Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

do i still have Trojan Injector? RogueVistaAntiVirus2010? [Closed]


  • This topic is locked This topic is locked

#1
lamc

lamc

    New Member

  • Member
  • Pip
  • 4 posts
My administrator account has been locked by trojan injector, i can't logon or use my computer. So I'm using my Guest account which shows me errors about not being able to access windows installer when i try to install a pc-fix tool. I have downloaded and ran the OTS scanner and the log is attached. Also i used a tool called Adware Away which showed i have many Internet Explorer Hijackers, RogueVistaAntiVirus2010, and one scan showed Trojan Injector; the log is attached too. Please help - I don't have any administrative access in Guest account.

OTS logfile created on: 6/5/2012 2:35:39 PM - Run (Non-Administrative account!)
OTS by OldTimer - Version 3.1.47.2 Folder = C:\Documents and Settings\Guest\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 0.61 Gb Free Space | 0.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-E817FAE0D8
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Guest\My Documents\Downloads\OTS.exe -> [2012/06/05 14:32:10 | 000,646,656 | ---- | M] (OldTimer Tools)
rtkbtmnt.exe -> C:\Documents and Settings\Guest\Local Settings\Temp\RtkBtMnt.exe -> [2012/06/05 13:48:21 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.)
msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2012/02/13 16:49:27 | 000,924,632 | ---- | M] (Mozilla Corporation)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/08/15 09:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited)
aa antimalware.exe -> C:\Program Files\Adware Away\AA Antimalware.exe -> [2011/01/12 17:52:26 | 000,709,632 | ---- | M] (AdwareAway.com)
eragent.exe -> C:\Acer\Empowering Technology\eRecovery\eRAgent.exe -> [2008/09/04 02:46:04 | 000,425,984 | ---- | M] (Acer Inc.)
qtzgacer.exe -> C:\Program Files\Launch Manager\QtZgAcer.EXE -> [2008/05/13 23:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
launchu3.exe -> C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe -> [2006/11/16 14:26:52 | 001,095,224 | ---- | M] ()

[Modules - No Company Name]
npswf32_11_2_202_235.dll -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll -> [2012/05/26 13:02:22 | 008,797,856 | ---- | M] ()
mozjs.dll -> C:\Program Files\Mozilla Firefox\mozjs.dll -> [2012/02/13 16:49:25 | 001,911,768 | ---- | M] ()
it41.dll -> C:\Acer\Empowering Technology\eRecovery\it41.dll -> [2007/04/06 05:56:30 | 000,356,352 | ---- | M] ()
launchu3.exe -> C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe -> [2006/11/16 14:26:52 | 001,095,224 | ---- | M] ()
imagefile.dll -> C:\Acer\Empowering Technology\eRecovery\imagefile.dll -> [2006/01/12 13:33:34 | 000,212,992 | ---- | M] ()

[Win32 Services - Safe List]
[Driver Services - Safe List]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\] > -> ->
HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: Main\\"Default_Page_URL" -> http://homepage.acer...d=1209&m=aoa150 ->
HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: Main\\"Search Page" -> http://www.google.com ->
HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: SearchURL\\"" -> http://www.google.com/search/?q=%s ->
HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Guest\Application Data\Mozilla\FireFox\Profiles\qlz62hgg.default\prefs.js ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.0.0.8 ->
extensions.enabledItems -> [email protected]:1.0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d} -> C:\Program Files\FVD Suite\addons\Firefox [C:\PROGRAM FILES\FVD SUITE\ADDONS\FIREFOX] -> [2011/12/19 19:47:04 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 10.0.1\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012/02/13 16:49:30 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012/04/24 10:50:40 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions -> [2010/10/11 00:08:00 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qlz62hgg.default\extensions -> [2012/06/05 13:15:24 | 000,000,000 | ---D | M]
Bitdefender QuickScan -> C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qlz62hgg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} -> [2012/06/05 13:15:24 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2012/02/13 16:49:44 | 000,000,000 | ---D | M]
< HOSTS File > ([2011/06/06 07:39:19 | 000,000,848 | R--- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{000123B4-9B42-4900-B3F7-F4B073EFC214} [HKLM] -> C:\Program Files\Orbitdownloader\orbitcth.dll [Octh Class] -> [2010/01/12 16:03:52 | 000,240,912 | ---- | M] (Orbitdownloader.com)
{043C5167-00BB-4324-AF7E-62013FAEDACF} [HKLM] -> C:\Program Files\vShare\vshare_toolbar.dll [vShare Plugin] -> [2010/10/05 15:40:08 | 000,478,800 | ---- | M] ()
{2B171655-A69C-5c18-B693-6CB5DC269D44} [HKLM] -> C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll [Open FVD Suite Toolbar] -> [2011/12/07 10:55:18 | 000,410,112 | ---- | M] (www.flashvideodownloader.org/fvd-suite/)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java™ Plug-In SSV Helper] -> [2011/11/10 09:01:32 | 000,325,408 | ---- | M] (Sun Microsystems, Inc.)
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [HKLM] -> [BitTorrentBar Toolbar] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [Google Toolbar Notifier BHO] -> [2012/01/10 23:29:27 | 001,003,576 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{043C5167-00BB-4324-AF7E-62013FAEDACF}" [HKLM] -> C:\Program Files\vShare\vshare_toolbar.dll [vShare Plugin] -> [2010/10/05 15:40:08 | 000,478,800 | ---- | M] ()
"{2B171655-A69C-5c18-B693-6CB5DC269D41}" [HKLM] -> C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll [FVD Suite Toolbar] -> [2011/12/07 10:55:18 | 000,410,112 | ---- | M] (www.flashvideodownloader.org/fvd-suite/)
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" [HKLM] -> [BitTorrentBar Toolbar] -> File not found
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> C:\Program Files\Orbitdownloader\GrabPro.dll [Grab Pro] -> [2010/01/12 16:03:52 | 000,662,720 | ---- | M] ()
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{043C5167-00BB-4324-AF7E-62013FAEDACF}" [HKLM] -> C:\Program Files\vShare\vshare_toolbar.dll [vShare Plugin] -> [2010/10/05 15:40:08 | 000,478,800 | ---- | M] ()
WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}" [HKLM] -> [BitTorrentBar Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE] -> [2008/06/19 19:20:52 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"AzMixerSel" -> C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe] -> [2006/07/18 01:40:30 | 000,053,248 | ---- | M] (Realtek Semiconductor Corp.)
"eRecoveryService" -> C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [C:\Acer\Empowering Technology\eRecovery\eRAgent.exe] -> [2008/09/04 02:46:04 | 000,425,984 | ---- | M] (Acer Inc.)
"IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2008/04/14 16:00:00 | 000,208,952 | ---- | M] (Microsoft Corporation)
"LaunchApp" -> C:\WINDOWS\Alaunch.exe [Alaunch] -> [2006/03/16 16:56:22 | 000,524,288 | ---- | M] (Acer Inc.)
"LManager" -> C:\Program Files\Launch Manager\QtZgAcer.EXE [C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE] -> [2008/05/13 23:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.)
"MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation)
"PLFSetL" -> C:\WINDOWS\PLFSetL.exe [C:\WINDOWS\PLFSetL.exe] -> [2007/07/05 16:35:54 | 000,094,208 | ---- | M] (sonix)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk -> C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe -> [2011/02/23 13:00:25 | 000,022,486 | R--- | M] ()
-> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\newadmin.txt -> [2012/06/05 13:34:47 | 000,000,123 | ---- | M] ()
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\Software\Microsoft\Internet Explorer\MenuExt\ ->
Google Sidewiki... -> [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 73 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 72 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 72 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 73 domain(s) found. ->
localhost .[http] -> Local intranet ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
GD [:Range = 127.0.0.1] -> http = Local intranet | ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.mi...b?1264586680562 [MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_30] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_30] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://l.yimg.com/jh...aploader_v6.cab [PopCapLoader Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.ad...Plus/1.6/gp.cab [Reg Error: Key error.] ->
{E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> http://gfx1.hotmail....ol/MSNPUpld.cab [Windows Live Hotmail Photo Upload Tool] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 64.71.255.198 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{B56DB731-4C2D-43C8-870F-66DB01BC51AA}\\DhcpNameServer -> 64.71.255.198 (Atheros AR5007EG Wireless Network Adapter) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2011/01/15 04:08:08 | 000,123,392 | ---- | M] (Google)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 16:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
TPSvc -> -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 23:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Veetle\Player\VeetleNet.exe" -> C:\Program Files\Veetle\Player\VeetleNet.exe [C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet] -> [2011/04/27 19:25:44 | 000,626,392 | ---- | M] ()
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\user\Application Data\U3\0000187112A32E8C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" -> [C:\Documents and Settings\user\Application Data\U3\0000187112A32E8C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype] -> File not found
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2012/02/22 09:11:58 | 000,650,104 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" -> C:\Program Files\Java\jre6\bin\javaw.exe [C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary] -> [2011/11/10 06:54:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2012/02/13 16:49:27 | 000,924,632 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Orbitdownloader\orbitdm.exe" -> C:\Program Files\Orbitdownloader\orbitdm.exe [C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit] -> [2010/01/12 16:03:54 | 001,785,104 | ---- | M] (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" -> C:\Program Files\Orbitdownloader\orbitnet.exe [C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit] -> [2009/12/03 10:54:40 | 000,557,056 | ---- | M] (Orbitdownloader.com)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2010/10/16 13:18:32 | 000,328,056 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Veetle\Player\VeetleNet.exe" -> C:\Program Files\Veetle\Player\VeetleNet.exe [C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet] -> [2011/04/27 19:25:44 | 000,626,392 | ---- | M] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/20 14:11:40 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell
\D\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun
\D\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command
\D\Shell\AutoRun\command\\"" -> [D:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Classes\<extension>\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found

[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Error: Unable to start EventLog service!

[Files/Folders - Created Within 30 Days]
tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> [2012/06/05 14:06:44 | 000,200,976 | ---- | C] (Trend Micro Inc.)
QuickScan -> C:\Documents and Settings\Guest\Application Data\QuickScan -> [2012/06/05 13:15:56 | 000,000,000 | ---D | C]
Downloads -> C:\Documents and Settings\Guest\My Documents\Downloads -> [2012/06/05 12:47:49 | 000,000,000 | ---D | C]
YTD YouTube Downloader & Converter -> C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter -> [2012/05/16 16:33:12 | 000,000,000 | ---D | C]
YTD YouTube Downloader & Converter -> C:\Documents and Settings\All Users\Start Menu\Programs\YTD YouTube Downloader & Converter -> [2012/05/16 16:32:57 | 000,000,000 | ---D | C]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/06/05 14:37:02 | 000,000,886 | ---- | M] ()
census.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\census.cache -> [2012/06/05 14:15:33 | 000,172,167 | ---- | M] ()
ars.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\ars.cache -> [2012/06/05 14:15:05 | 000,166,169 | ---- | M] ()
housecall.guid.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\housecall.guid.cache -> [2012/06/05 14:05:36 | 000,000,036 | ---- | M] ()
Microsoft Antimalware Scheduled Scan.job -> C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job -> [2012/06/05 13:57:52 | 000,000,384 | -H-- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/06/05 13:47:46 | 000,000,882 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/06/05 13:47:32 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2012/06/05 13:47:30 | 1597,976,576 | -HS- | M] ()
rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2012/06/04 17:24:44 | 000,000,064 | ---- | M] ()
rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2012/06/04 17:24:44 | 000,000,044 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2012/06/04 17:24:39 | 000,000,472 | ---- | M] ()
LaunchU3.exe.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk -> [2012/06/04 10:41:41 | 000,002,539 | ---- | M] ()
FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2012/05/26 13:02:22 | 000,419,488 | ---- | M] (Adobe Systems Incorporated)
FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2012/05/26 13:02:22 | 000,070,304 | ---- | M] (Adobe Systems Incorporated)
YTD YouTube Downloader & Converter.lnk -> C:\Documents and Settings\All Users\Desktop\YTD YouTube Downloader & Converter.lnk -> [2012/05/16 16:32:50 | 000,000,725 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2012/05/12 00:51:44 | 000,507,594 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2012/05/12 00:51:44 | 000,088,782 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2012/05/11 23:32:22 | 000,343,424 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/05/11 19:55:06 | 000,001,374 | ---- | M] ()
epplauncher.mif -> C:\WINDOWS\epplauncher.mif -> [2012/05/11 19:51:54 | 000,001,945 | ---- | M] ()
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
4 C:\Documents and Settings\Guest\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Guest\Local Settings\Temp\*.tmp ->
34 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
3 C:\*.tmp files -> C:\*.tmp ->
1 C:\Documents and Settings\Guest\Local Settings\Temp\HouseCall\*.tmp files -> C:\Documents and Settings\Guest\Local Settings\Temp\HouseCall\*.tmp ->
1 C:\Documents and Settings\Guest\Local Settings\Temp\HouseCall\*.tmp files -> C:\Documents and Settings\Guest\Local Settings\Temp\HouseCall\*.tmp ->
1 C:\Documents and Settings\Guest\Local Settings\Temp\HCBackup\*.tmp files -> C:\Documents and Settings\Guest\Local Settings\Temp\HCBackup\*.tmp ->

[Files - No Company Name]
census.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\census.cache -> [2012/06/05 14:15:32 | 000,172,167 | ---- | C] ()
ars.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\ars.cache -> [2012/06/05 14:15:05 | 000,166,169 | ---- | C] ()
housecall.guid.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\housecall.guid.cache -> [2012/06/05 14:05:36 | 000,000,036 | ---- | C] ()
YTD YouTube Downloader & Converter.lnk -> C:\Documents and Settings\All Users\Desktop\YTD YouTube Downloader & Converter.lnk -> [2012/05/16 16:32:50 | 000,000,725 | ---- | C] ()
Microsoft Antimalware Scheduled Scan.job -> C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job -> [2012/05/11 20:01:46 | 000,000,384 | -H-- | C] ()
Microsoft Security Essentials.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk -> [2012/05/11 19:51:50 | 000,001,702 | ---- | C] ()
iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/16 17:34:57 | 000,003,072 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/10/31 09:11:04 | 000,016,896 | ---- | C] ()
rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2011/04/28 11:14:39 | 000,000,064 | ---- | C] ()
rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2011/04/28 11:14:39 | 000,000,044 | ---- | C] ()
zlib.dll -> C:\WINDOWS\System32\zlib.dll -> [2010/10/04 16:35:23 | 000,053,248 | ---- | C] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/09/18 03:44:13 | 000,000,664 | ---- | C] ()

[File - Lop Check]
Common Files -> C:\Documents and Settings\All Users\Application Data\Common Files -> [2011/03/14 15:00:21 | 000,000,000 | -H-D | M]
eSobi -> C:\Documents and Settings\All Users\Application Data\eSobi -> [2010/04/18 14:26:49 | 000,000,000 | ---D | M]
FirmTools -> C:\Documents and Settings\All Users\Application Data\FirmTools -> [2011/10/25 02:49:02 | 000,000,000 | ---D | M]
MFAData -> C:\Documents and Settings\All Users\Application Data\MFAData -> [2010/11/30 00:28:34 | 000,000,000 | ---D | M]
PopCap -> C:\Documents and Settings\All Users\Application Data\PopCap -> [2010/03/13 01:24:07 | 000,000,000 | ---D | M]
STOPzilla! -> C:\Documents and Settings\All Users\Application Data\STOPzilla! -> [2012/04/20 15:13:38 | 000,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2012/03/26 11:40:30 | 000,000,000 | ---D | M]
YouTube Downloader -> C:\Documents and Settings\All Users\Application Data\YouTube Downloader -> [2012/05/16 16:32:57 | 000,000,000 | ---D | M]
YTD YouTube Downloader & Converter -> C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter -> [2012/05/16 16:33:15 | 000,000,000 | ---D | M]
{2162CCC0-3A5F-4887-B51F-CE5F195B3620} -> C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} -> [2011/02/16 12:04:58 | 000,000,000 | -H-D | M]
{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/06/08 00:56:16 | 000,000,000 | ---D | M]
{755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2010/03/18 14:43:38 | 000,000,000 | ---D | M]
PriceGong -> C:\Documents and Settings\Guest\Application Data\PriceGong -> [2011/08/19 05:35:31 | 000,000,000 | ---D | M]
QuickScan -> C:\Documents and Settings\Guest\Application Data\QuickScan -> [2012/06/05 14:16:55 | 000,000,000 | ---D | M]
vShare -> C:\Documents and Settings\Guest\Application Data\vShare -> [2011/10/31 09:00:08 | 000,000,000 | ---D | M]
Windows Desktop Search -> C:\Documents and Settings\Guest\Application Data\Windows Desktop Search -> [2010/05/17 09:45:03 | 000,000,000 | ---D | M]
Windows Search -> C:\Documents and Settings\Guest\Application Data\Windows Search -> [2010/07/12 12:08:59 | 000,000,000 | ---D | M]
SACore -> C:\Documents and Settings\LocalService\Application Data\SACore -> [2009/12/20 11:09:13 | 000,000,000 | ---D | M]
Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2012/06/04 17:24:39 | 000,000,472 | ---- | M] ()
Low Battery Alarm Program.job -> C:\WINDOWS\Tasks\Low Battery Alarm Program.job -> [2011/08/14 20:34:11 | 000,000,104 | ---- | M] ()

[File - Purity Scan]

< End of report >

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I will be unable to fix it from a guest account as I will need full access .. Can you burn a CD ?

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Download the attached scan.txt to a USB drive
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Drag and drop the scan.txt into the Custom scans and fixes box, or double click the scan box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
lamc

lamc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I can now log into my administrator account, open files and go online. But I can't burn a CD because I'm using a netbook that doesn't have a CDROM, and I don't have a USB drive either! Can I still download OTLPENet.exe and use it? Thanks.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK as you are in the admin account could you run OTL from there please
  • 0

#5
lamc

lamc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
no problem, I ran OTL here's the logfile below:

OTL logfile created on: 6/10/2012 6:51:49 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\user\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.44 Gb Available Physical Memory | 29.25% Memory free
3.34 Gb Paging File | 2.09 Gb Available in Paging File | 62.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 1.10 Gb Free Space | 0.77% Space Free | Partition Type: NTFS

Computer Name: ACER-E817FAE0D8 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/10 17:50:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
PRC - [2012/06/05 13:48:21 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Guest\Local Settings\Temp\RtkBtMnt.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/13 16:49:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/03 20:06:34 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\user\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/01/12 16:03:54 | 001,785,104 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2009/12/03 10:54:40 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2009/07/14 16:46:56 | 000,044,776 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2008/09/04 02:46:04 | 000,425,984 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2008/05/13 23:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/04/14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/16 14:26:52 | 001,095,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/26 13:02:22 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/12 13:07:06 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
MOD - [2012/05/12 13:06:02 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 13:02:50 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 12:57:59 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 12:57:35 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/02/13 16:49:25 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/31 22:30:22 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d}\components\gecko10\fvd_connector.dll
MOD - [2009/12/12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/06 05:56:30 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006/11/16 14:26:52 | 001,095,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
MOD - [2006/01/12 13:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/14 16:46:56 | 000,044,776 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2008/09/10 04:33:40 | 000,359,248 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - [2011/02/16 12:24:19 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/02/16 12:22:52 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/08/18 22:30:18 | 000,051,200 | ---- | M] (AdwareAway.com) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Start1Driver.SYS -- (Start1Driver)
DRV - [2010/04/21 08:26:36 | 000,012,800 | ---- | M] (AdwareAway.com) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\DiagnosticScan.SYS -- (DiagnosticScan)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/01/06 22:00:08 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/31 00:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/26 17:51:36 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/20 23:47:46 | 001,318,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/07/08 13:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/14 16:00:00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2007/10/01 18:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/01/13 18:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...d=1209&m=aoa150
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolba...Terms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...&rlz=1I7ACAW_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired...c=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {9051303c-7e41-4311-a783-d6fe5ef2832d}:7.0.1
FF - prefs.js..keyword.URL: "http://search.avg.co...a&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files\FVD Suite\addons\Firefox [2011/12/19 19:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/13 16:49:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/24 10:50:40 | 000,000,000 | ---D | M]

[2010/01/16 17:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2012/06/09 21:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions
[2010/07/14 00:17:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/31 20:53:15 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/27 22:40:50 | 000,000,000 | ---D | M] ("FVD Suite Addon") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d}
[2011/09/24 00:14:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2011/09/24 00:14:14 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2011/09/24 00:13:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2011/09/24 00:14:52 | 000,000,000 | ---D | M] ("Flash Video Downloader Youtube Downloader Facebook") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\[email protected](2).com
[2011/02/06 13:58:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\[email protected]
[2010/10/06 22:14:02 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\[email protected]
[2011/09/24 00:14:08 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\[email protected](2).jung
[2011/09/24 00:13:57 | 000,000,000 | ---D | M] ("Multiple Tab Handler") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\[email protected](2).jp
[2012/06/09 21:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m8iz1nqj.default\extensions\staged
[2012/02/13 16:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/13 02:49:24 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M8IZ1NQJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/04/16 08:09:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/13 16:49:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/13 16:49:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/13 16:49:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/06 07:39:19 | 000,000,848 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll File not found
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FVD Suite Toolbar) - {2B171655-A69C-5C18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\newadmin.txt ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1264586680562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B56DB731-4C2D-43C8-870F-66DB01BC51AA}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/20 14:11:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{01307c23-0386-11e1-a405-00242c0c2293}\Shell - "" = AutoRun
O33 - MountPoints2\{01307c23-0386-11e1-a405-00242c0c2293}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01307c23-0386-11e1-a405-00242c0c2293}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{77f16098-02ab-11df-a243-00242c0c2293}\Shell - "" = AutoRun
O33 - MountPoints2\{77f16098-02ab-11df-a243-00242c0c2293}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77f16098-02ab-11df-a243-00242c0c2293}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 17:50:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
[2012/06/09 21:57:43 | 000,219,648 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTA.exe
[2012/06/09 21:54:30 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTS.exe
[2012/06/05 14:06:44 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/06/02 07:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\chive
[2012/05/16 16:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter
[2012/05/16 16:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YTD YouTube Downloader & Converter
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/10 18:37:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/10 17:50:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
[2012/06/09 22:37:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/09 21:57:47 | 000,219,648 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTA.exe
[2012/06/09 21:54:38 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTS.exe
[2012/06/07 23:16:31 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2012/06/07 22:58:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/06/07 22:58:05 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/06/07 22:57:59 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/06/07 22:53:50 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/07 22:43:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/07 22:43:22 | 1597,976,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/03 17:17:06 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/03 11:48:48 | 000,196,571 | ---- | M] () -- C:\Documents and Settings\user\My Documents\ama7564.jpg
[2012/06/02 07:15:37 | 000,016,534 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bacon funny-hipster-captions-debunked-12.jpg
[2012/05/30 22:14:21 | 000,006,204 | -HS- | M] () -- C:\Documents and Settings\user\My Documents\Folder.jpg
[2012/05/30 22:14:21 | 000,002,018 | -HS- | M] () -- C:\Documents and Settings\user\My Documents\AlbumArtSmall.jpg
[2012/05/16 17:09:10 | 000,979,565 | ---- | M] () -- C:\Documents and Settings\user\My Documents\FUNNY COMMERCIAL WOMAN UPSKIRT AT THE COPY MACHINE VIDEO.flv
[2012/05/16 16:32:50 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YTD YouTube Downloader & Converter.lnk
[2012/05/12 14:08:09 | 069,486,556 | ---- | M] () -- C:\Documents and Settings\user\My Documents\ouhsefatazn.mov
[2012/05/12 00:51:44 | 000,507,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/12 00:51:44 | 000,088,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/11 23:32:22 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/11 19:55:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/11 19:51:54 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 11:45:50 | 000,196,571 | ---- | C] () -- C:\Documents and Settings\user\My Documents\ama7564.jpg
[2012/06/02 08:37:28 | 131,271,993 | ---- | C] () -- C:\Documents and Settings\user\My Documents\dr dre snoop dogg 2pac eminen 50cent wiz khalifa pt2.flv
[2012/06/02 08:33:24 | 108,321,949 | ---- | C] () -- C:\Documents and Settings\user\My Documents\ dr dre snoop eminem 2pac hologram 50cent wiz khalifa perform pt1.flv
[2012/06/02 07:15:33 | 000,016,534 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bacon funny-hipster-captions-debunked-12.jpg
[2012/06/01 20:55:16 | 163,415,535 | ---- | C] () -- C:\Documents and Settings\user\Desktop\csi.s12e11.Ms. Willows Regrets hdtv.flv
[2012/05/30 22:14:21 | 000,006,204 | -HS- | C] () -- C:\Documents and Settings\user\My Documents\Folder.jpg
[2012/05/30 22:14:21 | 000,002,018 | -HS- | C] () -- C:\Documents and Settings\user\My Documents\AlbumArtSmall.jpg
[2012/05/17 13:49:06 | 038,557,479 | ---- | C] () -- C:\Documents and Settings\user\My Documents\spc all skulled up pt2.flv
[2012/05/17 13:41:55 | 032,748,525 | ---- | C] () -- C:\Documents and Settings\user\My Documents\spc Bad Boys Bad Boys pt1.flv
[2012/05/16 17:09:03 | 000,979,565 | ---- | C] () -- C:\Documents and Settings\user\My Documents\FUNNY COMMERCIAL WOMAN UPSKIRT AT THE COPY MACHINE VIDEO.flv
[2012/05/16 16:32:50 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YTD YouTube Downloader & Converter.lnk
[2012/05/12 15:32:34 | 036,196,587 | ---- | C] () -- C:\Documents and Settings\user\My Documents\aznwbcmaz.mov
[2012/05/12 14:05:57 | 069,486,556 | ---- | C] () -- C:\Documents and Settings\user\My Documents\ouhsefatazn.mov
[2012/05/11 20:01:46 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/11 19:51:50 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/16 17:34:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/28 11:14:39 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/28 11:14:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/10/04 16:35:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2010/09/18 03:44:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2011/03/14 15:00:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/04/18 14:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2011/10/25 02:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirmTools
[2010/11/30 00:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/03/13 01:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2012/04/20 15:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2012/03/26 11:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/16 16:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2012/05/16 16:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter
[2011/02/16 12:04:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/06/08 00:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/18 14:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/24 17:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BHOK IT Consulting
[2012/06/04 10:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BitTorrent
[2010/07/23 19:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DMCache
[2011/10/27 12:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ElevatedDiagnostics
[2010/04/18 14:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\eSobi
[2010/03/24 19:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FDRLab
[2011/12/19 19:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FVDToolbar
[2010/02/13 13:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GrabPro
[2009/12/20 11:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo
[2010/12/19 16:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Local
[2010/01/26 18:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenCandy
[2012/06/10 13:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Orbit
[2011/10/19 09:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PriceGong
[2010/10/11 14:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Samsung
[2011/09/11 03:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Tific
[2010/04/16 23:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uniblue
[2012/03/13 21:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
[2011/10/22 22:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\vShare
[2010/02/24 21:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2010/02/25 19:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search
[2010/03/02 23:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Youtube Downloader HD
[2012/06/07 22:57:59 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/08/14 20:34:11 | 000,000,104 | ---- | M] () -- C:\WINDOWS\Tasks\Low Battery Alarm Program.job

========== Purity Check ==========



< End of report >
----------------------------------------------------------------------------------------------------------

Additional info: I have a windows xp update pending, should I do the update? I was thinking, maybe it might help my pc? Also, I can't see any of my icons on the desktop when I log into my admin acct the only way I can open any files is through the windows start button. My task bar looks & works fine though. But I still get the Task Manager error "Task Manager has been disabled by your administrator" when i Ctrl+Alt+Del. Anything you can do to help me with these problems is greatly appreciated, thanks a lot.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK let me know what problems remain after this

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
    FF - prefs.js..extensions.enabledItems: 5
    FF - prefs.js..extensions.enabledItems: 3
    FF - prefs.js..extensions.enabledItems: 1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\newadmin.txt ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP