybot - Search & Destroy.lnk
[2011/10/24 18:28:24 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Mitch\Desktop\spybotsd162.exe
[2011/10/23 16:44:49 | 000,001,944 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2011/10/23 14:36:57 | 000,000,388 | ---- | M] () -- C:\Documents and Settings\Mitch\Application Data\SamsungLiveUpdateConfig.ini
[2011/10/23 14:14:10 | 000,571,736 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/10/23 13:28:34 | 086,086,376 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Mitch\Desktop\11-9_xp64_dd_ccc_ocl.exe
[9 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/15 12:33:20 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\AVG PC Tuneup 2011.lnk
[2011/11/14 17:11:47 | 000,001,008 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy (2).lnk
[2011/11/14 15:50:29 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/14 15:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AVG\incavi.avm
[2011/11/14 15:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AVG\iavichjw.avm
[2011/11/14 12:26:20 | 000,001,898 | ---- | C] () -- C:\WINDOWS\SysWow64\tmp.reg
[2011/11/14 12:26:02 | 000,075,776 | ---- | C] () -- C:\WINDOWS\SysWow64\WS2Fix.exe
[2011/11/14 12:26:02 | 000,051,200 | ---- | C] () -- C:\WINDOWS\SysWow64\dumphive.exe
[2011/11/14 12:26:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SysWow64\swsc.exe
[2011/11/07 17:51:28 | 005,068,225 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\EP9_2-8geol.pdf
[2011/11/07 17:43:53 | 002,863,130 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\mcbee.pdf
[2011/11/06 13:40:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/06 13:40:31 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/10/24 18:30:05 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/24 18:30:05 | 000,001,008 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Spybot - Search & Destroy.lnk
[2011/10/23 16:44:49 | 000,001,944 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2011/10/23 14:40:23 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/23 13:27:32 | 000,807,998 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\3400_Swap_Guide_v2.5.6[1].pdf
[2011/10/23 13:27:31 | 009,809,336 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\WhiteCap_522.exe
[2011/10/23 13:27:31 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Shortcut to Address Book.lnk
[2011/10/23 13:27:31 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Shortcut to Outlook Express.lnk
[2011/10/23 13:27:30 | 001,767,325 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Ammasaikutty-2003.pdf
[2011/10/23 13:27:30 | 000,568,320 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\HDViewInstall_1_20_IE.msi
[2011/10/23 13:27:30 | 000,061,456 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\EZWebUpdateRevJ.exe
[2011/10/23 12:54:16 | 000,412,675 | ---- | C] () -- E:\Media\My Documets\AIAA-2004-1206_Fluidic%20Nozzle.pdf
[2011/10/23 12:51:17 | 000,343,320 | ---- | C] () -- E:\Media\My Documets\t3203.pdf
[2011/10/23 12:51:17 | 000,195,040 | ---- | C] () -- E:\Media\My Documets\STM-9450-2.jpg
[2011/10/23 12:51:17 | 000,125,198 | ---- | C] () -- E:\Media\My Documets\pr141592img2sma.jpg
[2011/10/23 12:51:17 | 000,124,376 | ---- | C] () -- E:\Media\My Documets\pr136826img2sma.jpg
[2011/10/23 12:51:17 | 000,119,781 | ---- | C] () -- E:\Media\My Documets\CA-CA-5048G-Black.jpg
[2011/10/23 12:51:17 | 000,118,173 | ---- | C] () -- E:\Media\My Documets\pr147866img1sma.jpg
[2011/10/23 12:51:17 | 000,084,949 | ---- | C] () -- E:\Media\My Documets\sado-vinyl-teddy-146087big.jpg
[2011/10/23 12:51:17 | 000,080,885 | ---- | C] () -- E:\Media\My Documets\185404_10150249629467735_504502734_7932327_981111_n.jpg
[2011/10/23 12:51:17 | 000,076,727 | ---- | C] () -- E:\Media\My Documets\UJE-J273.jpg
[2011/10/23 12:51:17 | 000,057,046 | ---- | C] () -- E:\Media\My Documets\pr138298img1sma.jpg
[2011/10/23 12:51:17 | 000,046,293 | ---- | C] () -- E:\Media\My Documets\pr138298img2sma.jpg
[2011/10/23 12:51:17 | 000,041,295 | ---- | C] () -- E:\Media\My Documets\lg_96168sh_rd_fv.jpg
[2011/10/23 12:51:17 | 000,037,756 | ---- | C] () -- E:\Media\My Documets\lg_96168sh_rd_bv.jpg
[2011/10/23 12:51:17 | 000,019,412 | ---- | C] () -- E:\Media\My Documets\lg_21661esc_bv.jpg
[2011/10/23 12:51:17 | 000,006,923 | ---- | C] () -- E:\Media\My Documets\lg_VTG_Sexy.jpg
[2011/10/23 12:51:16 | 007,953,299 | ---- | C] () -- E:\Media\My Documets\xg_a_manual.pdf
[2011/10/23 12:51:16 | 004,258,271 | ---- | C] () -- E:\Media\My Documets\DSCN2218.JPG
[2011/10/23 12:51:16 | 002,359,350 | ---- | C] () -- E:\Media\My Documets\vulcansr21024.bmp
[2011/10/23 12:51:16 | 000,439,094 | ---- | C] () -- E:\Media\My Documets\Ammasaikutty-2003.pdf - Adobe Reader.bmp
[2011/10/23 12:51:16 | 000,061,436 | ---- | C] () -- E:\Media\My Documets\thumbnailCAZN1J0H.jpg
[2011/10/23 12:51:16 | 000,055,026 | ---- | C] () -- E:\Media\My Documets\mediaCATGM7WW.jpg
[2011/10/23 12:51:16 | 000,052,191 | ---- | C] () -- E:\Media\My Documets\thumbnail.jpg
[2011/10/23 12:51:16 | 000,051,118 | ---- | C] () -- E:\Media\My Documets\mediaCAVY3NZI.jpg
[2011/10/23 12:51:16 | 000,032,407 | ---- | C] () -- E:\Media\My Documets\erotic_nights_camisette_5384lar.jpg
[2011/10/23 12:51:16 | 000,024,137 | ---- | C] () -- E:\Media\My Documets\beyonce.jpg
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\OVDecode.dll
[2010/09/20 21:25:32 | 000,000,388 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\SamsungLiveUpdateConfig.ini
[2010/09/20 20:07:18 | 011,878,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/04/01 20:47:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/02/28 14:14:51 | 000,663,552 | ---- | C] () -- C:\WINDOWS\SysWow64\ati2saag.exe
[2009/02/28 14:09:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/07 16:10:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\programs
[2009/02/07 16:10:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/02/07 16:10:05 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Alerts
[2009/01/23 21:32:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeW7.dll
[2009/01/23 21:32:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeA6.dll
[2009/01/23 21:32:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeP6.dll
[2009/01/23 21:32:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeM6.dll
[2009/01/23 21:32:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizePX.dll
[2009/01/23 21:32:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresize.dll
[2009/01/23 21:32:07 | 000,831,600 | ---- | C] () -- C:\WINDOWS\SysWow64\Ctaa1.dat
[2009/01/23 21:32:07 | 000,122,880 | ---- | C] () -- C:\WINDOWS\SysWow64\cddvdint.dll
[2009/01/19 23:18:21 | 000,000,331 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/23 22:23:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/11/23 22:12:11 | 000,571,736 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2008/11/20 21:54:13 | 000,037,376 | R--- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2008/11/20 20:27:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/20 13:55:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/18 06:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2007/02/18 06:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 06:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 06:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 06:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 06:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 06:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 06:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 06:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 06:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 06:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2007/02/18 06:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2007/02/18 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 06:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2007/02/18 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2007/02/18 06:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Mitch\Desktop\EZWebUpdateRevJ.exe:SummaryInformation
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

#6
M2mouse

Posted 15 November 2011 - 01:20 PM

Member

Topic Starter
Member
175 posts

Oops sorry, everything is running ok. But I have been redirected many times just off of this site. Checked my profile and got redirected to another site.
Oh yeah my tool bar clock has changed to 24 hour and I can't change it. When I look at the adjust time/date the clock is right.

Edited by M2mouse, 15 November 2011 - 02:03 PM.

#7
SweetTech

Posted 15 November 2011 - 02:36 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello!

What type of sites are you being redirected to? Is it always the same type of site?

First things first, lets disable Spybot's TeaTimer feature, as we don't want it to interfere with our fixes.

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press
Click on
Click on
Uncheck this checkbox:
Close/Exit Spybot Search and Destroy

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O4 - HKLM..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
[2011/11/14 12:26:02 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\SysWow64\VCCLSID.exe
[2011/11/14 12:26:02 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\SysWow64\SrchSTS.exe
[2011/11/14 12:26:02 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\SysWow64\swreg.exe
[2011/11/14 12:26:02 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\VACFix.exe
[2011/11/14 12:26:02 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\IEDFix.exe
[2011/11/14 12:26:02 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\IEDFix.C.exe
[2011/11/14 12:26:02 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\404Fix.exe
[2011/11/14 12:26:02 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\o4Patch.exe
[2011/11/14 12:26:02 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\SysWow64\swxcacls.exe
[2011/11/14 12:26:02 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\Agent.OMZ.Fix.exe
[2011/11/14 12:26:02 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\SysWow64\Process.exe
[2011/11/14 13:47:18 | 000,001,898 | ---- | M] () -- C:\WINDOWS\SysWow64\tmp.reg
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Mitch\Desktop\EZWebUpdateRevJ.exe:SummaryInformation
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:contents
C:\Documents and Settings\All Users\Application Data\programs
C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
C:\Documents and Settings\All Users\Application Data\Alerts
:dir
C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Edited by SweetTech, 15 November 2011 - 02:37 PM.

#8
M2mouse

Posted 15 November 2011 - 02:43 PM

Member

Topic Starter
Member
175 posts

Ok this will take some time. I must add that when I click on the download mirror#1 and #2 all I get is a blank page.

Two out of three done. I need a safe place to download Systemlook.
Nevermind I got.

Edited by M2mouse, 15 November 2011 - 03:08 PM.

#9
M2mouse

Posted 15 November 2011 - 03:01 PM

Member

Topic Starter
Member
175 posts

OTL:
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Name of App deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\SysWOW64\VCCLSID.exe moved successfully.
C:\WINDOWS\SysWOW64\SrchSTS.exe moved successfully.
C:\WINDOWS\SysWOW64\swreg.exe moved successfully.
C:\WINDOWS\SysWOW64\VACFix.exe moved successfully.
C:\WINDOWS\SysWOW64\IEDFix.exe moved successfully.
C:\WINDOWS\SysWOW64\IEDFix.C.exe moved successfully.
C:\WINDOWS\SysWOW64\404Fix.exe moved successfully.
C:\WINDOWS\SysWOW64\o4Patch.exe moved successfully.
C:\WINDOWS\SysWOW64\swxcacls.exe moved successfully.
C:\WINDOWS\SysWOW64\Agent.OMZ.Fix.exe moved successfully.
C:\WINDOWS\SysWOW64\Process.exe moved successfully.
C:\WINDOWS\SysWOW64\tmp.reg moved successfully.
ADS C:\Documents and Settings\Mitch\Desktop\EZWebUpdateRevJ.exe:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Mitch\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mitch\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Mitch\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mitch\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 172115 bytes

User: All Users

User: Default User

User: LocalService

User: Mitch
->Flash cache emptied: 16493 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11152011_145054

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#10
M2mouse

Posted 15 November 2011 - 03:05 PM

Member

Topic Starter
Member
175 posts

SystemLook 30.07.11 by jpshortstuff
Log created at 15:04 on 15/11/2011 by Mitch
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== contents ==========

C:\Documents and Settings\All Users\Application Data\programs - Opened succesfully.

†r§*A?€úÁ²*Ê MlA”ÓÿtObêŠ$Ë§Z-á®¡C¤õ¥nPyLé-½«q·¡‘ŸM¸;y†7cx>(õmÕH[’Ýû‹õ±PÃö•ªš:

C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT - Opened succesfully.

U‡

C:\Documents and Settings\All Users\Application Data\Alerts - Opened succesfully.

0jYšk†HÔ œ

========== dir ==========

C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio - Parameters: "(none)"

---Files---
spoof.avi --ah--- 970752 bytes [23:25 07/11/2011] [19:33 10/11/2011]

---Folders---
None found.

-= EOF =-

#11
SweetTech

Posted 15 November 2011 - 03:10 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

Glad to hear you got the SystemLook file to download properly.

Please run this OTL fix:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\programs
C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
C:\Documents and Settings\All Users\Application Data\Alerts
C:\Documents and Settings\All Users\Application Data\ejircmlnkvctio
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.